Compliance Management
Type: Admin role
This role group will allow a specified user, responsible for compliance, to properly configure and manage compliance settings within Exchange in accordance with their policy.
RoleGroup | Role | Role Description |
---|---|---|
Compliance Management | Audit Logs | This role enables administrators to manage the cmdlet audit logging in an organization. |
Compliance Management | Compliance Admin | Lets people view and edit settings and reports for compliance features. |
Compliance Management | Data Loss Prevention | This role enables administrators to manage Data Loss Prevention (DLP) settings in the organization. |
Compliance Management | Information Rights Management | This role enables administrators to managethe Information Rights Management (IRM) features of Exchange in an organization. |
Compliance Management | Journaling | This role enables administrator to manage journaling configuration in an organization. |
Compliance Management | Message Tracking | This role enables administrators to track messages in an organization. |
Compliance Management | Retention Management | Lets people manage retention policies. |
Compliance Management | Transport Rules | This role enables administrators to manage transport rules in an organization. |
Compliance Management | View-Only Audit Logs | This role enables administrators and end users, such as legal and compliance officers, to search the administrator audit log and view the results that are returned. The audit log can be searched using the Shell or reports can be run from the Exchange Control Panel. Users and groups assigned this role can view anything contained within the audit log, including the cmdlets that were run and who ran them, the objects they were run against, and the parameters and values that were provided. Because the results returned might include sensitive information, this role should only be assigned to those with an explicit need to view the information. |
Compliance Management | View-Only Configuration | This role enables administrators to view all of the non-recipient Exchange configuration settings in an organization. Examples of configuration that are viewable are server configuration, transport configuration, database configuration, and organization-wide configuration. This role can be combined with roles associated with the ViewOnlyRecipients role type to create a role group that can view every object in an organization. |
Compliance Management | View-Only Recipients | This role enables administrators to view the configuration of recipients, such as mailboxes, mail users, mail contacts, distribution groups, and dynamic distribution groups. This role can be combined with roles associated with the ViewOnlyConfiguration role type to create a role group that can view every object in the organization. |
Cmdlet | Role | Cmdlet Description |
---|---|---|
Get-AdminAuditLogConfig | Audit Logs | When audit logging is enabled, a log entry is created for each cmdlet that's run, excluding Get cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AuditLogSearch | Audit Logs | Run the Get-AuditLogSearch cmdlet to return a list of pending audit log searches. If an audit log search has been completed, it won't be displayed in the list of audit log searches. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-BookingMailbox | Audit Logs | |
Get-Mailbox | Audit Logs | When you use the Get-Mailbox cmdlet in on-premises Exchange environments to view the quota settings for a mailbox, you first need to check the value of the UseDatabaseQuotaDefaults property. The value True means per-mailbox quota settings are ignored, and you need to use the Get-MailboxDatabase cmdlet to see the actual values. If the UseDatabaseQuotaDefaults property is False, the per-mailbox quota settings are used, so what you see with the Get-Mailbox cmdlet are the actual quota values for the mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxAuditBypassAssociation | Audit Logs | When you configure a user or computer account to bypass mailbox audit logging, access or actions taken by the user account or computer account to any mailbox isn't logged. By bypassing trusted user accounts or computer accounts that need to access mailboxes frequently, you can reduce the noise in mailbox audit logs. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceCopilot | Audit Logs | |
Get-UnifiedAuditSetting | Audit Logs | |
New-AdminAuditLogSearch | Audit Logs | After the New-AdminAuditLogSearch cmdlet is run, the report is delivered to the mailboxes you specify within 15 minutes. The log is included as an XML attachment on the report email message. The maximum size of the log that can be generated is 10 megabytes (MB). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-MailboxAuditLogSearch | Audit Logs | The New-MailboxAuditLogSearch cmdlet performs an asynchronous search of mailbox audit logs for the specified mailboxes and sends the search results by email to the specified recipients. The body of the email message contains search metadata such as search parameters and the time when the search request was submitted. The results are attached in an .xml file. To search mailbox audit logs for a single mailbox and have the results displayed in the Exchange Management Shell window, use the Search-MailboxAuditLog cmdlet instead. To learn more about mailbox audit logging, see Mailbox audit logging in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/mailbox-audit-logging/mailbox-audit-logging). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-AuditStubFolder | Audit Logs | |
Search-AdminAuditLog | Audit Logs | If you run the Search-AdminAuditLog cmdlet without any parameters, up to 1,000 log entries are returned by default. Note : In Exchange Online PowerShell, if you don't use the StartDate or EndDate parameters, only results from the last 14 days are returned. For more information about the structure and properties of the audit log, Administrator audit log structure (https://docs.microsoft.com/Exchange/policy-and-compliance/admin-audit-logging/log-structure). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Search-MailboxAuditLog | Audit Logs | The Search-MailboxAuditLog cmdlet performs a synchronous search of mailbox audit logs for one or more specified mailboxes and displays search results in the Exchange Management Shell window. To search mailbox audit logs for multiple mailboxes and have the results sent by email to specified recipients, use the New-MailboxAuditLogSearch cmdlet instead. To learn more about mailbox audit logging, see Mailbox audit logging in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/mailbox-audit-logging/mailbox-audit-logging). This cmdlet is available in Office 365 operated by 21Vianet, but it won't return any results. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Search-UnifiedAuditLog | Audit Logs | The Search-UnifiedAuditLog cmdlet presents pages of data based on repeated iterations of the same command. Use SessionId and SessionCommand to repeatedly run the cmdlet until you get zero returns, or hit the maximum number of results based on the session command. To gauge progress, look at the ResultIndex (hits in the current iteration) and ResultCount (hits for all iterations) properties of the data returned by the cmdlet. The Search-UnifiedAuditLog cmdlet is available in Exchange Online PowerShell. You can also view events from the unified auditing log by using the Security & Compliance Center. For more information, see Audited activities (https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance#audited-activities). If you want to programmatically download data from the Microsoft 365 audit log, we recommend that you use the Microsoft 365 Management Activity API instead of using the Search-UnifiedAuditLog cmdlet in a PowerShell script. The Microsoft 365 Management Activity API is a REST web service that you can use to develop operations, security, and compliance monitoring solutions for your organization. For more information, see Management Activity API reference (https://docs.microsoft.com/office/office-365-management-api/office-365-management-activity-api-reference). This cmdlet is available in Office 365 operated by 21Vianet, but it won't return any results. The OutVariable parameter accepts objects of type ArrayList. Here's an example of how to use it: `$start = (Get-Date).AddDays(-1); $end = (Get-Date).AddDays(-0.5); $auditData = New-Object System.Collections.ArrayList; Search-UnifiedAuditLog -StartDate $start -EndDate $end -OutVariable +auditData |
Set-AdminAuditLogConfig | Audit Logs | When audit logging is enabled, a log entry is created for each cmdlet run, excluding Get cmdlets. Log entries are stored in a hidden mailbox and accessed using the Search-AdminAuditLog or New-AdminAuditLogSearch cmdlets. The Set-AdminAuditLogConfig, Enable-CmdletExtensionAgent, and Disable-CmdletExtensionAgent cmdlets are logged when they're run regardless of whether administrator audit logging is enabled or disabled. Administrator audit logging relies on Active Directory replication to replicate the configuration settings you specify to the domain controllers in your organization. Depending on your replication settings, the changes you make may not be immediately applied to all Exchange servers in your organization. Changes to the audit log configuration may take up to 60 minutes to be applied on computers that have the Exchange Management Shell open at the time a configuration change is made. If you want to apply the changes immediately, close and reopen the Exchange Management Shell on each computer. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-Mailbox | Audit Logs | You can use this cmdlet for one mailbox at a time. To perform bulk management, you can pipeline the output of various Get- cmdlets (for example, the Get-Mailbox or Get-User cmdlets) and configure several mailboxes in a single-line command. You can also use the Set-Mailbox cmdlet in scripts. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-MailboxAuditBypassAssociation | Audit Logs | When you configure a user or computer account to bypass mailbox audit logging, access or actions taken by the user or computer account to any mailbox isn't logged. By bypassing trusted user or computer accounts that need to access mailboxes frequently, you can reduce the noise in mailbox audit logs. If you use mailbox audit logging to audit mailbox access and actions, you must monitor mailbox audit bypass associations at regular intervals. If a mailbox audit bypass association is added for an account, the account can access any mailbox in the organization to which it has been assigned access permissions, without any mailbox audit logging entries being generated for such access, or any actions taken such as message deletions. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-Organization | Audit Logs | |
Set-UnifiedAuditSetting | Audit Logs | |
Start-AuditAssistant | Audit Logs | |
Test-DatabaseEvent | Audit Logs | |
Test-MailboxAssistant | Audit Logs | |
Write-AdminAuditLog | Audit Logs | When the Write-AdminAuditLog cmdlet runs, the value provided in the Comment parameter is included in the log entry. For the Write-AdminAuditLog cmdlet to write to the audit log, it must be included in the list of cmdlets being logged by administrator audit logging. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ATPTotalTrafficReport | Compliance Admin | For the reporting period and organization you specify, the cmdlet returns the following information: - EventType - Organization - Date - MessageCount - StartDate - EndDate - AggregateBy - Index By default, the command returns data for the last 14 days. Data for the last 90 days is available. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-BookingMailbox | Compliance Admin | |
Get-CompliancePolicyFileSyncNotification | Compliance Admin | |
Get-CustomDlpEmailTemplates | Compliance Admin | |
Get-CustomizedUserSubmission | Compliance Admin | |
Get-DataClassificationConfig | Compliance Admin | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DataRetentionReport | Compliance Admin | The following properties are returned by this cmdlet: - Organization - Date - Action - DataSource - MessageCount You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DlpDetailReport | Compliance Admin | The Get-DlpDetailReport cmdlet returns detailed information about specific DLP rule matches for the last 7 days. Although the cmdlet accepts date ranges older than 7 days, only information about the last 7 days are returned. The properties returned include: - Date - Title - Location - Severity - Size - Source - Actor - DLPPolicy - UserAction - Justification - SensitiveInformationType - SensitiveInformationCount - SensitiveInformationConfidence - EventType - Action - ObjectId - Recipients - AttachmentNames To see DLP detection data that's aggregated per day, use the Get-DlpDetectionsReport (https://docs.microsoft.com/powershell/module/exchange/get-dlpdetectionsreport)cmdlet. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DlpDetectionsReport | Compliance Admin | The Get-DlpDetectionsReport cmdlet returns general DLP detection data that's aggregated per day. The properties returned include: - Date - DLP Policy - DLP Compliance Rule - Event Type - Source - Message Count To see all of these columns (width issues), write the output to a file. For example, `Get-DlpDetectionsReport |
Get-DlpIncidentDetailReport | Compliance Admin | |
Get-DlpKeywordDictionary | Compliance Admin | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DlpSensitiveInformationTypeConfig | Compliance Admin | |
Get-DlpSensitiveInformationTypeRulePackage | Compliance Admin | Sensitive information type rule packages are used by DLP to detect sensitive content. The default sensitive information type rule package is named Microsoft Rule Package. You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-EvaluationModeReport | Compliance Admin | |
Get-EvaluationModeReportSeries | Compliance Admin | |
Get-HistoricalSearch | Compliance Admin | A historical search provides message trace and report details in a comma-separated value (CSV) file for messages that are less than 90 days old. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-InformationBarrierReportDetails | Compliance Admin | |
Get-InformationBarrierReportSummary | Compliance Admin | |
Get-JitConfiguration | Compliance Admin | |
Get-JournalRule | Compliance Admin | The Get-JournalRule cmdlet displays journal rules configured in your organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-M365DataAtRestEncryptionPolicy | Compliance Admin | M365 data-at-rest encryption policy cmdlets are accessible to compliance administrator role as part of the Exchange Online infrastructure. For more information, see Overview of M365 Customer Key at the tenant level (https://docs.microsoft.com/microsoft-365/compliance/customer-key-tenant-level#get-policy-details). You can create and assign a Microsoft 365 data-at-rest encryption policy at the tenant level by using the appropriate M365DataAtRestEncryptionPolicy cmdlets in Exchange Online PowerShell. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-M365DataAtRestEncryptionPolicyAssignment | Compliance Admin | This cmdlet lists the Microsoft 365 data-at-rest encryption policy that's currently assigned to the tenant. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Mailbox | Compliance Admin | When you use the Get-Mailbox cmdlet in on-premises Exchange environments to view the quota settings for a mailbox, you first need to check the value of the UseDatabaseQuotaDefaults property. The value True means per-mailbox quota settings are ignored, and you need to use the Get-MailboxDatabase cmdlet to see the actual values. If the UseDatabaseQuotaDefaults property is False, the per-mailbox quota settings are used, so what you see with the Get-Mailbox cmdlet are the actual quota values for the mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailDetailEncryptionReport | Compliance Admin | |
Get-MailDetailEvaluationModeReport | Compliance Admin | |
Get-MailFlowStatusReport | Compliance Admin | This cmdlet returns the following information: - Date - Direction - Event Type - Count You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailTrafficATPReport | Compliance Admin | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For the reporting period you specify, the cmdlet returns the following information: - Domain - Date - Event Type - Direction - Action - SubType - Policy Source - Verdict Source - Delivery Status - Message Count To see all of these columns (width issues), write the output to a file. For example, `Get-MailTrafficATPReport |
Get-MailTrafficEncryptionReport | Compliance Admin | |
Get-MailTrafficPolicyReport | Compliance Admin | For the reporting period you specify, the cmdlet returns the following information: - Domain - Date - DLP Policy - Transport Rule - Event Type - Direction - Message Count You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailTrafficSummaryReport | Compliance Admin | This cmdlet has C1, C2 and C3 as header names and the meaning of them depends on the category you choose. Next you can see an explanation about each category: - InboundTransportRuleHits and OutboundTransportRuleHits: C1 is the transport rule name, C2 the audit level and C3 the hits. - TopSpamRecipient, TopMailSender, TopMailRecipient and TopMalwareRecipient: C1 is the recipient or sender and C2 the quantity of email messages. - TopMalware: C1 is the malware name and C2 the quantity of appearances. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTrace | Compliance Admin | You can use this cmdlet to search message data for the last 10 days. If you run this cmdlet without any parameters, only data from the last 48 hours is returned. If you enter a start date that is older than 10 days, you will receive an error and the command will return no results. To search for message data that is greater than 10 days old, use the Start-HistoricalSearch and Get-HistoricalSearch cmdlets. This cmdlet returns a maximum of 1000000 results, and will timeout on very large queries. If your query returns too many results, consider splitting it up using smaller StartDate and EndDate intervals. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceCopilot | Compliance Admin | |
Get-MessageTraceDetail | Compliance Admin | You can use this cmdlet to search message data for the last 10 days. If you enter a time period that's older than 10 days, you will receive an error and the command will return no results. To search for message data that is greater than 10 days old, use the Start-HistoricalSearch and Get-HistoricalSearch cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceDetailV2 | Compliance Admin | |
Get-MessageTraceV2 | Compliance Admin | |
Get-OMEConfiguration | Compliance Admin | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OMEMessageStatus | Compliance Admin | If encryption for the message was successfully revoked, the command will return the message: The encrypted email with the subject "<subject>" and Message ID "<messageId>" was successfully revoked . You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PolicyConfig | Compliance Admin | |
Get-Recipient | Compliance Admin | The Get-Recipient cmdlet may not return all object-specific properties for a recipient. To view the object-specific properties for a recipient, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox, Get-MailUser, or Get-DistributionGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ReportExecutionInstance | Compliance Admin | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ReportSchedule | Compliance Admin | |
Get-ReportScheduleList | Compliance Admin | |
Get-RetentionPolicy | Compliance Admin | A retention policy is associated with a group of retention policy tags that specify retention settings for items in a mailbox. A policy may contain one default policy tag to move items to an archive mailbox, one default policy tag to delete all items, one default policy tag to delete voicemail items and multiple personal tags to move or delete items. A mailbox can have only one retention policy applied to it. The Get-RetentionPolicy cmdlet displays all policy settings associated with the specified policy. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RetentionPolicyTag | Compliance Admin | Retention tags are used to apply message retention settings to messages or folders. There are three types of retention tags: - Retention policy tags - Default policy tags - Personal tags Retention policy tags are applied to default folders such as Inbox and Deleted Items. Personal tags are available to users to tag items and folders. The default policy tag is applied to all items that don't have a tag applied by the user or aren't inherited from the folder they're located in. The Get-RetentionPolicyTag cmdlet displays all the settings for the specified tag. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RMSTemplate | Compliance Admin | The Get-RMSTemplate cmdlet doesn't return any active rights policy templates if internal licensing isn't enabled. Use the Get-IRMConfiguration cmdlet to check the InternalLicensingEnabled parameter. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ScopeEntities | Compliance Admin | |
Get-SensitivityLabelActivityDetailsReport | Compliance Admin | |
Get-SensitivityLabelActivityReport | Compliance Admin | |
Get-SpoofMailReport | Compliance Admin | The spoof mail report is a feature in Defender for Office 36 that you can use to query information about insider spoofing detections in the last 30 days. For the reporting period you specify, the Get-SpoofMailReport cmdlet returns the following information: - Date: Date the message was sent. - Event Type: Typically, this value is SpoofMail. - Direction: This value is Inbound. - Domain: The sender domain. This corresponds to one of your organization's accepted domains. - Action: Typically, this value is GoodMail or CaughtAsSpam. - Spoofed Sender: The spoofed email address or domain in your organization from which the messages appear to be coming. - True Sender: The organizational domain of the PTR record, or pointer record, of the sending IP address, also known as the reverse DNS address. If the sending IP address does not have a PTR record, this field will be blank and the Sender IP column will be filled in. Both columns will not be filled in at the same time. - Sender IP: The IP address or address range of the source messaging server. If the sending IP address does have a PTR record, this field will be blank and the True Sender column will be filled in. Both columns will not be filled in at the same time. - Count: The number of spoofed messages that were sent to your organization from the source messaging server during the specified time period. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SupervisoryReviewActivity | Compliance Admin | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SupervisoryReviewPolicyReport | Compliance Admin | For the reporting period you specify, the Get-SupervisoryReviewPolicyReport cmdlet returns the following information: - Organization - Date - Policy - Message Type - Tag Type: Messages that are eligible for evaluation by the policy are InPurview . Messages that match the conditions of the policy are HitPolicy . Classifications that are manually assigned to messages by the designated reviewers using the Supervision add-in for Outlook web app are Compliant , Non-compliant , Questionable , and Resolved . Messages that match the conditions of a policy but haven't been reviewed by a designated reviewer are Not-Reviewed . Messages that match the conditions of a policy and have been reviewed by a designated reviewer are New-Reviewed . - Item Count You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-SupervisoryReviewPolicyV2 | Compliance Admin | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-SupervisoryReviewReport | Compliance Admin | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-SupervisoryReviewRule | Compliance Admin | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
New-M365DataAtRestEncryptionPolicy | Compliance Admin | Use the New-M365DataAtRestEncryptionPolicy cmdlet to create a new Microsoft 365 data-at-rest encryption policy. For more information, see Overview of M365 Customer Key at the tenant level (https://docs.microsoft.com/microsoft-365/compliance/customer-key-tenant-level#get-policy-details). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-ReportSchedule | Compliance Admin | |
Set-M365DataAtRestEncryptionPolicy | Compliance Admin | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-M365DataAtRestEncryptionPolicyAssignment | Compliance Admin | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-OrganizationConfig | Compliance Admin | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-ReportSchedule | Compliance Admin | |
Set-User | Compliance Admin | The Set-User cmdlet contains no mail-related properties for mailboxes or mail users. To modify the mail-related properties for a user, you need to use the corresponding cmdlet based on the object type (for example, Set-Mailbox or Set-MailUser). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Test-DatabaseEvent | Compliance Admin | |
Test-M365DataAtRestEncryptionPolicy | Compliance Admin | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Test-MailboxAssistant | Compliance Admin | |
Test-TextExtraction | Compliance Admin | This cmdlet returns the text that is found in a file in Exchange. The Microsoft classification engine uses this text to classify content and determine which sensitive information types are found in this file/message. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Disable-TransportRule | Data Loss Prevention | To enable rules that are disabled, use the Enable-TransportRule cmdlet. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Enable-TransportRule | Data Loss Prevention | To disable rules that are enabled, use the Disable-TransportRule cmdlet. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Export-DlpPolicyCollection | Data Loss Prevention | The Export-DlpPolicyCollection cmdlet exports the settings of the DLP policies and the associated transport rules. You use the Import-DlpPolicyCollection to import the DLP policy collection into your organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Export-TransportRuleCollection | Data Loss Prevention | The Export-TransportRuleCollection cmdlet can be used to export the transport rule collection in your organization. The format of the exported transport rule collection changed in Exchange Server 2013. The new format can't be imported into Exchange Server 2010. Exporting the rules collection is a two-step process. You first export the rules collection to a variable, and then use the Set-Content cmdlet to write the data to an XML file. For more information, see Set-Content (https://docs.microsoft.com/powershell/module/microsoft.powershell.management/set-content). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AggregateZapReport | Data Loss Prevention | |
Get-ATPTotalTrafficReport | Data Loss Prevention | For the reporting period and organization you specify, the cmdlet returns the following information: - EventType - Organization - Date - MessageCount - StartDate - EndDate - AggregateBy - Index By default, the command returns data for the last 14 days. Data for the last 90 days is available. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ClassificationRuleCollection | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-CompliancePolicyFileSyncNotification | Data Loss Prevention | |
Get-CompliancePolicySyncNotification | Data Loss Prevention | |
Get-CompromisedUserAggregateReport | Data Loss Prevention | This cmdlet returns the following information: - Date - UserCount - Action You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-CompromisedUserDetailReport | Data Loss Prevention | This cmdlet returns the following information: - Date - UserCount - Action You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ContentMalwareMdoAggregateReport | Data Loss Prevention | |
Get-ContentMalwareMdoDetailReport | Data Loss Prevention | |
Get-CustomDlpEmailTemplates | Data Loss Prevention | |
Get-DataClassification | Data Loss Prevention | |
Get-DataClassificationConfig | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DetailZapReport | Data Loss Prevention | |
Get-DlpDetailReport | Data Loss Prevention | The Get-DlpDetailReport cmdlet returns detailed information about specific DLP rule matches for the last 7 days. Although the cmdlet accepts date ranges older than 7 days, only information about the last 7 days are returned. The properties returned include: - Date - Title - Location - Severity - Size - Source - Actor - DLPPolicy - UserAction - Justification - SensitiveInformationType - SensitiveInformationCount - SensitiveInformationConfidence - EventType - Action - ObjectId - Recipients - AttachmentNames To see DLP detection data that's aggregated per day, use the Get-DlpDetectionsReport (https://docs.microsoft.com/powershell/module/exchange/get-dlpdetectionsreport)cmdlet. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DlpDetectionsReport | Data Loss Prevention | The Get-DlpDetectionsReport cmdlet returns general DLP detection data that's aggregated per day. The properties returned include: - Date - DLP Policy - DLP Compliance Rule - Event Type - Source - Message Count To see all of these columns (width issues), write the output to a file. For example, `Get-DlpDetectionsReport |
Get-DlpIncidentDetailReport | Data Loss Prevention | |
Get-DlpKeywordDictionary | Data Loss Prevention | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DlpPolicy | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DlpPolicyTemplate | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DlpSensitiveInformationTypeConfig | Data Loss Prevention | |
Get-DlpSensitiveInformationTypeRulePackage | Data Loss Prevention | Sensitive information type rule packages are used by DLP to detect sensitive content. The default sensitive information type rule package is named Microsoft Rule Package. You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DlpSiDetectionsReport | Data Loss Prevention | For the reporting period you specify, the cmdlet returns the following information: - Organization - Date - SensitiveType: The GUID value of the DLP sensitive information type. To match the GUID value to the name of the sensitive information type, replace <GUID> with the GUID value and run this command: Get-DlpSensitiveInformationType -Identity <GUID> . - DocumentCount: The number of documents that contain the detected sensitive information type. - ProtectionStatus: Values are Unprotected (the sensitive information type is not defined in any DLP policy) or Protected (the sensitive information type is defined in a DLP policy). - DlpComplianceRuleIds: The GUID value of the DLP compliance rule that detected the sensitive information type (for ProtectionStatus values of Protected). To match the GUID value to the name of the DLP compliance rule, replace <GUID> with the GUID value and run this command: Get-DlpComplianceRule -Identity <GUID> . You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-EtrLimits | Data Loss Prevention | |
Get-EvaluationModeReport | Data Loss Prevention | |
Get-EvaluationModeReportSeries | Data Loss Prevention | |
Get-HistoricalSearch | Data Loss Prevention | A historical search provides message trace and report details in a comma-separated value (CSV) file for messages that are less than 90 days old. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-InformationBarrierReportDetails | Data Loss Prevention | |
Get-InformationBarrierReportSummary | Data Loss Prevention | |
Get-JitConfiguration | Data Loss Prevention | |
Get-MailDetailATPReport | Data Loss Prevention | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For the reporting period you specify, the cmdlet returns the following information: - Date - Message ID - Message Trace ID - Domain - Subject - Message Size - Direction - Sender Address - Recipient Address - Event Type - Action - File Name - Malware Name This cmdlet is limited to 10,000 results. If you reach this limit, you can use the available parameters to filter the output. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailDetailDlpPolicyReport | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailDetailEncryptionReport | Data Loss Prevention | |
Get-MailDetailEvaluationModeReport | Data Loss Prevention | |
Get-MailDetailTransportRuleReport | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailFilterListReport | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailFlowStatusReport | Data Loss Prevention | This cmdlet returns the following information: - Date - Direction - Event Type - Count You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailTrafficATPReport | Data Loss Prevention | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For the reporting period you specify, the cmdlet returns the following information: - Domain - Date - Event Type - Direction - Action - SubType - Policy Source - Verdict Source - Delivery Status - Message Count To see all of these columns (width issues), write the output to a file. For example, `Get-MailTrafficATPReport |
Get-MailTrafficEncryptionReport | Data Loss Prevention | |
Get-MailTrafficPolicyReport | Data Loss Prevention | For the reporting period you specify, the cmdlet returns the following information: - Domain - Date - DLP Policy - Transport Rule - Event Type - Direction - Message Count You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailTrafficSummaryReport | Data Loss Prevention | This cmdlet has C1, C2 and C3 as header names and the meaning of them depends on the category you choose. Next you can see an explanation about each category: - InboundTransportRuleHits and OutboundTransportRuleHits: C1 is the transport rule name, C2 the audit level and C3 the hits. - TopSpamRecipient, TopMailSender, TopMailRecipient and TopMalwareRecipient: C1 is the recipient or sender and C2 the quantity of email messages. - TopMalware: C1 is the malware name and C2 the quantity of appearances. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageClassification | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTrace | Data Loss Prevention | You can use this cmdlet to search message data for the last 10 days. If you run this cmdlet without any parameters, only data from the last 48 hours is returned. If you enter a start date that is older than 10 days, you will receive an error and the command will return no results. To search for message data that is greater than 10 days old, use the Start-HistoricalSearch and Get-HistoricalSearch cmdlets. This cmdlet returns a maximum of 1000000 results, and will timeout on very large queries. If your query returns too many results, consider splitting it up using smaller StartDate and EndDate intervals. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceDetail | Data Loss Prevention | You can use this cmdlet to search message data for the last 10 days. If you enter a time period that's older than 10 days, you will receive an error and the command will return no results. To search for message data that is greater than 10 days old, use the Start-HistoricalSearch and Get-HistoricalSearch cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceDetailV2 | Data Loss Prevention | |
Get-MessageTraceV2 | Data Loss Prevention | |
Get-OMEConfiguration | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OMEMessageStatus | Data Loss Prevention | If encryption for the message was successfully revoked, the command will return the message: The encrypted email with the subject "<subject>" and Message ID "<messageId>" was successfully revoked . You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PolicyConfig | Data Loss Prevention | |
Get-PolicyTipConfig | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Recipient | Data Loss Prevention | The Get-Recipient cmdlet may not return all object-specific properties for a recipient. To view the object-specific properties for a recipient, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox, Get-MailUser, or Get-DistributionGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ReportExecutionInstance | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ReportSchedule | Data Loss Prevention | |
Get-ReportScheduleList | Data Loss Prevention | |
Get-RetentionEvent | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RMSTemplate | Data Loss Prevention | The Get-RMSTemplate cmdlet doesn't return any active rights policy templates if internal licensing isn't enabled. Use the Get-IRMConfiguration cmdlet to check the InternalLicensingEnabled parameter. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SafeLinksAggregateReport | Data Loss Prevention | Note : If you run Get-SafeLinksAggregateReport without specifying a date range, the command will return an unspecified error. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. For the reporting period you specify, the cmdlet returns the following information: - Action (Allowed, Blocked, ClickedEventBlocked, and ClickedDuringScan) - App - MessageCount - RecipientCount You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SafeLinksDetailReport | Data Loss Prevention | Note : If you run Get-SafeLinksDetailReport without specifying a date range, the command will return an unspecified error. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. This cmdlet returns the following information: - ClickTime - InternalMessageId - ClientMessageId - SenderAddress - RecipientAddress - Url - UrlDomain - Action - AppName - SourceId - Organization - DetectedBy (Safe Links in Microsoft Defender for Office 365) - UrlType (currently empty) - Flags (0: Allowed 1: Blocked 2: ClickedEvenBlocked 3: ClickedDuringScan) You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SCInsights | Data Loss Prevention | This cmdlet returns the following output: - Organization: The Microsoft 365 domain. - Date: The date of the even in Coordinated Universal Time (UTC). - InsightType - InsightSubType: The value All or Archive. - UsersCount: An integer count, or the size in megabytes for the InsightType value. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ScopeEntities | Data Loss Prevention | |
Get-SensitivityLabelActivityDetailsReport | Data Loss Prevention | |
Get-SensitivityLabelActivityReport | Data Loss Prevention | |
Get-SpoofMailReport | Data Loss Prevention | The spoof mail report is a feature in Defender for Office 36 that you can use to query information about insider spoofing detections in the last 30 days. For the reporting period you specify, the Get-SpoofMailReport cmdlet returns the following information: - Date: Date the message was sent. - Event Type: Typically, this value is SpoofMail. - Direction: This value is Inbound. - Domain: The sender domain. This corresponds to one of your organization's accepted domains. - Action: Typically, this value is GoodMail or CaughtAsSpam. - Spoofed Sender: The spoofed email address or domain in your organization from which the messages appear to be coming. - True Sender: The organizational domain of the PTR record, or pointer record, of the sending IP address, also known as the reverse DNS address. If the sending IP address does not have a PTR record, this field will be blank and the Sender IP column will be filled in. Both columns will not be filled in at the same time. - Sender IP: The IP address or address range of the source messaging server. If the sending IP address does have a PTR record, this field will be blank and the True Sender column will be filled in. Both columns will not be filled in at the same time. - Count: The number of spoofed messages that were sent to your organization from the source messaging server during the specified time period. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-TenantExemptionInfo | Data Loss Prevention | |
Get-TenantExemptionQuota | Data Loss Prevention | |
Get-TenantExemptionQuotaEligibility | Data Loss Prevention | |
Get-TenantRecipientLimitInfo | Data Loss Prevention | |
Get-TransportRule | Data Loss Prevention | On Mailbox servers, this cmdlet returns all rules in the Exchange organization that are stored in Active Directory. On an Edge Transport server, this cmdlet only returns rules that are configured on the local server. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-TransportRuleAction | Data Loss Prevention | In on-premises Exchange, the actions that are available on Mailboxes servers and Edge Transports server are different. Also, the names of some of the actions that are returned by this cmdlet are different than the corresponding parameter names in the New-TransportRule and Set-TransportRule cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-TransportRulePredicate | Data Loss Prevention | Collectively, the conditions and exceptions in rules are known as predicates, because for every condition, there's a corresponding exception that uses the exact same settings and syntax. The only difference is conditions specify messages to include, while exceptions specify messages to exclude. That's why the output of this cmdlet doesn't list exceptions separately. Also, the names of some of the predicates that are returned by this cmdlet are different than the corresponding parameter names in the New-TransportRule and Set-TransportRule cmdlets. In on-premises Exchange, the predicates that are available on Mailboxes servers and Edge Transports server are different. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Import-DlpPolicyCollection | Data Loss Prevention | The Import-DlpPolicyCollection cmdlet imports all the settings of the DLP policies and the associated transport rules. You use the Export-DlpPolicyCollection cmdlet to export the DLP policy collection. Importing a DLP policy collection from an XML file removes or overwrites all pre-existing DLP policies that were defined in your organization. Make sure that you have a backup of your current DLP policy collection before you import and overwrite your current DLP policies. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Import-TransportRuleCollection | Data Loss Prevention | Importing a transport rule collection from an XML file removes or overwrites all pre-existing transport rules that were defined in your organization. Make sure that you have a backup of your current transport rule collection before you import and overwrite your current transport rules. Importing file data is a two-step process. First you must load the data to a variable using the Get-Content cmdlet, and then use that variable to transmit the data to the cmdlet. For information about how to export a transport rule collection to an XML file, see Export-TransportRuleCollection (https://docs.microsoft.com/powershell/module/exchange/export-transportrulecollection). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-ClassificationRuleCollection | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-CompliancePolicySyncNotification | Data Loss Prevention | |
New-DataClassification | Data Loss Prevention | |
New-DlpPolicy | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-Fingerprint | Data Loss Prevention | |
New-OMEConfiguration | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-PolicyTipConfig | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-ProtectionServicePolicy | Data Loss Prevention | |
New-ReportSchedule | Data Loss Prevention | |
New-TenantExemptionInfo | Data Loss Prevention | |
New-TenantExemptionQuota | Data Loss Prevention | |
New-TransportRule | Data Loss Prevention | In on-premises Exchange organizations, rules created on Mailbox servers are stored in Active Directory. All Mailbox servers in the organization have access to the same set of rules. On Edge Transport servers, rules are saved in the local copy of Active Directory Lightweight Directory Services (AD LDS). Rules aren't shared or replicated between Edge Transport servers or between Mailbox servers and Edge Transport servers. Also, some conditions and actions are exclusive to each server role. The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-ClassificationRuleCollection | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-CompliancePolicyFileSyncNotification | Data Loss Prevention | |
Remove-CompliancePolicySyncNotification | Data Loss Prevention | |
Remove-DataClassification | Data Loss Prevention | |
Remove-DlpPolicy | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-OMEConfiguration | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-PolicyTipConfig | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-ReportSchedule | Data Loss Prevention | |
Remove-TransportRule | Data Loss Prevention | On Mailbox servers, this cmdlet removes the rule from Active Directory. On an Edge Transport server, the cmdlet removes the rule from the local Active Directory Lightweight Directory Services (AD LDS) instance. To temporarily disable a transport rule without removing it, use the Disable-TransportRule cmdlet instead. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-ClassificationRuleCollection | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-DataClassification | Data Loss Prevention | |
Set-DlpPolicy | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-OMEConfiguration | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-OMEMessageRevocation | Data Loss Prevention | When an email has been revoked, the recipient will get the following error when they try to view the encrypted message in the Office 365 Message Encryption portal: "The message has been revoked by the sender". You can revoke encrypted messages if the recipient received a link-based, branded encrypted email message. If the recipient received a native inline experience in a supported Outlook client, then you can't revoke encryption for the message. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-PolicyTipConfig | Data Loss Prevention | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-ProtectionServicePolicy | Data Loss Prevention | |
Set-ReportSchedule | Data Loss Prevention | |
Set-TransportRule | Data Loss Prevention | In on-premises Exchange organizations, rules created on Mailbox servers are stored in Active Directory. All Mailbox servers in the organization have access to the same set of rules. On Edge Transport servers, rules are saved in the local copy of Active Directory Lightweight Directory Services (AD LDS). Rules aren't shared or replicated between Edge Transport servers or between Mailbox servers and Edge Transport servers. Also, some conditions and actions are exclusive to each server role. The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Start-HistoricalSearch | Data Loss Prevention | A historical search provides message trace and report details in a comma-separated value (CSV) file for messages that are aged between 1-4 hours (depending on your environment) and 90 days old. There is a limit of 250 historical searches that you can submit in a 24 hour period; you'll be warned if you're nearing the daily quota. Cancelled searches count against the daily quota. Also, in each CSV file there is a limit of 50000 results or lines. If you specify a distribution group, all messages might not be returned in the results. To ensure that all messages are returned, specify the individual recipient. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Stop-HistoricalSearch | Data Loss Prevention | A historical search provides message trace and report details in a comma-separated value (CSV) file for messages that are less than 90 days old. After you start a historical search by using the Start-HistoricalSearch cmdlet, the search is queued, but not actually running. While the search is queued and has the status value of NotStarted, you can use the Stop-HistoricalSearch cmdlet to stop it. After the search is actively running, and has a status value of InProgress, you can't stop it. When you stop a historical search, it's given a status value of Cancelled. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Test-DataClassification | Data Loss Prevention | This cmdlet lets you know the classification results that are returned by the Microsoft classification engine in specific text. The classification results include the sensitive type, its count, and confidence. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Test-DlpPolicies | Data Loss Prevention | |
Test-Message | Data Loss Prevention | |
Test-TextExtraction | Data Loss Prevention | This cmdlet returns the text that is found in a file in Exchange. The Microsoft classification engine uses this text to classify content and determine which sensitive information types are found in this file/message. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Write-AdminAuditLog | Data Loss Prevention | When the Write-AdminAuditLog cmdlet runs, the value provided in the Comment parameter is included in the log entry. For the Write-AdminAuditLog cmdlet to write to the audit log, it must be included in the list of cmdlets being logged by administrator audit logging. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Disable-OutlookProtectionRule | Information Rights Management | Outlook protection rules are administrator-created rules applied before a user sends a message using Outlook. Outlook protection rules are used to automatically Information Rights Management (IRM)-protect email messages using a Rights Management Services (RMS) template before the message is sent. However, Outlook protection rules don't inspect message content. To rights-protect messages based on message content, use transport protection rules. For more information, see Outlook protection rules (https://docs.microsoft.com/exchange/outlook-protection-rules-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Enable-OutlookProtectionRule | Information Rights Management | Outlook protection rules are used to automatically Information Rights Management (IRM)-protect messages using a Rights Management Services (RMS) template before the message is sent. However, Outlook protection rules don't inspect message content. To rights-protect messages based on message content, use transport protection rules. For more information, see Outlook protection rules (https://docs.microsoft.com/exchange/outlook-protection-rules-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-BookingMailbox | Information Rights Management | |
Get-IRMConfiguration | Information Rights Management | The Get-IRMConfiguration cmdlet provides details about the current IRM configuration, including whether individual IRM features are enabled or disabled and provides the URLs used for ServiceLocation, PublishingLocation and LicensingLocation. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Mailbox | Information Rights Management | When you use the Get-Mailbox cmdlet in on-premises Exchange environments to view the quota settings for a mailbox, you first need to check the value of the UseDatabaseQuotaDefaults property. The value True means per-mailbox quota settings are ignored, and you need to use the Get-MailboxDatabase cmdlet to see the actual values. If the UseDatabaseQuotaDefaults property is False, the per-mailbox quota settings are used, so what you see with the Get-Mailbox cmdlet are the actual quota values for the mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceCopilot | Information Rights Management | |
Get-OMEConfiguration | Information Rights Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OMEMessageStatus | Information Rights Management | If encryption for the message was successfully revoked, the command will return the message: The encrypted email with the subject "<subject>" and Message ID "<messageId>" was successfully revoked . You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OutlookProtectionRule | Information Rights Management | Outlook protection rules are used to automatically Information Rights Management (IRM)-protect email messages using a Rights Management Services (RMS) template before the message is sent. However, Outlook protection rules don't inspect message content. To IRM-protect messages based on message content, use transport protection rules. For more information, see Outlook protection rules (https://docs.microsoft.com/exchange/outlook-protection-rules-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RMSTemplate | Information Rights Management | The Get-RMSTemplate cmdlet doesn't return any active rights policy templates if internal licensing isn't enabled. Use the Get-IRMConfiguration cmdlet to check the InternalLicensingEnabled parameter. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-UnifiedAuditSetting | Information Rights Management | |
New-OMEConfiguration | Information Rights Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-OutlookProtectionRule | Information Rights Management | Outlook protection rules are administrator-created rules applied before a user sends a message using Outlook. Outlook inspects message content and protects messages by applying Active Directory Rights Management Services (AD RMS) rights templates. For more information, see Outlook protection rules (https://docs.microsoft.com/exchange/outlook-protection-rules-exchange-2013-help). Outlook protection rules created without a condition apply to all messages. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-TransportRule | Information Rights Management | In on-premises Exchange organizations, rules created on Mailbox servers are stored in Active Directory. All Mailbox servers in the organization have access to the same set of rules. On Edge Transport servers, rules are saved in the local copy of Active Directory Lightweight Directory Services (AD LDS). Rules aren't shared or replicated between Edge Transport servers or between Mailbox servers and Edge Transport servers. Also, some conditions and actions are exclusive to each server role. The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-OMEConfiguration | Information Rights Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-OutlookProtectionRule | Information Rights Management | Outlook protection rules use an Active Directory Rights Management Services (AD RMS) rights template to automatically apply Information Rights Management (IRM) protection to messages before they're sent. For more information, see Outlook protection rules (https://docs.microsoft.com/exchange/outlook-protection-rules-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-IRMConfiguration | Information Rights Management | IRM requires the use of an on-premises AD RMS server or the ILS service. IRM features can be selectively enabled or disabled. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-OMEConfiguration | Information Rights Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-OMEMessageRevocation | Information Rights Management | When an email has been revoked, the recipient will get the following error when they try to view the encrypted message in the Office 365 Message Encryption portal: "The message has been revoked by the sender". You can revoke encrypted messages if the recipient received a link-based, branded encrypted email message. If the recipient received a native inline experience in a supported Outlook client, then you can't revoke encryption for the message. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-OutlookProtectionRule | Information Rights Management | Outlook protection rules are used to automatically rights-protect email messages using a Rights Management Services (RMS) template before the message is sent. However, Outlook protection rules don't inspect message content. To rights-protect messages based on message content, use transport protection rules. For more information, see Outlook protection rules (https://docs.microsoft.com/exchange/outlook-protection-rules-exchange-2013-help). Not specifying any conditions results in an Outlook protection rule being applied to all messages. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-RMSTemplate | Information Rights Management | RMS templates exist in one or more trusted publishing domains (TPDs) that have been imported from an on-premises server running Active Directory Rights Management Services (AD RMS). |
Set-TransportRule | Information Rights Management | In on-premises Exchange organizations, rules created on Mailbox servers are stored in Active Directory. All Mailbox servers in the organization have access to the same set of rules. On Edge Transport servers, rules are saved in the local copy of Active Directory Lightweight Directory Services (AD LDS). Rules aren't shared or replicated between Edge Transport servers or between Mailbox servers and Edge Transport servers. Also, some conditions and actions are exclusive to each server role. The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-UnifiedAuditSetting | Information Rights Management | |
Start-AuditAssistant | Information Rights Management | |
Test-IRMConfiguration | Information Rights Management | The Test-IRMConfiguration cmdlet performs a series of steps to test IRM configuration and functionality, including availability of an Active Directory Rights Management Services (AD RMS) server, prelicensing and journal report decryption. In Exchange Online organizations, it checks connectivity to RMS Online and obtains and validates the organization's Trusted Publishing Domain (TPD). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Write-AdminAuditLog | Information Rights Management | When the Write-AdminAuditLog cmdlet runs, the value provided in the Comment parameter is included in the log entry. For the Write-AdminAuditLog cmdlet to write to the audit log, it must be included in the list of cmdlets being logged by administrator audit logging. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Disable-JournalRule | Journaling | You can enable or disable specific journal rules in your organization at any time using the Disable-JournalRule and Enable-JournalRule cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Enable-JournalRule | Journaling | You can enable or disable specific journal rules in your organization at any time using the Enable-JournalRule and Disable-JournalRule cmdlets. For more information, see Journaling in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/journaling/journaling). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-JournalRule | Journaling | The Get-JournalRule cmdlet displays journal rules configured in your organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Recipient | Journaling | The Get-Recipient cmdlet may not return all object-specific properties for a recipient. To view the object-specific properties for a recipient, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox, Get-MailUser, or Get-DistributionGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ScopeEntities | Journaling | |
New-JournalRule | Journaling | The New-JournalRule cmdlet creates a journal rule in your organization. By default, new journal rules are disabled unless the Enabled parameter is set to $true. For more information about how to enable a new journal rule that was created in a disabled state, see Enable-JournalRule (https://docs.microsoft.com/powershell/module/exchange/enable-journalrule). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-JournalRule | Journaling | The Remove-JournalRule cmdlet removes the specified journal rule from Active Directory. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-JournalRule | Journaling | The Set-JournalRule cmdlet modifies an existing journal rule used in your organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-TransportConfig | Journaling | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Write-AdminAuditLog | Journaling | When the Write-AdminAuditLog cmdlet runs, the value provided in the Comment parameter is included in the log entry. For the Write-AdminAuditLog cmdlet to write to the audit log, it must be included in the list of cmdlets being logged by administrator audit logging. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Add-AvailabilityAddressSpace | Message Tracking | In Exchange Online, you need to run the New-AvailabilityConfig cmdlet before you run the Add-AvailabilityAddressSpace cmdlet. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AvailabilityAddressSpace | Message Tracking | In on-premises Exchange organizations, you run the Remove-AvailabilityAddressSpace cmdlet on Exchange servers that have the Client Access server role installed. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-BookingMailbox | Message Tracking | |
Get-Mailbox | Message Tracking | When you use the Get-Mailbox cmdlet in on-premises Exchange environments to view the quota settings for a mailbox, you first need to check the value of the UseDatabaseQuotaDefaults property. The value True means per-mailbox quota settings are ignored, and you need to use the Get-MailboxDatabase cmdlet to see the actual values. If the UseDatabaseQuotaDefaults property is False, the per-mailbox quota settings are used, so what you see with the Get-Mailbox cmdlet are the actual quota values for the mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceCopilot | Message Tracking | |
Get-MessageTrackingReport | Message Tracking | |
Get-PerimeterMessageTrace | Message Tracking | |
Get-Recipient | Message Tracking | The Get-Recipient cmdlet may not return all object-specific properties for a recipient. To view the object-specific properties for a recipient, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox, Get-MailUser, or Get-DistributionGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ScopeEntities | Message Tracking | |
Get-UnifiedAuditSetting | Message Tracking | |
New-IntraOrganizationConnector | Message Tracking | The New-IntraOrganizationConnector cmdlet is used to create a connection for features and services between divisions in your Exchange organization. It allows for the expansion of organizational boundaries for features and services across different hosts and network boundaries, such as between Active Directory forests, between on-premises and cloud-based organizations, or between tenants hosted in the same or different datacenters. For hybrid deployments between on-premises Exchange and Exchange Online organizations, the New-IntraOrganizationConnector cmdlet is used by the Hybrid Configuration wizard. Typically, the Intra-Organization connector is configured when the hybrid deployment is initially created by the wizard. We strongly recommend that you use the Hybrid Configuration wizard to create the Intra-Organization connector when configuring a hybrid deployment with an Exchange Online organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-OrganizationRelationship | Message Tracking | Before you can create an organization relationship, you must first create a federation trust. For more information, see Federation (https://docs.microsoft.com/exchange/federation-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-AvailabilityAddressSpace | Message Tracking | In on-premises Exchange organizations, you run the Remove-AvailabilityAddressSpace cmdlet on Exchange servers that have the Client Access server role installed. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Search-MessageTrackingReport | Message Tracking | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-AvailabilityConfig | Message Tracking | The Set-AvailabilityConfig cmdlet defines two accounts or security groups: a per-user free/busy proxy account or group, and an organization-wide free/busy proxy account or group. These accounts and groups are trusted by all availability services in the current organization for availability proxy requests. For cross-forest availability services to retrieve free/busy information in the current forest, they must be using one of the specified accounts, belong to one of the specified security groups, or have a username and password for one of the specified accounts or security groups. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-IntraOrganizationConnector | Message Tracking | Intra-Organizational connectors enable features and services between divisions in your Exchange organization. It allows for the expansion of organizational boundaries for features and services across different hosts and network boundaries, such as between Active Directory forests, between on-premises and cloud-based organizations or between tenants hosted in the same or different datacenters. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-OrganizationRelationship | Message Tracking | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-UnifiedAuditSetting | Message Tracking | |
Start-AuditAssistant | Message Tracking | |
Test-DatabaseEvent | Message Tracking | |
Test-MailboxAssistant | Message Tracking | |
Write-AdminAuditLog | Message Tracking | When the Write-AdminAuditLog cmdlet runs, the value provided in the Comment parameter is included in the log entry. For the Write-AdminAuditLog cmdlet to write to the audit log, it must be included in the list of cmdlets being logged by administrator audit logging. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AcceptedDomain | Retention Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-BookingMailbox | Retention Management | |
Get-CASMailbox | Retention Management | This cmdlet returns a variety of client access settings for one or more mailboxes. These settings include options for Outlook on the web, Exchange ActiveSync, POP3, and IMAP4. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Contact | Retention Management | The Get-Contact cmdlet returns no mail-related properties for mail contacts. Use the Get-MailContact to view mail-related properties for mail contacts. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DataRetentionReport | Retention Management | The following properties are returned by this cmdlet: - Organization - Date - Action - DataSource - MessageCount You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DistributionGroup | Retention Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DistributionGroupMember | Retention Management | If your organization has multiple Active Directory domains, you may need to run the Set-ADServerSettings cmdlet with the ViewEntireForest parameter set to $true before running the Get-DistributionGroupMember cmdlet to view the entire forest. For more information, see Example 2. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DynamicDistributionGroup | Retention Management | A dynamic distribution group queries mail-enabled objects and builds the group membership based on the results. The group membership is recalculated whenever an email message is sent to the group. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DynamicDistributionGroupMember | Retention Management | |
Get-EligibleDistributionGroupForMigration | Retention Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Mailbox | Retention Management | When you use the Get-Mailbox cmdlet in on-premises Exchange environments to view the quota settings for a mailbox, you first need to check the value of the UseDatabaseQuotaDefaults property. The value True means per-mailbox quota settings are ignored, and you need to use the Get-MailboxDatabase cmdlet to see the actual values. If the UseDatabaseQuotaDefaults property is False, the per-mailbox quota settings are used, so what you see with the Get-Mailbox cmdlet are the actual quota values for the mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxJunkEmailConfiguration | Retention Management | The junk email settings on the mailbox are: - Enable or disable the junk email rule: The junk email rule (a hidden Inbox rule named Junk E-mail Rule) controls the delivery of messages to the Junk Email folder or the Inbox based on the SCL Junk Email Folder threshold (for the organization or the mailbox) and the safelist collection on the mailbox. Users can enable or disable the junk email rule in their own mailbox by using Outlook on the web. - Configure the safelist collection: The safelist collection is the Safe Senders list, the Safe Recipients list, and the Blocked Senders list. Users can configure the safelist collection on their own mailbox by using Microsoft Outlook or Outlook on the web. Administrators can enable or disable the junk email rule, and configure the safelist collection on a mailbox by using the Set-MailboxJunkEmailConfiguration cmdlet. For more information, see Configure Exchange antispam settings on mailboxes (https://docs.microsoft.com/Exchange/antispam-and-antimalware/antispam-protection/configure-antispam-settings). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailContact | Retention Management | The Get-MailContact cmdlet retrieves all attributes of the specified contact. No parameters are required. If the cmdlet is run without a parameter, a complete list of contacts for the Exchange organization is returned. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailUser | Retention Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceCopilot | Retention Management | |
Get-OrganizationalUnit | Retention Management | The Get-OrganizationalUnit cmdlet is used by the Exchange admin center to populate fields that display OU information. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Recipient | Retention Management | The Get-Recipient cmdlet may not return all object-specific properties for a recipient. To view the object-specific properties for a recipient, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox, Get-MailUser, or Get-DistributionGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RetentionPolicy | Retention Management | A retention policy is associated with a group of retention policy tags that specify retention settings for items in a mailbox. A policy may contain one default policy tag to move items to an archive mailbox, one default policy tag to delete all items, one default policy tag to delete voicemail items and multiple personal tags to move or delete items. A mailbox can have only one retention policy applied to it. The Get-RetentionPolicy cmdlet displays all policy settings associated with the specified policy. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RetentionPolicyTag | Retention Management | Retention tags are used to apply message retention settings to messages or folders. There are three types of retention tags: - Retention policy tags - Default policy tags - Personal tags Retention policy tags are applied to default folders such as Inbox and Deleted Items. Personal tags are available to users to tag items and folders. The default policy tag is applied to all items that don't have a tag applied by the user or aren't inherited from the folder they're located in. The Get-RetentionPolicyTag cmdlet displays all the settings for the specified tag. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ScopeEntities | Retention Management | |
Get-UnifiedAuditSetting | Retention Management | |
New-Mailbox | Retention Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-RetentionPolicy | Retention Management | Retention policy tags are associated with a retention policy. When a retention policy is applied to a mailbox, tags associated with the policy are available to the mailbox user. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-RetentionPolicyTag | Retention Management | Retention tags are used to apply message retention settings to folders and items in a mailbox. Retention tags support a display of the tag name and an optional comment in localized languages. Language culture codes from the CultureInfo class are used for this purpose. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-RetentionPolicy | Retention Management | Retention policies are used to apply message retention settings to folders and items in a mailbox. The Remove-RetentionPolicy cmdlet removes an existing retention policy. If you remove a retention policy that's assigned to users and they don't have another retention policy assigned, messages in those mailboxes may never expire. This may be a violation of the organization's messaging retention policies. When you attempt to remove a policy that's assigned to users, Microsoft Exchange displays a confirmation message indicating that the policy is assigned to users. Note that this message is in addition to the confirmation prompt displayed when removing a retention policy. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-RetentionPolicyTag | Retention Management | Retention tags are added to a retention policy, which is applied to a mailbox. When you use the Remove-RetentionPolicyTag cmdlet to remove a retention tag, it removes the tag definition stored in Active Directory. The next time the Managed Folder Assistant runs, it processes all items that have the removed tag applied and restamps them. Depending on the number of mailboxes and messages, this process may result in significant resource consumption on all Mailbox servers that contain mailboxes with a retention policy that includes the removed tag. For more information about retention tags, see Retention tags and retention policies in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/mrm/retention-tags-and-retention-policies). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-Mailbox | Retention Management | You can use this cmdlet for one mailbox at a time. To perform bulk management, you can pipeline the output of various Get- cmdlets (for example, the Get-Mailbox or Get-User cmdlets) and configure several mailboxes in a single-line command. You can also use the Set-Mailbox cmdlet in scripts. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-MailboxJunkEmailConfiguration | Retention Management | This cmdlet controls the following junk email settings on the mailbox: - Enable or disable the junk email rule: The junk email rule (a hidden Inbox rule named Junk E-mail Rule) controls the delivery of messages to the Junk Email folder or the Inbox based on the SCL Junk Email Folder threshold (for the organization or the mailbox) and the safelist collection on the mailbox. Users can enable or disable the junk email rule in their own mailbox by using Outlook on the web. - Configure the safelist collection: The safelist collection is the Safe Senders list, the Safe Recipients list, and the Blocked Senders list. Users can configure the safelist collection on their own mailbox by using Microsoft Outlook or Outlook on the web. For more information, see Configure Exchange antispam settings on mailboxes (https://docs.microsoft.com/Exchange/antispam-and-antimalware/antispam-protection/configure-antispam-settings). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-MailboxLocation | Retention Management | |
Set-MailUser | Retention Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-RetentionPolicy | Retention Management | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-RetentionPolicyTag | Retention Management | Retention tags are used to apply message retention settings to folders and items in a mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-UnifiedAuditSetting | Retention Management | |
Start-AuditAssistant | Retention Management | |
Start-ManagedFolderAssistant | Retention Management | The Managed Folder Assistant uses the retention policy settings of users' mailboxes to process retention of items. This mailbox processing occurs automatically. You can use the Start-ManagedFolderAssistant cmdlet to immediately start processing the specified mailbox. In Exchange Server 2010 release to manufacturing (RTM), the Identity parameter specifies the Mailbox server to start the assistant and process all mailboxes on that server, and the Mailbox parameter specifies the mailbox to process. In Exchange 2010 Service Pack 1 (SP1) and later, the Mailbox parameter has been removed, and the Identity parameter accepts the mailbox or mail user to process. If you use these parameters in scheduled commands or scripts, we recommend that you review them and make any necessary changes. For more information, see KB4032361 (https://support.microsoft.com/help/4032361). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Test-ArchiveConnectivity | Retention Management | |
Test-DatabaseEvent | Retention Management | |
Test-MailboxAssistant | Retention Management | |
Write-AdminAuditLog | Retention Management | When the Write-AdminAuditLog cmdlet runs, the value provided in the Comment parameter is included in the log entry. For the Write-AdminAuditLog cmdlet to write to the audit log, it must be included in the list of cmdlets being logged by administrator audit logging. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Disable-TransportRule | Transport Rules | To enable rules that are disabled, use the Enable-TransportRule cmdlet. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Enable-TransportRule | Transport Rules | To disable rules that are enabled, use the Disable-TransportRule cmdlet. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Export-TransportRuleCollection | Transport Rules | The Export-TransportRuleCollection cmdlet can be used to export the transport rule collection in your organization. The format of the exported transport rule collection changed in Exchange Server 2013. The new format can't be imported into Exchange Server 2010. Exporting the rules collection is a two-step process. You first export the rules collection to a variable, and then use the Set-Content cmdlet to write the data to an XML file. For more information, see Set-Content (https://docs.microsoft.com/powershell/module/microsoft.powershell.management/set-content). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-EtrLimits | Transport Rules | |
Get-MessageClassification | Transport Rules | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OMEConfiguration | Transport Rules | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OMEMessageStatus | Transport Rules | If encryption for the message was successfully revoked, the command will return the message: The encrypted email with the subject "<subject>" and Message ID "<messageId>" was successfully revoked . You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Recipient | Transport Rules | The Get-Recipient cmdlet may not return all object-specific properties for a recipient. To view the object-specific properties for a recipient, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox, Get-MailUser, or Get-DistributionGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RMSTemplate | Transport Rules | The Get-RMSTemplate cmdlet doesn't return any active rights policy templates if internal licensing isn't enabled. Use the Get-IRMConfiguration cmdlet to check the InternalLicensingEnabled parameter. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ScopeEntities | Transport Rules | |
Get-TransportRule | Transport Rules | On Mailbox servers, this cmdlet returns all rules in the Exchange organization that are stored in Active Directory. On an Edge Transport server, this cmdlet only returns rules that are configured on the local server. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-TransportRuleAction | Transport Rules | In on-premises Exchange, the actions that are available on Mailboxes servers and Edge Transports server are different. Also, the names of some of the actions that are returned by this cmdlet are different than the corresponding parameter names in the New-TransportRule and Set-TransportRule cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-TransportRulePredicate | Transport Rules | Collectively, the conditions and exceptions in rules are known as predicates, because for every condition, there's a corresponding exception that uses the exact same settings and syntax. The only difference is conditions specify messages to include, while exceptions specify messages to exclude. That's why the output of this cmdlet doesn't list exceptions separately. Also, the names of some of the predicates that are returned by this cmdlet are different than the corresponding parameter names in the New-TransportRule and Set-TransportRule cmdlets. In on-premises Exchange, the predicates that are available on Mailboxes servers and Edge Transports server are different. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Import-TransportRuleCollection | Transport Rules | Importing a transport rule collection from an XML file removes or overwrites all pre-existing transport rules that were defined in your organization. Make sure that you have a backup of your current transport rule collection before you import and overwrite your current transport rules. Importing file data is a two-step process. First you must load the data to a variable using the Get-Content cmdlet, and then use that variable to transmit the data to the cmdlet. For information about how to export a transport rule collection to an XML file, see Export-TransportRuleCollection (https://docs.microsoft.com/powershell/module/exchange/export-transportrulecollection). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-MessageClassification | Transport Rules | After you create a new message classification, you can specify the message classification as a transport rule predicate. Before Microsoft Outlook and Outlook on the web users can apply the message classification to messages, you need to update the end-user systems with the message classification XML file created by the Export-OutlookClassification.ps1 script file. The Export-OutlookClassification.ps1 script file is located in the %ExchangeInstallPath%Scripts directory. When you create a message classification, it has no locale. By default, the new message classification is used for all locales. After a default message classification is defined, you can add new locales of the classification by running the New-MessageClassification cmdlet and by specifying the default message classification identity that you want to localize. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-OMEConfiguration | Transport Rules | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-TransportRule | Transport Rules | In on-premises Exchange organizations, rules created on Mailbox servers are stored in Active Directory. All Mailbox servers in the organization have access to the same set of rules. On Edge Transport servers, rules are saved in the local copy of Active Directory Lightweight Directory Services (AD LDS). Rules aren't shared or replicated between Edge Transport servers or between Mailbox servers and Edge Transport servers. Also, some conditions and actions are exclusive to each server role. The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-MessageClassification | Transport Rules | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-OMEConfiguration | Transport Rules | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Remove-TransportRule | Transport Rules | On Mailbox servers, this cmdlet removes the rule from Active Directory. On an Edge Transport server, the cmdlet removes the rule from the local Active Directory Lightweight Directory Services (AD LDS) instance. To temporarily disable a transport rule without removing it, use the Disable-TransportRule cmdlet instead. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-MessageClassification | Transport Rules | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-OMEConfiguration | Transport Rules | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-OMEMessageRevocation | Transport Rules | When an email has been revoked, the recipient will get the following error when they try to view the encrypted message in the Office 365 Message Encryption portal: "The message has been revoked by the sender". You can revoke encrypted messages if the recipient received a link-based, branded encrypted email message. If the recipient received a native inline experience in a supported Outlook client, then you can't revoke encryption for the message. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-TransportRule | Transport Rules | In on-premises Exchange organizations, rules created on Mailbox servers are stored in Active Directory. All Mailbox servers in the organization have access to the same set of rules. On Edge Transport servers, rules are saved in the local copy of Active Directory Lightweight Directory Services (AD LDS). Rules aren't shared or replicated between Edge Transport servers or between Mailbox servers and Edge Transport servers. Also, some conditions and actions are exclusive to each server role. The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Test-DlpPolicies | Transport Rules | |
Test-Message | Transport Rules | |
Write-AdminAuditLog | Transport Rules | When the Write-AdminAuditLog cmdlet runs, the value provided in the Comment parameter is included in the log entry. For the Write-AdminAuditLog cmdlet to write to the audit log, it must be included in the list of cmdlets being logged by administrator audit logging. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AdminAuditLogConfig | View-Only Audit Logs | When audit logging is enabled, a log entry is created for each cmdlet that's run, excluding Get cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AuditLogSearch | View-Only Audit Logs | Run the Get-AuditLogSearch cmdlet to return a list of pending audit log searches. If an audit log search has been completed, it won't be displayed in the list of audit log searches. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-BookingMailbox | View-Only Audit Logs | |
Get-Mailbox | View-Only Audit Logs | When you use the Get-Mailbox cmdlet in on-premises Exchange environments to view the quota settings for a mailbox, you first need to check the value of the UseDatabaseQuotaDefaults property. The value True means per-mailbox quota settings are ignored, and you need to use the Get-MailboxDatabase cmdlet to see the actual values. If the UseDatabaseQuotaDefaults property is False, the per-mailbox quota settings are used, so what you see with the Get-Mailbox cmdlet are the actual quota values for the mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxAuditBypassAssociation | View-Only Audit Logs | When you configure a user or computer account to bypass mailbox audit logging, access or actions taken by the user account or computer account to any mailbox isn't logged. By bypassing trusted user accounts or computer accounts that need to access mailboxes frequently, you can reduce the noise in mailbox audit logs. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceCopilot | View-Only Audit Logs | |
Get-UnifiedAuditSetting | View-Only Audit Logs | |
New-AdminAuditLogSearch | View-Only Audit Logs | After the New-AdminAuditLogSearch cmdlet is run, the report is delivered to the mailboxes you specify within 15 minutes. The log is included as an XML attachment on the report email message. The maximum size of the log that can be generated is 10 megabytes (MB). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-MailboxAuditLogSearch | View-Only Audit Logs | The New-MailboxAuditLogSearch cmdlet performs an asynchronous search of mailbox audit logs for the specified mailboxes and sends the search results by email to the specified recipients. The body of the email message contains search metadata such as search parameters and the time when the search request was submitted. The results are attached in an .xml file. To search mailbox audit logs for a single mailbox and have the results displayed in the Exchange Management Shell window, use the Search-MailboxAuditLog cmdlet instead. To learn more about mailbox audit logging, see Mailbox audit logging in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/mailbox-audit-logging/mailbox-audit-logging). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Search-AdminAuditLog | View-Only Audit Logs | If you run the Search-AdminAuditLog cmdlet without any parameters, up to 1,000 log entries are returned by default. Note : In Exchange Online PowerShell, if you don't use the StartDate or EndDate parameters, only results from the last 14 days are returned. For more information about the structure and properties of the audit log, Administrator audit log structure (https://docs.microsoft.com/Exchange/policy-and-compliance/admin-audit-logging/log-structure). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Search-MailboxAuditLog | View-Only Audit Logs | The Search-MailboxAuditLog cmdlet performs a synchronous search of mailbox audit logs for one or more specified mailboxes and displays search results in the Exchange Management Shell window. To search mailbox audit logs for multiple mailboxes and have the results sent by email to specified recipients, use the New-MailboxAuditLogSearch cmdlet instead. To learn more about mailbox audit logging, see Mailbox audit logging in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/mailbox-audit-logging/mailbox-audit-logging). This cmdlet is available in Office 365 operated by 21Vianet, but it won't return any results. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Search-UnifiedAuditLog | View-Only Audit Logs | The Search-UnifiedAuditLog cmdlet presents pages of data based on repeated iterations of the same command. Use SessionId and SessionCommand to repeatedly run the cmdlet until you get zero returns, or hit the maximum number of results based on the session command. To gauge progress, look at the ResultIndex (hits in the current iteration) and ResultCount (hits for all iterations) properties of the data returned by the cmdlet. The Search-UnifiedAuditLog cmdlet is available in Exchange Online PowerShell. You can also view events from the unified auditing log by using the Security & Compliance Center. For more information, see Audited activities (https://docs.microsoft.com/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance#audited-activities). If you want to programmatically download data from the Microsoft 365 audit log, we recommend that you use the Microsoft 365 Management Activity API instead of using the Search-UnifiedAuditLog cmdlet in a PowerShell script. The Microsoft 365 Management Activity API is a REST web service that you can use to develop operations, security, and compliance monitoring solutions for your organization. For more information, see Management Activity API reference (https://docs.microsoft.com/office/office-365-management-api/office-365-management-activity-api-reference). This cmdlet is available in Office 365 operated by 21Vianet, but it won't return any results. The OutVariable parameter accepts objects of type ArrayList. Here's an example of how to use it: `$start = (Get-Date).AddDays(-1); $end = (Get-Date).AddDays(-0.5); $auditData = New-Object System.Collections.ArrayList; Search-UnifiedAuditLog -StartDate $start -EndDate $end -OutVariable +auditData |
Set-UnifiedAuditSetting | View-Only Audit Logs | |
Start-AuditAssistant | View-Only Audit Logs | |
Test-DatabaseEvent | View-Only Audit Logs | |
Test-MailboxAssistant | View-Only Audit Logs | |
Check-ExoInformationBarrierSymmetry | View-Only Configuration | |
Enable-ExoInformationBarriersMultiSegment | View-Only Configuration | |
Export-ApplicationData | View-Only Configuration | |
Export-TransportRuleCollection | View-Only Configuration | The Export-TransportRuleCollection cmdlet can be used to export the transport rule collection in your organization. The format of the exported transport rule collection changed in Exchange Server 2013. The new format can't be imported into Exchange Server 2010. Exporting the rules collection is a two-step process. You first export the rules collection to a variable, and then use the Set-Content cmdlet to write the data to an XML file. For more information, see Set-Content (https://docs.microsoft.com/powershell/module/microsoft.powershell.management/set-content). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AcceptedDomain | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ActiveSyncDeviceAccessRule | View-Only Configuration | You can create multiple groups of devices: allowed devices, blocked devices, and quarantined devices with the New-ActiveSyncDeviceAccessRule cmdlet. The Get-ActiveSyncDeviceAccessRule cmdlet retrieves the settings for any existing group. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ActiveSyncDeviceClass | View-Only Configuration | You can use this cmdlet to view a list of mobile phones or devices by type. For example, you can return a list of all Android mobile digital devices in the organization or all Windows Phone devices in the organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ActiveSyncMailboxPolicy | View-Only Configuration | A Mobile Device mailbox policy is a group of settings that specifies how mobile devices enabled for Microsoft Exchange ActiveSync connect to the computer running Exchange. Exchange supports multiple Mobile Device mailbox policies. The Get-ActiveSyncMailboxPolicy cmdlet displays all the policy settings for the specified policy. These settings include password settings, file access settings and attachment settings. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ActiveSyncOrganizationSettings | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AdaptiveScope | View-Only Configuration | |
Get-AddressBookPolicy | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AdminAuditLogConfig | View-Only Configuration | When audit logging is enabled, a log entry is created for each cmdlet that's run, excluding Get cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AdministrativeUnit | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AntiPhishPolicy | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AntiPhishRule | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-App | View-Only Configuration | The Get-App cmdlet returns information about all installed apps or the details of a specific installed app. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ApplicationAccessPolicy | View-Only Configuration | This feature applies only to apps connecting to the Microsoft Graph API for Outlook resources. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ArcConfig | View-Only Configuration | |
Get-ATPBuiltInProtectionRule | View-Only Configuration | |
Get-ATPEvaluationRule | View-Only Configuration | |
Get-AtpPolicyForO365 | View-Only Configuration | Safe Links protection for Office 365 apps checks links in Office documents, not links in email messages. For more information, see Safe Links settings for Office 365 apps (https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-links#safe-links-settings-for-office-365-apps). Safe Documents scans documents and files that are opened in Protected View. For more information, see Safe Documents in Microsoft 365 E5 (https://docs.microsoft.com/microsoft-365/security/office-365-security/safe-docs). Safe Attachments for SharePoint, OneDrive, and Microsoft Teams prevents users from opening and downloading files that are identified as malicious. For more information, see Safe Attachments for SharePoint, OneDrive, and Microsoft Teams (https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ATPProtectionPolicyRule | View-Only Configuration | |
Get-AuditConfig | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-AuditConfigurationPolicy | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-AuditConfigurationRule | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-AuditLogSearch | View-Only Configuration | Run the Get-AuditLogSearch cmdlet to return a list of pending audit log searches. If an audit log search has been completed, it won't be displayed in the list of audit log searches. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AuthenticationPolicy | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AuthServer | View-Only Configuration | An authorization server is a server or service that issues tokens trusted by Microsoft Exchange for access by partner applications. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-BlockedConnector | View-Only Configuration | |
Get-BlockedSenderAddress | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-CalendarSettings | View-Only Configuration | |
Get-CASMailboxPlan | View-Only Configuration | A CAS mailbox plan is tied to the corresponding mailbox plan that has the same name (and display name). Like mailbox plans, CAS mailbox plans correspond to license types, and are applied to a mailbox when you license the user. The availability of a CAS mailbox plan is determined by your selections when you enroll in the service and the age of your organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ClassificationRuleCollection | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ComplianceTag | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-ComplianceTagStorage | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-ConfigAnalyzerPolicyRecommendation | View-Only Configuration | |
Get-CrossTenantAccessPolicy | View-Only Configuration | |
Get-CustomDlpEmailTemplates | View-Only Configuration | |
Get-DataClassification | View-Only Configuration | |
Get-DataClassificationConfig | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DataEncryptionPolicy | View-Only Configuration | Data encryption policy cmdlets are the Exchange Online part of service encryption with Customer Key in Microsoft 365. For more information, see Controlling your data in Microsoft 365 using Customer Key (https://aka.ms/customerkey). You can assign a data encryption policy to a mailbox by using the DataEncryptionPolicy parameter on the Set-Mailbox cmdlet in Exchange Online PowerShell. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DeviceConditionalAccessPolicy | View-Only Configuration | These are the cmdlets that are used for mobile device management in the Security & Compliance Center: - DeviceTenantPolicy and DeviceTenantRule cmdlets: A policy that defines whether to block or allow mobile device access to Exchange Online email by unsupported devices that use Exchange ActiveSync only. This setting applies to all users in your organization. Both allow and block scenarios allow reporting for unsupported devices, and you can specify exceptions to the policy based on security groups. - DeviceConditionalAccessPolicy and DeviceConditionalAccessRule cmdlets: Policies that control mobile device access to Microsoft 365 for supported devices. These policies are applied to security groups. Unsupported devices are not allowed to enroll in mobile device management. - DeviceConfigurationPolicy and DeviceConfigurationRule cmdlets: Policies that control mobile device settings for supported devices. These policies are applied to security groups. - Get-DevicePolicy: Returns all mobile device management policies regardless of type (DeviceTenantPolicy, DeviceConditionalAccessPolicy or DeviceConfigurationPolicy). You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DeviceConditionalAccessRule | View-Only Configuration | These are the cmdlets that are used for mobile device management in the Security & Compliance Center: - DeviceTenantPolicy and DeviceTenantRule cmdlets: A policy that defines whether to block or allow mobile device access to Exchange Online email by unsupported devices that use Exchange ActiveSync only. This setting applies to all users in your organization. Both allow and block scenarios allow reporting for unsupported devices, and you can specify exceptions to the policy based on security groups. - DeviceConditionalAccessPolicy and DeviceConditionalAccessRule cmdlets: Policies that control mobile device access to Microsoft 365 for supported devices. These policies are applied to security groups. Unsupported devices are not allowed to enroll in mobile device management. - DeviceConfigurationPolicy and DeviceConfigurationRule cmdlets: Policies that control mobile device settings for supported devices. These policies are applied to security groups. - Get-DevicePolicy: Returns all mobile device management policies regardless of type (DeviceTenantPolicy, DeviceConditionalAccessPolicy or DeviceConfigurationPolicy). You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DeviceConfigurationPolicy | View-Only Configuration | These are the cmdlets that are used for mobile device management in the Security & Compliance Center: - DeviceTenantPolicy and DeviceTenantRule cmdlets: A policy that defines whether to block or allow mobile device access to Exchange Online email by unsupported devices that use Exchange ActiveSync only. This setting applies to all users in your organization. Both allow and block scenarios allow reporting for unsupported devices, and you can specify exceptions to the policy based on security groups. - DeviceConditionalAccessPolicy and DeviceConditionalAccessRule cmdlets: Policies that control mobile device access to Microsoft 365 for supported devices. These policies are applied to security groups. Unsupported devices are not allowed to enroll in mobile device management. - DeviceConfigurationPolicy and DeviceConfigurationRule cmdlets: Policies that control mobile device settings for supported devices. These policies are applied to security groups. - Get-DevicePolicy: Returns all mobile device management policies regardless of type (DeviceTenantPolicy, DeviceConditionalAccessPolicy or DeviceConfigurationPolicy). You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DeviceConfigurationRule | View-Only Configuration | These are the cmdlets that are used for mobile device management in the Security & Compliance Center: - DeviceTenantPolicy and DeviceTenantRule cmdlets: A policy that defines whether to block or allow mobile device access to Exchange Online email by unsupported devices that use Exchange ActiveSync only. This setting applies to all users in your organization. Both allow and block scenarios allow reporting for unsupported devices, and you can specify exceptions to the policy based on security groups. - DeviceConditionalAccessPolicy and DeviceConditionalAccessRule cmdlets: Policies that control mobile device access to Microsoft 365 for supported devices. These policies are applied to security groups. Unsupported devices are not allowed to enroll in mobile device management. - DeviceConfigurationPolicy and DeviceConfigurationRule cmdlets: Policies that control mobile device settings for supported devices. These policies are applied to security groups. - Get-DevicePolicy: Returns all mobile device management policies regardless of type (DeviceTenantPolicy, DeviceConditionalAccessPolicy or DeviceConfigurationPolicy). You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DevicePolicy | View-Only Configuration | These are the cmdlets that are used for mobile device management in the Security & Compliance Center: - DeviceTenantPolicy and DeviceTenantRule cmdlets: A policy that defines whether to block or allow mobile device access to Exchange Online email by unsupported devices that use Exchange ActiveSync only. This setting applies to all users in your organization. Both allow and block scenarios allow reporting for unsupported devices, and you can specify exceptions to the policy based on security groups. - DeviceConditionalAccessPolicy and DeviceConditionalAccessRule cmdlets: Policies that control mobile device access to Microsoft 365 for supported devices. These policies are applied to security groups. Unsupported devices are not allowed to enroll in mobile device management. - DeviceConfigurationPolicy and DeviceConfigurationRule cmdlets: Policies that control mobile device settings for supported devices. These policies are applied to security groups. - Get-DevicePolicy: Returns all mobile device management policies regardless of type (DeviceTenantPolicy, DeviceConditionalAccessPolicy or DeviceConfigurationPolicy). You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DeviceTenantPolicy | View-Only Configuration | These are the cmdlets that are used for mobile device management in the Security & Compliance Center: - DeviceTenantPolicy and DeviceTenantRule cmdlets: A policy that defines whether to block or allow mobile device access to Exchange Online email by unsupported devices that use Exchange ActiveSync only. This setting applies to all users in your organization. Both allow and block scenarios allow reporting for unsupported devices, and you can specify exceptions to the policy based on security groups. - DeviceConditionalAccessPolicy and DeviceConditionalAccessRule cmdlets: Policies that control mobile device access to Microsoft 365 for supported devices. These policies are applied to security groups. Unsupported devices are not allowed to enroll in mobile device management. - DeviceConfigurationPolicy and DeviceConfigurationRule cmdlets: Policies that control mobile device settings for supported devices. These policies are applied to security groups. - Get-DevicePolicy: Returns all mobile device management policies regardless of type (DeviceTenantPolicy, DeviceConditionalAccessPolicy or DeviceConfigurationPolicy). You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DeviceTenantRule | View-Only Configuration | These are the cmdlets that are used for mobile device management in the Security & Compliance Center: - DeviceTenantPolicy and DeviceTenantRule cmdlets: A policy that defines whether to block or allow mobile device access to Exchange Online email by unsupported devices that use Exchange ActiveSync only. This setting applies to all users in your organization. Both allow and block scenarios allow reporting for unsupported devices, and you can specify exceptions to the policy based on security groups. - DeviceConditionalAccessPolicy and DeviceConditionalAccessRule cmdlets: Policies that control mobile device access to Microsoft 365 for supported devices. These policies are applied to security groups. Unsupported devices are not allowed to enroll in mobile device management. - DeviceConfigurationPolicy and DeviceConfigurationRule cmdlets: Policies that control mobile device settings for supported devices. These policies are applied to security groups. - Get-DevicePolicy: Returns all mobile device management policies regardless of type (DeviceTenantPolicy, DeviceConditionalAccessPolicy or DeviceConfigurationPolicy). You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DkimSigningConfig | View-Only Configuration | DKIM in Microsoft 365 is an email authentication method that uses a public key infrastructure (PKI), message headers and CNAME records in DNS to authenticate the message sender, which is stamped in the DKIM-Signature header field. DKIM helps prevent forged sender email addresses (also known as spoofing) by verifying that the domain in the From address matches the domain in the DKIM-Signature header field. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DlpKeywordDictionary | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DlpPolicy | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DlpPolicyTemplate | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DlpSensitiveInformationTypeConfig | View-Only Configuration | |
Get-DlpSensitiveInformationTypeRulePackage | View-Only Configuration | Sensitive information type rule packages are used by DLP to detect sensitive content. The default sensitive information type rule package is named Microsoft Rule Package. You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DnssecStatusForVerifiedDomain | View-Only Configuration | |
Get-ElevatedAccessAuthorization | View-Only Configuration | |
Get-EmailTenantSettings | View-Only Configuration | |
Get-EOPProtectionPolicyRule | View-Only Configuration | |
Get-EtrLimits | View-Only Configuration | |
Get-ExoConnectivityTableSnapshot | View-Only Configuration | |
Get-ExoInformationBarrierPolicy | View-Only Configuration | |
Get-ExoInformationBarrierRelationship | View-Only Configuration | |
Get-ExoInformationBarrierRelationshipTable | View-Only Configuration | |
Get-ExoInformationBarrierSegment | View-Only Configuration | |
Get-ExoInformationBarrierUpgradeImpact | View-Only Configuration | |
Get-ExoPhishSimOverrideRule | View-Only Configuration | |
Get-ExoRecipientsStatus | View-Only Configuration | |
Get-ExoSecOpsOverrideRule | View-Only Configuration | |
Get-ExoSegmentsSnapshot | View-Only Configuration | |
Get-ExoUsersByIBSegment | View-Only Configuration | |
Get-ExternalInOutlook | View-Only Configuration | |
Get-FailedContentIndexDocuments | View-Only Configuration | The Get-FailedContentIndexDocuments cmdlet returns a list of documents that couldn't be indexed. The most common reason is that there was no filter available for that document type or there was an attachment within the document. For example, the PDF filter isn't available by default. If an email message contains a PDF document, because there is no PDF filter, the document is marked as failed content indexing. After a new filter is installed, only new messages with attachments of the type for which the filter is installed are indexed. If you want to index older messages for the document type, the mailbox has to be moved. The cmdlet output provides details about items in a mailbox that couldn't be indexed, including an error code and the reason for failure. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-FederatedOrganizationIdentifier | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-FederationInformation | View-Only Configuration | The Get-FederationInformation cmdlet retrieves federation information from the domain specified. Results from the cmdlet can be piped to the New-OrganizationRelationship cmdlet to establish an organization relationship with the Exchange organization being queried. The domain specified should have federation enabled. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-FederationTrust | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-HostedConnectionFilterPolicy | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-HostedContentFilterPolicy | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-HostedContentFilterRule | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-HostedOutboundSpamFilterPolicy | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-HostedOutboundSpamFilterRule | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-HybridMailflowDatacenterIPs | View-Only Configuration | The Get-HybridMailflowDatacenterIPs cmdlet supports hybrid deployments and lists the IP addresses of EOP service data centers that support hybrid deployments. The list isn't specific to any on-premises Exchange organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-InboundConnector | View-Only Configuration | Inbound connectors accept email messages from remote domains that require specific configuration options. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-IntraOrganizationConfiguration | View-Only Configuration | A hybrid Exchange deployment results in one logical organization made up of a number of physical Exchange instances. Hybrid Exchange environments contain more than one Exchange instance and support topologies like two on-premises Microsoft Exchange forests in an organization, an Exchange on-premises organization and an Exchange Online organization or two Exchange Online organizations. Hybrid environments are enabled by Intra-Organization connectors. The connectors can be created and managed by cmdlets like New-IntraOrganizationConnector, but we strongly recommend that you use the Hybrid Configuration wizard when configuring a hybrid deployment with an Exchange Online organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-IntraOrganizationConnector | View-Only Configuration | Intra-Organizational connectors enable features and services between divisions in your Exchange organization. It allows for the expansion of organizational boundaries for features and services across different hosts and network boundaries, such as between Active Directory forests, between on-premises and cloud-based organizations, or between tenants hosted in the same or different datacenters. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-IPv6StatusForAcceptedDomain | View-Only Configuration | |
Get-IRMConfiguration | View-Only Configuration | The Get-IRMConfiguration cmdlet provides details about the current IRM configuration, including whether individual IRM features are enabled or disabled and provides the URLs used for ServiceLocation, PublishingLocation and LicensingLocation. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-JitConfiguration | View-Only Configuration | |
Get-JournalRule | View-Only Configuration | The Get-JournalRule cmdlet displays journal rules configured in your organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-M365CrossTenantAccessPolicy | View-Only Configuration | |
Get-M365DataAtRestEncryptionPolicy | View-Only Configuration | M365 data-at-rest encryption policy cmdlets are accessible to compliance administrator role as part of the Exchange Online infrastructure. For more information, see Overview of M365 Customer Key at the tenant level (https://docs.microsoft.com/microsoft-365/compliance/customer-key-tenant-level#get-policy-details). You can create and assign a Microsoft 365 data-at-rest encryption policy at the tenant level by using the appropriate M365DataAtRestEncryptionPolicy cmdlets in Exchange Online PowerShell. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxAuditBypassAssociation | View-Only Configuration | When you configure a user or computer account to bypass mailbox audit logging, access or actions taken by the user account or computer account to any mailbox isn't logged. By bypassing trusted user accounts or computer accounts that need to access mailboxes frequently, you can reduce the noise in mailbox audit logs. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MalwareFilterPolicy | View-Only Configuration | Malware filter policies contain the malware settings and a list of domains to which those settings apply. A domain can't belong to more than one malware filter policy. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MalwareFilterRule | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ManagementRole | View-Only Configuration | You can view management roles in several ways, from listing all the roles in your organization to listing only the child roles of a specified parent role. You can also view the details of a specific role by piping the output of the Get-ManagementRole cmdlet to the Format-List cmdlet. For more information about management roles, see Understanding management roles (https://docs.microsoft.com/exchange/understanding-management-roles-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ManagementRoleAssignment | View-Only Configuration | You can retrieve role assignments in a variety of ways including by assignment type, scope type, or name, and whether the assignment is enabled or disabled. You can also view a list of role assignments that provide access to a specified recipient, server, or database. For more information about management role assignments, see Understanding management role assignments (https://docs.microsoft.com/exchange/understanding-management-role-assignments-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ManagementRoleEntry | View-Only Configuration | The Get-ManagementRoleEntry cmdlet retrieves role entries that have been configured on roles. You can retrieve specific role entries that match specific criteria such as role name, cmdlet name, parameter name, or a combination of each, or role entry type or the associated Windows PowerShell snap-in. For more information about management role entries, see Understanding management roles (https://docs.microsoft.com/exchange/understanding-management-roles-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ManagementScope | View-Only Configuration | You can retrieve one scope or many, retrieve only scopes that aren't associated with management role assignments, or retrieve scopes that are exclusive or regular scopes. For more information about regular and exclusive scopes, see Understanding management role scopes (https://docs.microsoft.com/exchange/understanding-management-role-scopes-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MeetingInsightsSettings | View-Only Configuration | |
Get-MessageCategory | View-Only Configuration | The Get-MessageCategory cmdlet is used by the web management interface in Microsoft Exchange to populate fields that display message category information. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageClassification | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MigrationBatch | View-Only Configuration | The Get-MigrationBatch cmdlet displays status information about the current migration batch. This information includes the following information: - Status of the migration batch - Total number of mailboxes being migrated - Number of successfully completed migrations - Migration errors - Date and time when the migration was started and completed. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). Note : In the cloud-based service, if you don't use the TimeZone parameter in the New-MigrationBatch command, the default time zone for the migration batch is UTC. The CompleteAfter and CompleteAfterUTC properties will contain the same value (as will the StartAfter and StartAfterUTC properties). When you create the migration batch in the Exchange admin center (EAC), the time zone that's used is based on your regional configuration. |
Get-MigrationConfig | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MigrationEndpoint | View-Only Configuration | The Get-MigrationEndpoint cmdlet retrieves settings for different types of migration: - Cross-forest move: Move mailboxes between two different on-premises Exchange forests. Cross-forest moves require the use of a RemoteMove endpoint. - Remote move: In a hybrid deployment, a remote move involves onboarding or offboarding migrations. Remote moves require the use of a RemoteMove endpoint. Onboarding moves mailboxes from an on-premises Exchange organization to Exchange Online, and uses a RemoteMove endpoint as the source endpoint of the migration batch. Offboarding moves mailboxes from Exchange Online to an on-premises Exchange organization and uses a RemoteMove endpoint as the target endpoint of the migration batch. - Cutover Exchange migration: Migrate all mailboxes in an on-premises Exchange organization to Exchange Online. Cutover Exchange migration requires the use of an Exchange endpoint. - Staged Exchange migration: Migrate a subset of mailboxes from an on-premises Exchange organization to Exchange Online. Staged Exchange migration requires the use of an Exchange endpoint. - IMAP migration: Migrate mailbox data from an on-premises Exchange organization or other email system to Exchange Online. For an IMAP migration, you must first create the cloud-based mailboxes before you migrate mailbox data. IMAP migrations require the use of an IMAP endpoint. - Local: Move mailboxes between different servers or databases within a single on-premises Exchange forest. Local moves don't require the use of an endpoint. For more information about the different move and migration scenarios, see: - Mailbox moves in Exchange Server (https://docs.microsoft.com/Exchange/recipients/mailbox-moves)- Manage on-premises mailbox moves in Exchange Server (https://docs.microsoft.com/Exchange/architecture/mailbox-servers/manage-mailbox-moves)You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MigrationStatistics | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MigrationUser | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MigrationUserStatistics | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MobileDeviceMailboxPolicy | View-Only Configuration | A Mobile Device mailbox policy is a group of settings that specifies how mobile devices connect Exchange. Exchange supports multiple mobile device mailbox policies. The Get-MobileDeviceMailboxPolicy cmdlet displays all the policy settings for the specified policy. These settings include password settings, file access settings and attachment settings. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Notification | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OMEConfiguration | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OMEMessageStatus | View-Only Configuration | If encryption for the message was successfully revoked, the command will return the message: The encrypted email with the subject "<subject>" and Message ID "<messageId>" was successfully revoked . You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OnPremisesOrganization | View-Only Configuration | The OnPremisesOrganization object represents an on-premises Exchange organization configured for hybrid deployment with a Microsoft 365 organization. It's used with the Hybrid Configuration wizard and is typically created automatically when the hybrid deployment is initially configured by the wizard. You can use the Get-OnPremisesOrganization cmdlet to view the properties of the OnPremisesOrganization object in the Microsoft 365 organization. Manual modification of this object may result in hybrid deployment misconfiguration. We strongly recommend that you use the Hybrid Configuration wizard to modify this object in the Microsoft 365 organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OrganizationalUnit | View-Only Configuration | The Get-OrganizationalUnit cmdlet is used by the Exchange admin center to populate fields that display OU information. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OrganizationConfig | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OrganizationRelationship | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OutboundConnector | View-Only Configuration | Outbound connectors send email messages to remote domains that require specific configuration options. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OutlookProtectionRule | View-Only Configuration | Outlook protection rules are used to automatically Information Rights Management (IRM)-protect email messages using a Rights Management Services (RMS) template before the message is sent. However, Outlook protection rules don't inspect message content. To IRM-protect messages based on message content, use transport protection rules. For more information, see Outlook protection rules (https://docs.microsoft.com/exchange/outlook-protection-rules-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OwaMailboxPolicy | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PartnerApplication | View-Only Configuration | You can configure partner applications such as Microsoft SharePoint to access Exchange resources. For details, see Plan Exchange 2016 integration with SharePoint and Skype for Business (https://docs.microsoft.com/Exchange/plan-and-deploy/integration-with-sharepoint-and-skype/integration-with-sharepoint-and-skype). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PerimeterConfig | View-Only Configuration | If you have an on-premises email system, you can use the Set-PerimeterConfig cmdlet to add the IP addresses of your gateway servers to cloud-based safelists (also known as whitelists) to make sure that messages sent from your on-premises email system aren't treated as spam. |
Get-PerimeterMessageTrace | View-Only Configuration | |
Get-PhishSimOverridePolicy | View-Only Configuration | |
Get-Place | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PolicyConfig | View-Only Configuration | |
Get-PolicyTipConfig | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-QuarantinePolicy | View-Only Configuration | |
Get-RbacDiagnosticInfo | View-Only Configuration | |
Get-RecipientStatisticsReport | View-Only Configuration | The recipient statistics report provides information about the total number of mailboxes and the total number of active mailboxes in the organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RemoteDomain | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ReportSubmissionPolicy | View-Only Configuration | |
Get-ReportSubmissionRule | View-Only Configuration | |
Get-RetentionPolicy | View-Only Configuration | A retention policy is associated with a group of retention policy tags that specify retention settings for items in a mailbox. A policy may contain one default policy tag to move items to an archive mailbox, one default policy tag to delete all items, one default policy tag to delete voicemail items and multiple personal tags to move or delete items. A mailbox can have only one retention policy applied to it. The Get-RetentionPolicy cmdlet displays all policy settings associated with the specified policy. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RetentionPolicyTag | View-Only Configuration | Retention tags are used to apply message retention settings to messages or folders. There are three types of retention tags: - Retention policy tags - Default policy tags - Personal tags Retention policy tags are applied to default folders such as Inbox and Deleted Items. Personal tags are available to users to tag items and folders. The default policy tag is applied to all items that don't have a tag applied by the user or aren't inherited from the folder they're located in. The Get-RetentionPolicyTag cmdlet displays all the settings for the specified tag. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RMSTemplate | View-Only Configuration | The Get-RMSTemplate cmdlet doesn't return any active rights policy templates if internal licensing isn't enabled. Use the Get-IRMConfiguration cmdlet to check the InternalLicensingEnabled parameter. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RoleAssignmentPolicy | View-Only Configuration | For more information about assignment policies, see Understanding management role assignment policies (https://docs.microsoft.com/exchange/understanding-management-role-assignment-policies-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RoleGroup | View-Only Configuration | For more information about role groups, see Understanding management role groups (https://docs.microsoft.com/exchange/understanding-management-role-groups-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-RoleGroupMember | View-Only Configuration | For more information about role groups, see Understanding management role groups (https://docs.microsoft.com/exchange/understanding-management-role-groups-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SafeAttachmentPolicy | View-Only Configuration | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see Safe Attachments in Defender for Office 365 (https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SafeAttachmentRule | View-Only Configuration | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see Safe Attachments in Defender for Office 365 (https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SafeLinksPolicy | View-Only Configuration | Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SafeLinksRule | View-Only Configuration | Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SearchDocumentFormat | View-Only Configuration | Exchange Search includes built-in support for indexing many file formats. Output from the Get-SearchDocumentFormat cmdlet includes details about each supported file format, including whether content indexing is enabled for the file format, the format handler and the file extension (such as .docx). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SecOpsOverridePolicy | View-Only Configuration | |
Get-ServiceStatus | View-Only Configuration | |
Get-SharingPolicy | View-Only Configuration | Users can only share free/busy and contact information after federation has been configured between Exchange organizations. After that, users can send sharing invitations to the external recipients as long as those invitations comply with the sharing policy. A sharing policy needs to be assigned to a mailbox to be effective. If a mailbox doesn't have a specific sharing policy assigned, a default policy enforces the sharing settings for the mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SmimeConfig | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SmtpDaneInboundStatus | View-Only Configuration | |
Get-SpoofIntelligenceInsight | View-Only Configuration | |
Get-SupervisoryReviewActivity | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SupervisoryReviewPolicyReport | View-Only Configuration | For the reporting period you specify, the Get-SupervisoryReviewPolicyReport cmdlet returns the following information: - Organization - Date - Policy - Message Type - Tag Type: Messages that are eligible for evaluation by the policy are InPurview . Messages that match the conditions of the policy are HitPolicy . Classifications that are manually assigned to messages by the designated reviewers using the Supervision add-in for Outlook web app are Compliant , Non-compliant , Questionable , and Resolved . Messages that match the conditions of a policy but haven't been reviewed by a designated reviewer are Not-Reviewed . Messages that match the conditions of a policy and have been reviewed by a designated reviewer are New-Reviewed . - Item Count You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-SupervisoryReviewPolicyV2 | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-SupervisoryReviewReport | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-SupervisoryReviewRule | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-SyncConfig | View-Only Configuration | |
Get-TeamsProtectionPolicy | View-Only Configuration | |
Get-TeamsProtectionPolicyRule | View-Only Configuration | |
Get-TenantAllowBlockListItems | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-TenantAllowBlockListSpoofItems | View-Only Configuration | |
Get-ToolInformation | View-Only Configuration | |
Get-TransportConfig | View-Only Configuration | The Get-TransportConfig cmdlet displays configuration information for global transport settings applied across the organization when the cmdlet is run on a Mailbox server. When this cmdlet is run on an Edge Transport server, only the transportation configuration settings for the local computer are shown. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-TransportRule | View-Only Configuration | On Mailbox servers, this cmdlet returns all rules in the Exchange organization that are stored in Active Directory. On an Edge Transport server, this cmdlet only returns rules that are configured on the local server. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-TransportRuleAction | View-Only Configuration | In on-premises Exchange, the actions that are available on Mailboxes servers and Edge Transports server are different. Also, the names of some of the actions that are returned by this cmdlet are different than the corresponding parameter names in the New-TransportRule and Set-TransportRule cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-TransportRulePredicate | View-Only Configuration | Collectively, the conditions and exceptions in rules are known as predicates, because for every condition, there's a corresponding exception that uses the exact same settings and syntax. The only difference is conditions specify messages to include, while exceptions specify messages to exclude. That's why the output of this cmdlet doesn't list exceptions separately. Also, the names of some of the predicates that are returned by this cmdlet are different than the corresponding parameter names in the New-TransportRule and Set-TransportRule cmdlets. In on-premises Exchange, the predicates that are available on Mailboxes servers and Edge Transports server are different. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-User | View-Only Configuration | The Get-User cmdlet returns no mail-related properties for mailboxes or mail users. To view the mail-related properties for a user, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox or Get-MailUser). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-ProtectionServicePolicy | View-Only Configuration | |
Remove-AuditConfigurationPolicy | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Remove-AuditConfigurationRule | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Remove-ExoInformationBarriersV1Configuration | View-Only Configuration | |
Remove-M365CrossTenantAccessPolicy | View-Only Configuration | |
Set-ExternalInOutlook | View-Only Configuration | |
Set-LabelProperties | View-Only Configuration | |
Set-ProtectionServicePolicy | View-Only Configuration | |
Set-RegulatoryComplianceUI | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Set-SmimeConfig | View-Only Configuration | The Set-SmimeConfig cmdlet can change several important parameters than can reduce the overall level of message security. Review your organization's security policy before you make any changes. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Test-ApplicationAccessPolicy | View-Only Configuration | This feature applies only to apps connecting to the Microsoft Graph API for Outlook resources. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Test-DataEncryptionPolicy | View-Only Configuration | |
Test-DlpPolicies | View-Only Configuration | |
Test-M365DataAtRestEncryptionPolicy | View-Only Configuration | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Test-Message | View-Only Configuration | |
Test-OrganizationRelationship | View-Only Configuration | The Test-OrganizationRelationship cmdlet doesn't include any functional tests of federated sharing features, such as accessing user free/busy information or moving mailboxes between organizations. It only verifies that the configuration will allow these features to work correctly. Before you can test an organization relationship, you must first create an organization relationship. For more information, see Create an organization relationship (https://docs.microsoft.com/exchange/create-an-organization-relationship-exchange-2013-help). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Validate-RetentionRuleQuery | View-Only Configuration | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Export-MailboxDiagnosticLogs | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ActiveSyncDevice | View-Only Recipients | The Get-ActiveSyncDevice cmdlet returns identification, configuration and status information for each device. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ActiveSyncDeviceStatistics | View-Only Recipients | The Get-ActiveSyncDeviceStatistics cmdlet returns a list of statistics about each mobile device. Additionally, it allows you to retrieve logs and send those logs to a recipient for troubleshooting purposes. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ActiveSyncMailboxPolicy | View-Only Recipients | A Mobile Device mailbox policy is a group of settings that specifies how mobile devices enabled for Microsoft Exchange ActiveSync connect to the computer running Exchange. Exchange supports multiple Mobile Device mailbox policies. The Get-ActiveSyncMailboxPolicy cmdlet displays all the policy settings for the specified policy. These settings include password settings, file access settings and attachment settings. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AddressBookPolicy | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-AggregateZapReport | View-Only Recipients | |
Get-ATPTotalTrafficReport | View-Only Recipients | For the reporting period and organization you specify, the cmdlet returns the following information: - EventType - Organization - Date - MessageCount - StartDate - EndDate - AggregateBy - Index By default, the command returns data for the last 14 days. Data for the last 90 days is available. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-BookingMailbox | View-Only Recipients | |
Get-CalendarDiagnosticAnalysis | View-Only Recipients | The following properties of the calendar item are returned in the default output of the cmdlet (when the DetailLevel parameter is set to Basic): - Local Log Time - ItemId - NormalizedSubject - StartTime - EndTime - CalendarLogTriggerAction - ClientInfoString - OriginalLastModifiedTime - ClientIntent - CleanGlobalObjectId - ItemClass - ParentDisplay - Duration - AppointmentRecurring - SentRepresentingEmailAddress - SenderEmailAddress - SentRepresentingDisplayName You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-CalendarDiagnosticLog | View-Only Recipients | The output of this cmdlet contains the following information: - IsFileLink: Indicates whether the calendar item has been exported to a .msg file by using the LogLocation parameter. Values are True or False. - Identity: Identifies the mailbox that holds the calendar item. An example value is: excallog://laura@contoso.com/?id=RgAAAACF/h/dHTTkQbdPrk7z+G4SBwCoatc7EmnEQq1iF35p17stAAAAAAFEAACoatc7EmnEQq1iF35p17stAAAAABEIAAAP. - LogDate: The date-time that the calendar item was logged. - NormalizedSubject: The Subject field of the calendar item. - CleanGlobalObjectId: The identifier that's constant throughout the lifetime of the calendar item. For example, 040000008200E00074C5B7101A82E00800000000B0225ABF0710C80100000000000000001000000005B27C05AA7C4646B0835D5EB4E41C55. After you run the Get-CalendarDiagnosticLog cmdlet, you can analyze the calendar data using the Get-CalendarDiagnosticAnalysis cmdlet. For more information, see Get-CalendarDiagnosticAnalysis (https://docs.microsoft.com/powershell/module/exchange/get-calendardiagnosticanalysis). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-CalendarDiagnosticObjects | View-Only Recipients | Some of the more interesting properties that are returned in the results are: - AppointmentState: 1 = The appointment is a meeting, 2 = The appointment has been received, 4 = The appointment has been cancelled, and 8 = the appointment is a forwarded appointment. - CalendarLogTriggerAction: The action that's taken on the item (for example, Create or Update). - ClientInfoString: The entity that made the change (for example, Client=OWA;<AdditionalDetails> , Client=WebServices;<AdditionalDetails> ;, or Client=TBA;Service=MSExchangeMailboxAssistants;Action=ELCAssistant; ). - MeetingRequestType: 1 = The meeting message is a meeting request, 65536 = The meeting message is a full update to an existing meeting, 131072 = The meeting message is an informational update to an existing meeting, 262144 = The meeting message is a silent update, 524288 = The update is outdated, or 1048576 = The meeting message is forwarded to a delegate, and the copy is marked as informational. - OriginalLastModifiedTime: Used as the primary sort field to order the events. - ResponseType: 0 = The organizer hasn't received a response, 1 = The organizer's copy of the meeting, 2 = Tentative, 3 = Accept, 4 = Decline, or 5 = The attendee hasn't responded. - ResponsibleUserName: The LegacyExchangeDN value of the user who made the change (for example, /o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=BN6PR11MB1587/cn=Microsoft System Attendant or /o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=696eea97d3c449eab648920d03385efb-admin ). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-CalendarProcessing | View-Only Recipients | For details about the properties that are returned in the output of this cmdlet, see Set-CalendarProcessing (https://docs.microsoft.com/powershell/module/exchange/set-calendarprocessing). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-CalendarViewDiagnostics | View-Only Recipients | |
Get-CASMailbox | View-Only Recipients | This cmdlet returns a variety of client access settings for one or more mailboxes. These settings include options for Outlook on the web, Exchange ActiveSync, POP3, and IMAP4. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-CASMailboxPlan | View-Only Recipients | A CAS mailbox plan is tied to the corresponding mailbox plan that has the same name (and display name). Like mailbox plans, CAS mailbox plans correspond to license types, and are applied to a mailbox when you license the user. The availability of a CAS mailbox plan is determined by your selections when you enroll in the service and the age of your organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Clutter | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-CompromisedUserAggregateReport | View-Only Recipients | This cmdlet returns the following information: - Date - UserCount - Action You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-CompromisedUserDetailReport | View-Only Recipients | This cmdlet returns the following information: - Date - UserCount - Action You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Contact | View-Only Recipients | The Get-Contact cmdlet returns no mail-related properties for mail contacts. Use the Get-MailContact to view mail-related properties for mail contacts. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ContentMalwareMdoAggregateReport | View-Only Recipients | |
Get-ContentMalwareMdoDetailReport | View-Only Recipients | |
Get-DetailZapReport | View-Only Recipients | |
Get-DeviceComplianceDetailsReport | View-Only Recipients | |
Get-DeviceComplianceDetailsReportFilter | View-Only Recipients | |
Get-DeviceCompliancePolicyInventory | View-Only Recipients | |
Get-DeviceComplianceReportDate | View-Only Recipients | |
Get-DeviceComplianceSummaryReport | View-Only Recipients | |
Get-DeviceComplianceUserInventory | View-Only Recipients | |
Get-DeviceComplianceUserReport | View-Only Recipients | |
Get-DistributionGroup | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DistributionGroupMember | View-Only Recipients | If your organization has multiple Active Directory domains, you may need to run the Set-ADServerSettings cmdlet with the ViewEntireForest parameter set to $true before running the Get-DistributionGroupMember cmdlet to view the entire forest. For more information, see Example 2. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DlpDetailReport | View-Only Recipients | The Get-DlpDetailReport cmdlet returns detailed information about specific DLP rule matches for the last 7 days. Although the cmdlet accepts date ranges older than 7 days, only information about the last 7 days are returned. The properties returned include: - Date - Title - Location - Severity - Size - Source - Actor - DLPPolicy - UserAction - Justification - SensitiveInformationType - SensitiveInformationCount - SensitiveInformationConfidence - EventType - Action - ObjectId - Recipients - AttachmentNames To see DLP detection data that's aggregated per day, use the Get-DlpDetectionsReport (https://docs.microsoft.com/powershell/module/exchange/get-dlpdetectionsreport)cmdlet. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DlpDetectionsReport | View-Only Recipients | The Get-DlpDetectionsReport cmdlet returns general DLP detection data that's aggregated per day. The properties returned include: - Date - DLP Policy - DLP Compliance Rule - Event Type - Source - Message Count To see all of these columns (width issues), write the output to a file. For example, `Get-DlpDetectionsReport |
Get-DlpIncidentDetailReport | View-Only Recipients | |
Get-DlpSiDetectionsReport | View-Only Recipients | For the reporting period you specify, the cmdlet returns the following information: - Organization - Date - SensitiveType: The GUID value of the DLP sensitive information type. To match the GUID value to the name of the sensitive information type, replace <GUID> with the GUID value and run this command: Get-DlpSensitiveInformationType -Identity <GUID> . - DocumentCount: The number of documents that contain the detected sensitive information type. - ProtectionStatus: Values are Unprotected (the sensitive information type is not defined in any DLP policy) or Protected (the sensitive information type is defined in a DLP policy). - DlpComplianceRuleIds: The GUID value of the DLP compliance rule that detected the sensitive information type (for ProtectionStatus values of Protected). To match the GUID value to the name of the DLP compliance rule, replace <GUID> with the GUID value and run this command: Get-DlpComplianceRule -Identity <GUID> . You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
Get-DynamicDistributionGroup | View-Only Recipients | A dynamic distribution group queries mail-enabled objects and builds the group membership based on the results. The group membership is recalculated whenever an email message is sent to the group. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-DynamicDistributionGroupMember | View-Only Recipients | |
Get-EligibleDistributionGroupForMigration | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-EvaluationModeReport | View-Only Recipients | |
Get-EvaluationModeReportSeries | View-Only Recipients | |
Get-EventsFromEmailConfiguration | View-Only Recipients | Note : The following output properties have been deprecated: EventReservationProcessingLevel, FoodEstablishmentReservationProcessingLevel, InvoiceProcessingLevel, and ServiceReservationProcessingLevel. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-FfoMigrationReport | View-Only Recipients | |
Get-Group | View-Only Recipients | The Get-Group cmdlet returns no mail-related properties for distribution groups or mail-enabled security groups, and no role group-related properties for role groups. To view the object-specific properties for a group, you need to use the corresponding cmdlet based on the object type (for example, Get-DistributionGroup or Get-RoleGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-HistoricalSearch | View-Only Recipients | A historical search provides message trace and report details in a comma-separated value (CSV) file for messages that are less than 90 days old. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-InboxRule | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). Note : This cmdlet doesn't work for members of View-Only Organization Management role group in Exchange Online or the Global Reader role in Azure Active Directory. |
Get-InformationBarrierReportDetails | View-Only Recipients | |
Get-InformationBarrierReportSummary | View-Only Recipients | |
Get-LinkedUser | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-LogonStatistics | View-Only Recipients | |
Get-Mailbox | View-Only Recipients | When you use the Get-Mailbox cmdlet in on-premises Exchange environments to view the quota settings for a mailbox, you first need to check the value of the UseDatabaseQuotaDefaults property. The value True means per-mailbox quota settings are ignored, and you need to use the Get-MailboxDatabase cmdlet to see the actual values. If the UseDatabaseQuotaDefaults property is False, the per-mailbox quota settings are used, so what you see with the Get-Mailbox cmdlet are the actual quota values for the mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxAnalysisRequest | View-Only Recipients | |
Get-MailboxAnalysisRequestStatistics | View-Only Recipients | |
Get-MailboxAutoReplyConfiguration | View-Only Recipients | You can use the Get-MailboxAutoReplyConfiguration cmdlet to retrieve all the mailboxes enabled for Automatic Replies. When run, the cmdlet returns Automatic Replies settings for the specified mailbox that include the following: - Mailbox identity value - Whether Automatic Replies is enabled, scheduled, or disabled for the mailbox - Start and end date, time during which Automatic Replies will be sent - Whether external senders receive Automatic Replies (none, known senders, or all) - Automatic Replies message to be sent to internal and external senders You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxCalendarConfiguration | View-Only Recipients | The Get-MailboxCalendarConfiguration cmdlet returns settings for the calendar of the specified mailbox, including the following: - Workdays: Days that appear in the calendar as work days in Outlook on the web - WorkingHoursStartTime: Time that the calendar work day starts - WorkingHoursEndTime: Time that the calendar work day ends - WorkingHoursTimeZone: Time zone set on the mailbox for the working hours start and end times - WeekStartDay: First day of the calendar work week - ShowWeekNumbers: Number for each week ranging from 1 through 52 for the calendar while in month view in Outlook on the web - TimeIncrement: Increments in minutes in which the calendar displays time in Outlook on the web - RemindersEnabled: Whether Outlook on the web provides a visual cue when a calendar reminder is due - ReminderSoundEnabled: Whether a sound is played when a calendar reminder is due - DefaultReminderTime: Length of time before each meeting or appointment that the calendar in Outlook on the web shows the reminder To see all of the settings returned, pipeline the command to the Format-List command. To view a code sample, see "Example 1." You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxCalendarFolder | View-Only Recipients | The Get-MailboxCalendarFolder cmdlet retrieves information for the specified calendar folder. This information includes the calendar folder name, whether the folder is currently published or shared, the start and end range of calendar days published, the level of details published for the calendar, whether the published URL of the calendar can be searched on the web and the published URL for the calendar. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxFolderPermission | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxFolderStatistics | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). A mailbox can have hidden items that are never visible to the user and are only used by applications. The Get-MailboxFolderStatistics cmdlet can return hidden items for the following values: FolderSize, FolderAndSubfolderSize, ItemsInFolder and ItemsInFolderAndSubfolders. The Get-MailboxFolderStatistics cmdlet shouldn't be confused with the Get-MailboxStatistics cmdlet. |
Get-MailboxIRMAccess | View-Only Recipients | |
Get-MailboxJunkEmailConfiguration | View-Only Recipients | The junk email settings on the mailbox are: - Enable or disable the junk email rule: The junk email rule (a hidden Inbox rule named Junk E-mail Rule) controls the delivery of messages to the Junk Email folder or the Inbox based on the SCL Junk Email Folder threshold (for the organization or the mailbox) and the safelist collection on the mailbox. Users can enable or disable the junk email rule in their own mailbox by using Outlook on the web. - Configure the safelist collection: The safelist collection is the Safe Senders list, the Safe Recipients list, and the Blocked Senders list. Users can configure the safelist collection on their own mailbox by using Microsoft Outlook or Outlook on the web. Administrators can enable or disable the junk email rule, and configure the safelist collection on a mailbox by using the Set-MailboxJunkEmailConfiguration cmdlet. For more information, see Configure Exchange antispam settings on mailboxes (https://docs.microsoft.com/Exchange/antispam-and-antimalware/antispam-protection/configure-antispam-settings). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxLocation | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxMessageConfiguration | View-Only Recipients | The Get-MailboxMessageConfiguration cmdlet shows Outlook on the web settings for the specified mailbox. These settings are not used in Microsoft Outlook, Microsoft Exchange ActiveSync, or other email clients. These settings are applied in Outlook on the web only. Settings that contain the word Mobile are applied in Microsoft Outlook on the web for devices only. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxOverrideConfiguration | View-Only Recipients | |
Get-MailboxPermission | View-Only Recipients | The output of this cmdlet shows the following information: - Identity: The mailbox in question. - User: The security principal (user, security group, Exchange management role group, etc.) that has permission to the mailbox. - AccessRights: The permission that the security principal has on the mailbox. The available values are ChangeOwner (change the owner of the mailbox), ChangePermission (change the permissions on the mailbox), DeleteItem (delete the mailbox), ExternalAccount (indicates the account isn't in the same domain), FullAccess (open the mailbox, access its contents, but can't send mail) and ReadPermission (read the permissions on the mailbox). Whether the permissions are allowed or denied is indicated in the Deny column. - IsInherited: Whether the permission is inherited (True) or directly assigned to the mailbox (False). Permissions are inherited from the mailbox database and/or Active Directory. Typically, directly assigned permissions override inherited permissions. - Deny: Whether the permission is allowed (False) or denied (True). Typically, deny permissions override allow permissions. By default, the following permissions are assigned to user mailboxes: - FullAccess and ReadPermission are directly assigned to NT AUTHORITY\SELF. This entry gives a user permission to their own mailbox. - FullAccess is denied to Administrator, Domain Admins, Enterprise Admins and Organization Management. These inherited permissions prevent these users and group members from opening other users' mailboxes. - ChangeOwner, ChangePermission, DeleteItem, and ReadPermission are allowed for Administrator, Domain Admins, Enterprise Admins and Organization Management. Note that these inherited permission entries also appear to allow FullAccess. However, these users and groups do not have FullAccess to the mailbox because the inherited Deny permission entries override the inherited Allow permission entries. - FullAccess is inherited by NT AUTHORITY\SYSTEM and ReadPermission is inherited by NT AUTHORITY\NETWORK. - FullAccess and ReadPermission are inherited by Exchange Servers, ChangeOwner, ChangePermission, DeleteItem, and ReadPermission are inherited by Exchange Trusted Subsystem and ReadPermission is inherited by Managed Availability Servers. By default, other security groups and role groups inherit permissions to mailboxes based on their location (on-premises Exchange or Microsoft 365). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxPlan | View-Only Recipients | A mailbox plan is a template that automatically configures mailbox properties. Mailbox plans correspond to license types, and are applied when you license the user. The availability of a mailbox plan is determined by your selections when you enroll in the service and the age of your organization. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxRegionalConfiguration | View-Only Recipients | To modify the regional settings of a mailbox, use the Set-MailboxRegionalConfiguration (https://docs.microsoft.com/powershell/module/exchange/set-mailboxregionalconfiguration)cmdlet. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxSpellingConfiguration | View-Only Recipients | The Get-MailboxSpellingConfiguration cmdlet is primarily used to populate the spelling checker settings for end users in Outlook on the web. Administrators can also view users' settings by running this cmdlet. The following spelling checker settings are retrieved by the cmdlet for the specified mailbox: - Identity: This setting specifies the mailbox identity. - CheckBeforeSend: This setting specifies whether Outlook on the web checks the spelling of every message when the user clicks Send in the new message form. - DictionaryLanguage: This setting specifies the dictionary language used when the spelling checker checks the spelling in messages. - IgnoreMixedDigits: This setting specifies whether the spelling checker ignores words that contain numbers. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxStatistics | View-Only Recipients | On Mailbox servers only, you can use the Get-MailboxStatistics cmdlet without parameters. In this case, the cmdlet returns the statistics for all mailboxes on all databases on the local server. The Get-MailboxStatistics cmdlet requires at least one of the following parameters to complete successfully: Server, Database or Identity. You can use the Get-MailboxStatistics cmdlet to return detailed move history and a move report for completed move requests to troubleshoot a move request. To view the move history, you must pass this cmdlet as an object. Move histories are retained in the mailbox database and are numbered incrementally and the last executed move request is always numbered 0. For more information, see "Example 7," "Example 8," and "Example 9" in this topic. You can only see move reports and move history for completed move requests. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailboxUserConfiguration | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailContact | View-Only Recipients | The Get-MailContact cmdlet retrieves all attributes of the specified contact. No parameters are required. If the cmdlet is run without a parameter, a complete list of contacts for the Exchange organization is returned. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailDetailATPReport | View-Only Recipients | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For the reporting period you specify, the cmdlet returns the following information: - Date - Message ID - Message Trace ID - Domain - Subject - Message Size - Direction - Sender Address - Recipient Address - Event Type - Action - File Name - Malware Name This cmdlet is limited to 10,000 results. If you reach this limit, you can use the available parameters to filter the output. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailDetailEncryptionReport | View-Only Recipients | |
Get-MailDetailEvaluationModeReport | View-Only Recipients | |
Get-MailDetailTransportRuleReport | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailFilterListReport | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailFlowStatusReport | View-Only Recipients | This cmdlet returns the following information: - Date - Direction - Event Type - Count You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailPublicFolder | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailTrafficATPReport | View-Only Recipients | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For the reporting period you specify, the cmdlet returns the following information: - Domain - Date - Event Type - Direction - Action - SubType - Policy Source - Verdict Source - Delivery Status - Message Count To see all of these columns (width issues), write the output to a file. For example, `Get-MailTrafficATPReport |
Get-MailTrafficEncryptionReport | View-Only Recipients | |
Get-MailTrafficPolicyReport | View-Only Recipients | For the reporting period you specify, the cmdlet returns the following information: - Domain - Date - DLP Policy - Transport Rule - Event Type - Direction - Message Count You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailTrafficSummaryReport | View-Only Recipients | This cmdlet has C1, C2 and C3 as header names and the meaning of them depends on the category you choose. Next you can see an explanation about each category: - InboundTransportRuleHits and OutboundTransportRuleHits: C1 is the transport rule name, C2 the audit level and C3 the hits. - TopSpamRecipient, TopMailSender, TopMailRecipient and TopMalwareRecipient: C1 is the recipient or sender and C2 the quantity of email messages. - TopMalware: C1 is the malware name and C2 the quantity of appearances. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MailUser | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTrace | View-Only Recipients | You can use this cmdlet to search message data for the last 10 days. If you run this cmdlet without any parameters, only data from the last 48 hours is returned. If you enter a start date that is older than 10 days, you will receive an error and the command will return no results. To search for message data that is greater than 10 days old, use the Start-HistoricalSearch and Get-HistoricalSearch cmdlets. This cmdlet returns a maximum of 1000000 results, and will timeout on very large queries. If your query returns too many results, consider splitting it up using smaller StartDate and EndDate intervals. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceCopilot | View-Only Recipients | |
Get-MessageTraceDetail | View-Only Recipients | You can use this cmdlet to search message data for the last 10 days. If you enter a time period that's older than 10 days, you will receive an error and the command will return no results. To search for message data that is greater than 10 days old, use the Start-HistoricalSearch and Get-HistoricalSearch cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MessageTraceDetailV2 | View-Only Recipients | |
Get-MessageTraceV2 | View-Only Recipients | |
Get-MessageTrackingReport | View-Only Recipients | |
Get-MigrationBatch | View-Only Recipients | The Get-MigrationBatch cmdlet displays status information about the current migration batch. This information includes the following information: - Status of the migration batch - Total number of mailboxes being migrated - Number of successfully completed migrations - Migration errors - Date and time when the migration was started and completed. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). Note : In the cloud-based service, if you don't use the TimeZone parameter in the New-MigrationBatch command, the default time zone for the migration batch is UTC. The CompleteAfter and CompleteAfterUTC properties will contain the same value (as will the StartAfter and StartAfterUTC properties). When you create the migration batch in the Exchange admin center (EAC), the time zone that's used is based on your regional configuration. |
Get-MigrationConfig | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MigrationEndpoint | View-Only Recipients | The Get-MigrationEndpoint cmdlet retrieves settings for different types of migration: - Cross-forest move: Move mailboxes between two different on-premises Exchange forests. Cross-forest moves require the use of a RemoteMove endpoint. - Remote move: In a hybrid deployment, a remote move involves onboarding or offboarding migrations. Remote moves require the use of a RemoteMove endpoint. Onboarding moves mailboxes from an on-premises Exchange organization to Exchange Online, and uses a RemoteMove endpoint as the source endpoint of the migration batch. Offboarding moves mailboxes from Exchange Online to an on-premises Exchange organization and uses a RemoteMove endpoint as the target endpoint of the migration batch. - Cutover Exchange migration: Migrate all mailboxes in an on-premises Exchange organization to Exchange Online. Cutover Exchange migration requires the use of an Exchange endpoint. - Staged Exchange migration: Migrate a subset of mailboxes from an on-premises Exchange organization to Exchange Online. Staged Exchange migration requires the use of an Exchange endpoint. - IMAP migration: Migrate mailbox data from an on-premises Exchange organization or other email system to Exchange Online. For an IMAP migration, you must first create the cloud-based mailboxes before you migrate mailbox data. IMAP migrations require the use of an IMAP endpoint. - Local: Move mailboxes between different servers or databases within a single on-premises Exchange forest. Local moves don't require the use of an endpoint. For more information about the different move and migration scenarios, see: - Mailbox moves in Exchange Server (https://docs.microsoft.com/Exchange/recipients/mailbox-moves)- Manage on-premises mailbox moves in Exchange Server (https://docs.microsoft.com/Exchange/architecture/mailbox-servers/manage-mailbox-moves)You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MigrationStatistics | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MigrationUser | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MigrationUserStatistics | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MobileDevice | View-Only Recipients | The Get-MobileDevice cmdlet returns identification, configuration, and status information for each mobile device. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MobileDeviceDashboardSummaryReport | View-Only Recipients | |
Get-MobileDeviceMailboxPolicy | View-Only Recipients | A Mobile Device mailbox policy is a group of settings that specifies how mobile devices connect Exchange. Exchange supports multiple mobile device mailbox policies. The Get-MobileDeviceMailboxPolicy cmdlet displays all the policy settings for the specified policy. These settings include password settings, file access settings and attachment settings. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MobileDeviceStatistics | View-Only Recipients | The Get-MobileDeviceStatistics cmdlet returns a list of statistics about each mobile device. Additionally, it allows you to retrieve logs and send those logs to a recipient for troubleshooting purposes. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MoveRequest | View-Only Recipients | The search criteria for the Get-MoveRequest cmdlet is a Boolean And statement. If you use multiple parameters, it narrows your search and reduces your search results. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MoveRequestStatistics | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MxRecordReport | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-MxRecordsReport | View-Only Recipients | |
Get-OnlineMeetingConfiguration | View-Only Recipients | Exchange Online maintains a per-user cache of Skype for Business Online meeting information that's updated every 24 hours. The Get-OnlineMeetingConfiguration cmdlet provides the following information about the Skype Meetings configuration and the Skype for Business Online meeting information for the user: - IsAutoOnlineMeetingEnabled: Indicates if Skype Meetings is enabled for the mailbox. - OnlineMeetingInfo: Skype for Business Online meeting coordinates. - LastSyncTime: The last time Exchange Online successfully synchronized meeting coordinates from Skype for Business Online. - LastSuccessfulSyncTime: The last time Exchange Online successfully cleaned the cached of used Skype for Business Online meeting coordinates. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OnPremServerExemptionQuota | View-Only Recipients | |
Get-OnPremServerReportInfo | View-Only Recipients | |
Get-OrganizationalUnit | View-Only Recipients | The Get-OrganizationalUnit cmdlet is used by the Exchange admin center to populate fields that display OU information. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-OutboundConnectorReport | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PendingDelicenseUser | View-Only Recipients | |
Get-Place | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PublicFolder | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PublicFolderClientPermission | View-Only Recipients | To view the permissions that are available on public folders, see Public folder permissions for Exchange Server (https://support.microsoft.com/help/2573274). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PublicFolderItemStatistics | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PublicFolderMailboxDiagnostics | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PublicFolderMailboxMigrationRequest | View-Only Recipients | The Get-PublicFolderMailboxMigrationRequest cmdlet displays the following properties by default. - Name: The name assigned by the system to a specific mailbox migration job. - TargetMailbox: The mailbox being migrated. - Status: The current status of the job. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PublicFolderMailboxMigrationRequestStatistics | View-Only Recipients | The Get-PublicFolderMailboxMigrationRequestStatistics cmdlet displays the following properties by default. - Name: The name assigned by the system to a specific mailbox migration job. - StatusDetail: The current status of the job. - TargetMailbox: The mailbox being migrated. - PercentComplete: The percentage of job completion. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-PublicFolderStatistics | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-QuarantineMessage | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-QuarantineMessageHeader | View-Only Recipients | Standard SMTP message header syntax is described in RFC 5322. This cmdlet displays the message header exactly as it appears in the message. Individual header fields are not unfolded. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-Recipient | View-Only Recipients | The Get-Recipient cmdlet may not return all object-specific properties for a recipient. To view the object-specific properties for a recipient, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox, Get-MailUser, or Get-DistributionGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ReportExecutionInstance | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ReportSchedule | View-Only Recipients | |
Get-ReportScheduleList | View-Only Recipients | |
Get-SafeLinksAggregateReport | View-Only Recipients | Note : If you run Get-SafeLinksAggregateReport without specifying a date range, the command will return an unspecified error. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. For the reporting period you specify, the cmdlet returns the following information: - Action (Allowed, Blocked, ClickedEventBlocked, and ClickedDuringScan) - App - MessageCount - RecipientCount You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SafeLinksDetailReport | View-Only Recipients | Note : If you run Get-SafeLinksDetailReport without specifying a date range, the command will return an unspecified error. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. This cmdlet returns the following information: - ClickTime - InternalMessageId - ClientMessageId - SenderAddress - RecipientAddress - Url - UrlDomain - Action - AppName - SourceId - Organization - DetectedBy (Safe Links in Microsoft Defender for Office 365) - UrlType (currently empty) - Flags (0: Allowed 1: Blocked 2: ClickedEvenBlocked 3: ClickedDuringScan) You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SCInsights | View-Only Recipients | This cmdlet returns the following output: - Organization: The Microsoft 365 domain. - Date: The date of the even in Coordinated Universal Time (UTC). - InsightType - InsightSubType: The value All or Archive. - UsersCount: An integer count, or the size in megabytes for the InsightType value. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-ScopeEntities | View-Only Recipients | |
Get-SensitivityLabelActivityDetailsReport | View-Only Recipients | |
Get-SensitivityLabelActivityReport | View-Only Recipients | |
Get-ServiceDeliveryReport | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SpoofMailReport | View-Only Recipients | The spoof mail report is a feature in Defender for Office 36 that you can use to query information about insider spoofing detections in the last 30 days. For the reporting period you specify, the Get-SpoofMailReport cmdlet returns the following information: - Date: Date the message was sent. - Event Type: Typically, this value is SpoofMail. - Direction: This value is Inbound. - Domain: The sender domain. This corresponds to one of your organization's accepted domains. - Action: Typically, this value is GoodMail or CaughtAsSpam. - Spoofed Sender: The spoofed email address or domain in your organization from which the messages appear to be coming. - True Sender: The organizational domain of the PTR record, or pointer record, of the sending IP address, also known as the reverse DNS address. If the sending IP address does not have a PTR record, this field will be blank and the Sender IP column will be filled in. Both columns will not be filled in at the same time. - Sender IP: The IP address or address range of the source messaging server. If the sending IP address does have a PTR record, this field will be blank and the True Sender column will be filled in. Both columns will not be filled in at the same time. - Count: The number of spoofed messages that were sent to your organization from the source messaging server during the specified time period. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SweepRule | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-SyncRequest | View-Only Recipients | |
Get-SyncRequestStatistics | View-Only Recipients | |
Get-TenantExemptionInfo | View-Only Recipients | |
Get-TenantExemptionQuota | View-Only Recipients | |
Get-TenantExemptionQuotaEligibility | View-Only Recipients | |
Get-TenantRecipientLimitInfo | View-Only Recipients | |
Get-TenantScanRequestStatistics | View-Only Recipients | |
Get-UnifiedAuditSetting | View-Only Recipients | |
Get-UnifiedGroup | View-Only Recipients | Microsoft 365 Groups are group objects that are available across Microsoft 365 services. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-UnifiedGroupLinks | View-Only Recipients | Microsoft 365 Groups are group objects that are available across Microsoft 365 services. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Get-User | View-Only Recipients | The Get-User cmdlet returns no mail-related properties for mailboxes or mail users. To view the mail-related properties for a user, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox or Get-MailUser). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
New-TenantExemptionInfo | View-Only Recipients | |
New-TenantExemptionQuota | View-Only Recipients | |
Remove-PublicFolderMailboxMigrationRequest | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Reset-EventsFromEmailBlockStatus | View-Only Recipients | |
Search-MessageTrackingReport | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-EventsFromEmailConfiguration | View-Only Recipients | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Set-ReportSchedule | View-Only Recipients | |
Set-UnifiedAuditSetting | View-Only Recipients | |
Start-AuditAssistant | View-Only Recipients | |
Start-HistoricalSearch | View-Only Recipients | A historical search provides message trace and report details in a comma-separated value (CSV) file for messages that are aged between 1-4 hours (depending on your environment) and 90 days old. There is a limit of 250 historical searches that you can submit in a 24 hour period; you'll be warned if you're nearing the daily quota. Cancelled searches count against the daily quota. Also, in each CSV file there is a limit of 50000 results or lines. If you specify a distribution group, all messages might not be returned in the results. To ensure that all messages are returned, specify the individual recipient. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Stop-HistoricalSearch | View-Only Recipients | A historical search provides message trace and report details in a comma-separated value (CSV) file for messages that are less than 90 days old. After you start a historical search by using the Start-HistoricalSearch cmdlet, the search is queued, but not actually running. While the search is queued and has the status value of NotStarted, you can use the Stop-HistoricalSearch cmdlet to stop it. After the search is actively running, and has a status value of InProgress, you can't stop it. When you stop a historical search, it's given a status value of Cancelled. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
Test-DatabaseEvent | View-Only Recipients | |
Test-MailboxAssistant | View-Only Recipients | |
Troubleshoot-AgendaMail | View-Only Recipients |