This cmdlet is available only in Security & Compliance Center PowerShell. For more information, see Security & Compliance Center PowerShell.

Use the Set-OrganizationSegment cmdlet to modify organization segments in the Security & Compliance Center. Organization Segments are not in effect until you apply information barrier policies.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.


   [-Identity] <PolicyIdParameter>
   [-UserGroupFilter <String>]


Segments are defined by using certain attributes in Azure Active Directory.

You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center.


Example 1

Set-OrganizationSegment -Identity c96e0837-c232-4a8a-841e-ef45787d8fcd -UserGroupFilter "Department -eq 'HRDept'"

In this example, for the segment that has the GUID c96e0837-c232-4a8a-841e-ef45787d8fcd, we updated the department name to "HRDept".



The Identity parameter specifies the organization segment that you want to modify. You can use any value that uniquely identifies the segment. For example:

  • Name
  • Distinguished name (DN)
  • GUID
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Security & Compliance Center

The UserGroupFilter parameter uses OPath filter syntax to specify the members of the organization segment. The syntax is "Property -ComparisonOperator 'Value'" (for example, "MemberOf -eq 'Engineering Department'" or "ExtensionAttribute1 -eq 'DayTrader'").

  • Enclose the whole OPath filter in double quotation marks " ". If the filter contains system values (for example, $true, $false, or $null), use single quotation marks ' ' instead. Although this parameter is a string (not a system block), you can also use braces { }, but only if the filter doesn't contain variables.
  • Property is a filterable property. For more information, see Attributes for information barrier policies.
  • ComparisonOperator is an OPath comparison operator (for example -eq for equals and -like for string comparison). For more information about comparison operators, see about_Comparison_Operators.
  • Value is the property value to search for. Enclose text values and variables in single quotation marks ('Value' or '$Variable'). If a variable value contains single quotation marks, you need to identify (escape) the single quotation marks to expand the variable correctly. For example, instead of '$User', use '$($User -Replace "'","''")'. Don't enclose integers or system values (for example, 500, $true, $false, or $null).

Use the same property for all of your segments, and verify that your segments don't overlap (a user must be assigned to only one segment).

Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center