Default
Type: N/A
| Cmdlet | Role | Cmdlet Description |
|---|---|---|
| Add-VivaModuleFeaturePolicy | N/A | Use the Add-VivaModuleFeaturePolicy cmdlet to add a new access policy for a specific feature or category in Viva. Support for categories is available in version 3.5.0-Preview2 or later of the module. You need to use the Connect-ExchangeOnline cmdlet to authenticate. This cmdlet requires the .NET Framework 4.7.2 or later. Currently, you need to be a member of the Global Administrators role or the roles that have been assigned at the feature level to run this cmdlet. To learn more about assigned roles at the feature level, see Features Available for Feature Access Management (https://learn.microsoft.com/viva/feature-access-management#features-available-for-feature-access-management). To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |
| Connect-ExchangeOnline | N/A | This cmdlet creates a PowerShell connection to your Exchange Online organization. Connect commands will likely fail if the profile path of the account that you used to connect contains special PowerShell characters (for example, $). The workaround is to connect using a different account that doesnt have special characters in the profile path. |
| Connect-IPPSSession | N/A | For detailed connection instructions, including prerequisites, see Connect to Security & Compliance PowerShell (https://learn.microsoft.com/powershell/exchange/connect-to-scc-powershell). |
| Disconnect-ExchangeOnline | N/A | This cmdlet is the counterpart to the Connect-ExchangeOnline and Connect-IPPSSession cmdlets. This cmdlet disconnects any connections and clears the cache. After a successful disconnect, you cant successfully run any cmdlets for your organization. Disconnect commands will likely fail if the profile path of the account that you used to connect contains special PowerShell characters (for example, $). The workaround is to connect using a different account that doesnt have special characters in the profile path. |
| Get-ConnectionInformation | N/A | The Get-ConnectionInformation cmdlet returns the information about all active REST-based connections with Exchange Online in the current PowerShell instance. This cmdlet is equivalent to the Get-PSSession cmdlet thats used with remote PowerShell sessions. The output of the cmdlet contains the following properties: - ConnectionId: A unique GUID value for the connection. For example, 8b632b3a-a2e2-8ff3-adcd-6d119d07694b. - State: For example, Connected. - Id: An integer that identifies the session in the PowerShell window. The first connection is 1, the second is 2, etc. - Name: A unique name thats based on the PowerShell environment and Id value. For example, ExchangeOnline_1 for Exchange Online PowerShell or ExchangeOnlineProtection_1 for Security & Compliance PowerShell. - UserPrincipalName: The account that was used to connect. For example, laura@contoso.onmicrosoft.com. - ConnectionUri: The connection endpoint that was used. For example, https://outlook.office365.com for Exchange Online PowerShell or https://nam12b.ps.compliance.protection.outlook.com for Security & Compliance PowerShell. - AzureAdAuthorizationEndpointUri : The Microsoft Entra authorization endpoint for the connection. For example, https://login.microsoftonline.com/organizations for Exchange Online PowerShell or https://login.microsoftonline.com/organizations for Security & Compliance PowerShell. - TokenExpiryTimeUTC: When the connection token expires. For example, 9/30/2023 6:42:24 PM +00:00. - CertificateAuthentication: Whether certificate based authentication (also known as CBA or app-only authentication) was used to connect. Values are True or False. - ModuleName: The filename and path of the temporary data for the session. For example, C:\Users\laura\AppData\Local\Temp\tmpEXO_a54z135k.qgv - ModulePrefix: The value specified using the Prefix parameter in the Connect-ExchangeOnline or Connect-IPPSSession command. - Organization: The value specified using the Organization parameter in the Connect-ExchangeOnline or Connect-IPPSSession command for CBA or managed identity connections. - DelegatedOrganization: The value specified using the DelegatedOrganization parameter in the Connect-ExchangeOnline or Connect-IPPSSession command. - AppId: The value specified using the AppId parameter in the Connect-ExchangeOnline or Connect-IPPSSession command for CBA connections. - PageSize: The default maximum number of entries per page in the connection. The default value is 1000, or you can use the PageSize parameter in the Connect-ExchangeOnline command to specify a lower number. Individual cmdlets might also have a PageSize parameter. - TenantID: The tenant ID GUID value. For example, 3750b40b-a68b-4632-9fb3-5b1aff664079. - TokenStatus: For example, Active. - ConnectionUsedForInbuiltCmdlets - IsEopSession: For Exchange Online PowerShell connections, the value is False. For Security & Compliance PowerShell connections, the value is True. |
| Get-DefaultTenantBriefingConfig | N/A | The default Briefing email configuration for the organization affects only new users and existing users who havent already updated their user settings to opt-in or opt-out of the Briefing email. This cmdlet requires the .NET Framework 4.7.2 or later. To run this cmdlet, you need to be a member of one of the following directory role groups in the destination organization: - Global Administrator - Exchange Administrator - Insights Administrator For more information, see Microsoft Entra built-in roles (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference). |
| Get-DefaultTenantMyAnalyticsFeatureConfig | N/A | This cmdlet requires the .NET Framework 4.7.2 or later. To run this cmdlet, you need to be a member of one of the following directory role groups in the destination organization: - Global Administrator - Exchange Administrator - Insights Administrator For more information, see Microsoft Entra built-in roles (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference). |
| Get-EXOCasMailbox | N/A | This cmdlet returns a variety of client access settings for one or more mailboxes. These settings include options for Outlook on the web, Exchange ActiveSync, POP3, and IMAP4. |
| Get-EXOMailbox | N/A | By default, this cmdlet returns a summary list (a minimum set of properties) of all mailboxes in your organization. |
| Get-EXOMailboxFolderPermission | N/A | Use this cmdlet to retrieve folder level permission in the mailbox. |
| Get-EXOMailboxFolderStatistics | N/A | A mailbox can have hidden items that are never visible to the user and are only used by applications. The Get-EXOMailboxFolderStatistics cmdlet can return hidden items for the following values: FolderSize, FolderAndSubfolderSize, ItemsInFolder and ItemsInFolderAndSubfolders. Dont confuse Get-EXOMailboxFolderStatistics cmdlet (folders) with the Get-EXOMailboxStatistics cmdlet (mailboxes). |
| Get-EXOMailboxPermission | N/A | The output of this cmdlet shows the following information: - Identity: The mailbox in question. - User: The security principal (user, security group, Exchange management role group, etc.) that has permission to the mailbox. - AccessRights: The permission that the security principal has on the mailbox. The available values are ChangeOwner (change the owner of the mailbox), ChangePermission (change the permissions on the mailbox), DeleteItem (delete the mailbox), ExternalAccount (indicates the account isnt in the same domain), FullAccess (open the mailbox, access its contents, but cant send mail) and ReadPermission (read the permissions on the mailbox). Whether the permissions are allowed or denied is indicated in the Deny column. - IsInherited: Whether the permission is inherited (True) or directly assigned to the mailbox (False). Permissions are inherited from the mailbox database and/or Active Directory. Typically, directly assigned permissions override inherited permissions. - Deny: Whether the permission is allowed (False) or denied (True). Typically, deny permissions override allow permissions. By default, the following permissions are assigned to user mailboxes: - FullAccess and ReadPermission are directly assigned to NT AUTHORITY\SELF. This entry gives a user permission to their own mailbox. - FullAccess is denied to Administrator, Domain Admins, Enterprise Admins and Organization Management. These inherited permissions prevent these users and group members from opening other users mailboxes. - ChangeOwner, ChangePermission, DeleteItem, and ReadPermission are allowed for Administrator, Domain Admins, Enterprise Admins and Organization Management. Note that these inherited permission entries also appear to allow FullAccess. However, these users and groups do not have FullAccess to the mailbox because the inherited Deny permission entries override the inherited Allow permission entries. - FullAccess is inherited by NT AUTHORITY\SYSTEM and ReadPermission is inherited by NT AUTHORITY\NETWORK. - FullAccess and ReadPermission are inherited by Exchange Servers, ChangeOwner, ChangePermission, DeleteItem, and ReadPermission are inherited by Exchange Trusted Subsystem and ReadPermission is inherited by Managed Availability Servers. By default, other security groups and role groups inherit permissions to mailboxes based on their location (on-premises Exchange or Microsoft 365). |
| Get-EXOMailboxStatistics | N/A | You can use the detailed move history and a move report output from this cmdlet to troubleshoot a move request. To view the move history, you must pass this cmdlet as an object. Move histories are retained in the mailbox database, are numbered incrementally, and the last run move request is always numbered 0. You can only see move reports and move history for completed move requests. |
| Get-EXOMobileDeviceStatistics | N/A | This cmdlet returns a list of statistics about each mobile device. Additionally, it allows you to retrieve logs and send those logs to a recipient for troubleshooting purposes. |
| Get-EXORecipient | N/A | Get-EXORecipient cmdlet can be used to view existing recipient objects in your organization. This cmdlet returns all mail-enabled objects (for example, mailboxes, mail users, mail contacts, and distribution groups). |
| Get-EXORecipientPermission | N/A | This cmdlet is used to view/manage information about SendAs permissions that are configured for users in a cloud-based organization. Send As permission allows delegates to use the mailbox to send messages. After this permission is assigned to a delegate, any message that the delegate sends from the mailbox will appear to have been sent by the mailbox owner. However, this permission doesnt allow a delegate to sign in to the users mailbox. It only allows users to open the mailbox. If this permission is assigned to a group, a message sent by the delegate will appear to have been sent by the group. |
| Get-MyAnalyticsFeatureConfig | N/A | This cmdlet requires the .NET Framework 4.7.2 or later. To run this cmdlet, you need to be a member of one of the following directory role groups in the destination organization: - Global Administrator - Exchange Administrator - Insights Administrator To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |
| Get-UserBriefingConfig | N/A | This cmdlet requires the .NET Framework 4.7.2 or later. To run this cmdlet, you need to be a member of one of the following directory role groups in the destination organization: - Global Administrator - Exchange Administrator - Insights Administrator To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |
| Get-VivaFeatureCategory | N/A | Use the Get-VivaFeatureCategory cmdlet to view the categories in Viva that support feature access controls. You need to use the Connect-ExchangeOnline cmdlet to authenticate. This cmdlet requires the .NET Framework 4.7.2 or later. |
| Get-VivaInsightsSettings | N/A | This cmdlet requires the .NET Framework 4.7.2 or later. To run this cmdlet, you need to be a member of one of the following directory role groups in the destination organization: - Global Administrator - Exchange Administrator - Teams Administrator To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |
| Get-VivaModuleFeature | N/A | Use the Get-VivaModuleFeature cmdlet to view the features in a Viva module that support feature access controls. You can view all features in a particular Viva module that support feature access controls. To view a specific feature, you can include the FeatureId parameter. You need to use the Connect-ExchangeOnline cmdlet to authenticate. This cmdlet requires the .NET Framework 4.7.2 or later. |
| Get-VivaModuleFeatureEnablement | N/A | Use the Get-VivaModuleFeatureEnablement cmdlet to view whether or not a feature in a Viva module is enabled for a specific user or group. You need to use the Connect-ExchangeOnline cmdlet to authenticate. This cmdlet requires the .NET Framework 4.7.2 or later. Currently, you need to be a member of the Global administrators role to run this cmdlet. To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |
| Get-VivaModuleFeaturePolicy | N/A | Use the Get-VivaModuleFeaturePolicy cmdlet to view the access policies for a specified feature in a Viva module or a category in Viva. Support for categories is available in version 3.5.0-Preview2 or later of the module. You can view all policies for a specified feature in a Viva module or a category in Viva. To view a specific policy, you can include the PolicyId parameter. You need to use the Connect-ExchangeOnline cmdlet to authenticate. This cmdlet requires the .NET Framework 4.7.2 or later. Currently, you need to be a member of the Global administrators role or the roles that have been assigned at the feature level to run this cmdlet. To learn more about assigned roles at the feature level, see Features Available for Feature Access Management (https://learn.microsoft.com/viva/feature-access-management#features-available-for-feature-access-management). To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |
| Remove-VivaModuleFeaturePolicy | N/A | Use the Remove-VivaModuleFeaturePolicy cmdlet to delete an access policy for a feature in a Viva module or a category in Viva. Support for categories is available in version 3.5.0-Preview2 or later of the module. You need to use the Connect-ExchangeOnline cmdlet to authenticate. This cmdlet requires the .NET Framework 4.7.2 or later. Currently, you need to be a member of the Global administrators role or the roles that have been assigned at the feature level to run this cmdlet. To learn more about assigned roles at the feature level, see Features Available for Feature Access Management (https://learn.microsoft.com/viva/feature-access-management#features-available-for-feature-access-management). To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |
| Set-DefaultTenantBriefingConfig | N/A | This cmdlet requires the .NET Framework 4.7.2 or later. To run this cmdlet, you need to be a member of one of the following directory role groups in the destination organization: - Global Administrator - Exchange Administrator - Insights Administrator For more information, see Microsoft Entra built-in roles (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference). |
| Set-DefaultTenantMyAnalyticsFeatureConfig | N/A | This cmdlet requires the .NET Framework 4.7.2 or later. To run this cmdlet, you need to be a member of one of the following directory role groups in the destination organization: - Global Administrator - Exchange Administrator - Insights Administrator For more information, see Microsoft Entra built-in roles (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference). |
| Set-MyAnalyticsFeatureConfig | N/A | This cmdlet requires the .NET Framework 4.7.2 or later. To run this cmdlet, you need to be a member of one of the following directory role groups in the destination organization: - Global Administrator - Exchange Administrator - Insights Administrator To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |
| Set-UserBriefingConfig | N/A | This cmdlet requires the .NET Framework 4.7.2 or later. To run this cmdlet, you need to be a member of one of the following directory role groups in the destination organization: - Global Administrator - Exchange Administrator - Insights Administrator To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |
| Set-VivaInsightsSettings | N/A | This cmdlet requires the .NET Framework 4.7.2 or later. To run this cmdlet, you need to be a member of one of the following directory role groups in the destination organization: - Global Administrator - Exchange Administrator - Teams Administrator To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |
| Update-VivaModuleFeaturePolicy | N/A | Use the Update-VivaModuleFeaturePolicy cmdlet to update an access policy for a feature in a Viva module or a category in Viva. Support for categories is available in version 3.5.0-Preview2 or later of the module. This cmdlet updates the attributes of the policy that you specify. These attributes include: - The policy name (Name parameter). - Whether or not the policy enables the feature (IsFeatureEnabled parameter) or the category (IsCategoryEnabled parameter). - Whether or not the policy enables user controls (IsUserControlEnabled parameter, only applicable to a feature policy). - Who the policy applies to (the UserIds and GroupIds parameters or the Everyone parameter). You can update these attributes independently of each other. For example, if you specify the Name parameter but not the IsFeatureEnabled/IsCategoryEnabled parameter, the name of the policy is updated but whether or not the policy enables the feature/category remains unchanged. Important : Values that you specify for the UserIds and/or GroupIds parameters or the Everyone parameter overwrite any existing users or groups. To preserve the existing users and groups, you need to specify those existing users or groups and any additional users or groups that you want to add. Not including existing users or groups in the command effectively removes those specific users or groups from the policy. For more information, see the examples. You need to use the Connect-ExchangeOnline cmdlet to authenticate. This cmdlet requires the .NET Framework 4.7.2 or later. Currently, you need to be a member of the Global administrators role or the roles that have been assigned at the feature level to run this cmdlet. To learn more about assigned roles at the feature level, see Features Available for Feature Access Management (https://learn.microsoft.com/viva/feature-access-management#features-available-for-feature-access-management). To learn more about administrator role permissions in Microsoft Entra ID, see Role template IDs (https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#role-template-ids). |