Set-AutoSensitivityLabelRule

This cmdlet is available only in Security & Compliance Center PowerShell. For more information, see Security & Compliance Center PowerShell.

Use the Set-AutoSensitivityLabelPolicy cmdlet to modify auto-labeling policy rules in your organization.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Set-AutoSensitivityLabelRule
   [-Identity] <ComplianceRuleIdParameter>
   [-AccessScope <AccessScope>]
   [-ActivationDate <System.DateTime>]
   [-Comment <String>]
   [-Confirm]
   [-ContentContainsSensitiveInformation <PswsHashtable[]>]
   [-ContentExtensionMatchesWords <MultiValuedProperty>]
   [-Disabled <Boolean>]
   [-DocumentIsPasswordProtected <Boolean>]
   [-DocumentIsUnsupported <Boolean>]
   [-ExceptIfAccessScope <AccessScope>]
   [-ExceptIfContentContainsSensitiveInformation <PswsHashtable[]>]
   [-ExceptIfContentExtensionMatchesWords <MultiValuedProperty>]
   [-ExceptIfDocumentIsPasswordProtected <Boolean>]
   [-ExceptIfDocumentIsUnsupported <Boolean>]
   [-ExceptIfFrom <RecipientIdParameter[]>]
   [-ExceptIfFromMemberOf <SmtpAddress[]>]
   [-ExceptIfProcessingLimitExceeded <Boolean>]
   [-ExceptIfRecipientDomainIs <MultiValuedProperty>]
   [-ExceptIfSenderIPRanges <MultiValuedProperty>]
   [-ExceptIfSentTo <MultiValuedProperty>]
   [-ExpiryDate <System.DateTime>]
   [-From <RecipientIdParameter[]>]
   [-FromMemberOf <SmtpAddress[]>]
   [-Priority <System.Int32>]
   [-ProcessingLimitExceeded <Boolean>]
   [-RecipientDomainIs <MultiValuedProperty>]
   [-ReportSeverityLevel <RuleSeverity>]
   [-RuleErrorAction <PolicyRuleErrorAction>]
   [-SenderIPRanges <MultiValuedProperty>]
   [-SentTo <MultiValuedProperty>]
   [-WhatIf]
   [-Workload <Workload>]
   [<CommonParameters>]

Description

You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center.

Examples

Example 1

Set-AutoSensitivityLabelRule -Identity "SocialSecurityRule1" -Comment "Example"

This example changes the rule property "Comment" with the rule name "SocialSecurityRule1" to the text "Example".

Parameters

-AccessScope

The AccessScope parameter specifies a condition for the auto-labeling policy rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope. Valid values are:

  • InOrganization: The rule is applied to content that's accessible inside the organization.
  • NotInOrganization: The rule is applied to content that's accessible outside the organization.
  • None: The condition isn't used.
Type:AccessScope
Accepted values:InOrganization, NotInOrganization, None
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ActivationDate

{{ Fill ActivationDate Description }}

Type:System.DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Comment

The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note".

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.
  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ContentContainsSensitiveInformation

The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type.

This parameter uses the basic syntax @(@{Name="SensitiveInformationType1";[minCount="Value"],@{Name="SensitiveInformationType2";[minCount="Value"],...). For example, @(@{Name="U.S. Social Security Number (SSN)"; minCount="2"},@{Name="Credit Card Number"; minCount="1"; minConfidence="85"}).

Type:PswsHashtable[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ContentExtensionMatchesWords

The ContentExtensionMatchesWords parameter specifies a condition for the auto-labeling policy rule that looks for words in file name extensions. You can specify multiple words separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Disabled

The Disabled parameter specifies whether the case hold rule is enabled or disabled. Valid values are:

  • $true: The rule is disabled.
  • $false: The rule is enabled. This is the default value.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-DocumentIsPasswordProtected

The DocumentIsPasswordProtected parameter specifies a condition for the auto-labeling policy rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. Valid values are:

  • $true: Look for password protected files.
  • $false: Don't look for password protected files.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-DocumentIsUnsupported

The DocumentIsUnsupported parameter specifies a condition for the auto-labeling policy rule that looks for files that can't be scanned. Valid values are:

  • $true: Look for unsupported files that can't be scanned.
  • $false: Don't look for unsupported files that can't be scanned.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfAccessScope

The ExceptIfAccessScopeAccessScope parameter specifies an exception for the auto-labeling policy rule that's based on the access scope of the content. The rule isn't applied to content that matches the specified access scope. Valid values are:

  • InOrganization: The rule isn't applied to content that's accessible inside the organization.
  • NotInOrganization: The rule isn't applied to content that's accessible outside the organization.
  • None: The exception isn't used.
Type:AccessScope
Accepted values:InOrganization, NotInOrganization, None
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfContentContainsSensitiveInformation

The ExceptIfContentContainsSensitiveInformation parameter specifies an exception for the auto-labeling policy rule that's based on a sensitive information type match in content. The rule isn't applied to content that contains the specified sensitive information type.

This parameter uses the basic syntax @(@{Name="SensitiveInformationType1";[minCount="Value"],@{Name="SensitiveInformationType2";[minCount="Value"],...). For example, @(@{Name="U.S. Social Security Number (SSN)"; minCount="2"},@{Name="Credit Card Number"}).

Type:PswsHashtable[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfContentExtensionMatchesWords

The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the auto-labeling policy rule that looks for words in file name extensions. You can specify multiple words separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfDocumentIsPasswordProtected

The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the auto-labeling policy rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. Valid values are:

  • $true: Look for password protected files.
  • $false: Don't look for password protected files.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfDocumentIsUnsupported

The ExceptIfDocumentIsUnsupported parameter specifies an exception for the auto-labeling policy rule that looks for files that can't be scanned. Valid values are:

  • $true: Look for unsupported files that can't be scanned.
  • $false: Don't look for unsupported files that can't be scanned.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfFrom

The ExceptIfFrom parameter specifies an exception for the auto-labeling policy rule that looks for messages from specific senders. You can use any value that uniquely identifies the sender. For example:

  • Name
  • Alias
  • Distinguished name (DN)
  • Canonical DN
  • Email address
  • GUID
Type:RecipientIdParameter[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfFromMemberOf

The ExceptIfFromMemberOf parameter specifies an exception for the auto-labeling policy rule that looks for messages sent by group members. You identify the group members by their email addresses.

You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".

Type:SmtpAddress[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfProcessingLimitExceeded

The ExceptIfProcessingLimitExceeded parameter specifies an exception for the auto-labeling policy rule rule that looks for files where scanning couldn't complete. Valid values are:

  • $true: Look for files where scanning couldn't complete.
  • $false: Don't look for files where scanning couldn't complete.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfRecipientDomainIs

The ExceptIfRecipientDomainIs parameter specifies an exception for the auto-labeling policy rule that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfSenderIPRanges

The ExceptIfSenderIpRanges parameter specifies an exception for the auto-labeling policy rule rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges. Valid values are:

  • Single IP address: For example, 192.168.1.1.
  • IP address range: For example, 192.168.0.1-192.168.0.254.
  • Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25.

You can specify multiple IP addresses or ranges separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExceptIfSentTo

The ExceptIfSentTo parameter specifies an exception for the auto-labeling policy rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient. For example:

  • Name
  • Alias
  • Distinguished name (DN)
  • Canonical DN
  • Email address
  • GUID

You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".

You can use this exception in auto-labeling policies that are scoped only to Exchange.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExpiryDate

This parameter is reserved for internal Microsoft use.

Type:System.DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-From

This parameter is reserved for internal Microsoft use.

Type:RecipientIdParameter[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-FromMemberOf

This parameter is reserved for internal Microsoft use.

Type:SmtpAddress[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Identity

The Identity parameter specifies the auto-labeling policy rule that you want to modify. You can use any value that uniquely identifies the rule. For example:

  • Name
  • Distinguished name (DN)
  • GUID
Type:ComplianceRuleIdParameter
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Priority

This parameter is reserved for internal Microsoft use.

Type:System.Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ProcessingLimitExceeded

The ProcessingLimitExceeded parameter specifies a condition for the auto-labeling policy rule that looks for files where scanning couldn't complete. You can use this condition to create rules that work together to identify and process messages where the content couldn't be fully scanned. Valid values are:

  • $true: Look for files where scanning couldn't complete.
  • $false: Don't look for files where scanning couldn't complete.
Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RecipientDomainIs

The RecipientDomainIs parameter specifies a condition for the auto-labeling policy rule that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ReportSeverityLevel

The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule. Valid values are:

  • None: You can't select this value if the rule has no actions configured.
  • Low: This is the default value.
  • Medium
  • High
Type:RuleSeverity
Accepted values:Low, Medium, High, None, Informational, Information
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RuleErrorAction

The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. Valid values are:

  • Ignore
  • RetryThenBlock
  • Blank (the value $null): This is the default value.
Type:PolicyRuleErrorAction
Accepted values:Ignore, RetryThenBlock
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-SenderIPRanges

The SenderIpRanges parameter specifies a condition for the auto-sensitivity policy rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges. Valid values are:

  • Single IP address: For example, 192.168.1.1.
  • IP address range: For example, 192.168.0.1-192.168.0.254.
  • Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25.

You can specify multiple IP addresses or ranges separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-SentTo

The SentTo parameter specifies a condition for the auto-sensitivity policy rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient. For example:

  • Name
  • Alias
  • Distinguished name (DN)
  • Canonical DN
  • Email address
  • GUID

You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: "Value1","Value2",..."ValueN".

You can use this condition in auto-sensitivity policies that are scoped only to Exchange.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-WhatIf

The WhatIf switch doesn't work in Security & Compliance Center PowerShell.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Workload

The Workload parameter specifies the workload. Valid values are:

  • Exchange
  • OneDriveForBusiness
  • SharePoint
Type:Workload
Accepted values:Exchange, SharePoint, OneDriveForBusiness
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center

Inputs

Outputs