Security Reader
Type: Admin role
Membership in this role group is synchronized across services and managed centrally. This role group is not manageable through the administrator portals. Members of this role group may include cross-service administrators, as well as external partner groups and Microsoft Support. By default, this group may not be assigned any roles. However, it will be a member of the Security Reader role groups and will inherit the capabilities of that role group.
| RoleGroup | Role | Role Description |
|---|---|---|
| Security Reader | Security Reader | Allows viewing configuration and reports for Security features. |
| Cmdlet | Role | Cmdlet Description |
|---|---|---|
| Get-AggregateZapReport | Security Reader | |
| Get-AntiPhishPolicy | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-AntiPhishRule | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-ArcConfig | Security Reader | |
| Get-ATPBuiltInProtectionRule | Security Reader | |
| Get-ATPEvaluationRule | Security Reader | |
| Get-AtpPolicyForO365 | Security Reader | Safe Links protection for Office 365 apps checks links in Office documents, not links in email messages. For more information, see Safe Links settings for Office 365 apps (https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-links#safe-links-settings-for-office-365-apps). Safe Documents scans documents and files that are opened in Protected View. For more information, see Safe Documents in Microsoft 365 E5 (https://docs.microsoft.com/microsoft-365/security/office-365-security/safe-docs). Safe Attachments for SharePoint, OneDrive, and Microsoft Teams prevents users from opening and downloading files that are identified as malicious. For more information, see Safe Attachments for SharePoint, OneDrive, and Microsoft Teams (https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-ATPProtectionPolicyRule | Security Reader | |
| Get-ATPTotalTrafficReport | Security Reader | For the reporting period and organization you specify, the cmdlet returns the following information: - EventType - Organization - Date - MessageCount - StartDate - EndDate - AggregateBy - Index By default, the command returns data for the last 14 days. Data for the last 90 days is available. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-BlockedConnector | Security Reader | |
| Get-BlockedSenderAddress | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-CompliancePolicyFileSyncNotification | Security Reader | |
| Get-CompromisedUserAggregateReport | Security Reader | This cmdlet returns the following information: - Date - UserCount - Action You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-CompromisedUserDetailReport | Security Reader | This cmdlet returns the following information: - Date - UserCount - Action You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-ConfigAnalyzerPolicyRecommendation | Security Reader | |
| Get-ContentMalwareMdoAggregateReport | Security Reader | |
| Get-ContentMalwareMdoDetailReport | Security Reader | |
| Get-CustomDlpEmailTemplates | Security Reader | |
| Get-CustomizedUserSubmission | Security Reader | |
| Get-DataClassificationConfig | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-DetailZapReport | Security Reader | |
| Get-DkimSigningConfig | Security Reader | DKIM in Microsoft 365 is an email authentication method that uses a public key infrastructure (PKI), message headers and CNAME records in DNS to authenticate the message sender, which is stamped in the DKIM-Signature header field. DKIM helps prevent forged sender email addresses (also known as spoofing) by verifying that the domain in the From address matches the domain in the DKIM-Signature header field. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-DlpDetailReport | Security Reader | The Get-DlpDetailReport cmdlet returns detailed information about specific DLP rule matches for the last 7 days. Although the cmdlet accepts date ranges older than 7 days, only information about the last 7 days are returned. The properties returned include: - Date - Title - Location - Severity - Size - Source - Actor - DLPPolicy - UserAction - Justification - SensitiveInformationType - SensitiveInformationCount - SensitiveInformationConfidence - EventType - Action - ObjectId - Recipients - AttachmentNames To see DLP detection data that's aggregated per day, use the Get-DlpDetectionsReport (https://docs.microsoft.com/powershell/module/exchange/get-dlpdetectionsreport)cmdlet. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-DlpDetectionsReport | Security Reader | The Get-DlpDetectionsReport cmdlet returns general DLP detection data that's aggregated per day. The properties returned include: - Date - DLP Policy - DLP Compliance Rule - Event Type - Source - Message Count To see all of these columns (width issues), write the output to a file. For example, `Get-DlpDetectionsReport |
| Get-DlpIncidentDetailReport | Security Reader | |
| Get-DlpKeywordDictionary | Security Reader | You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
| Get-DlpSensitiveInformationTypeConfig | Security Reader | |
| Get-DlpSensitiveInformationTypeRulePackage | Security Reader | Sensitive information type rule packages are used by DLP to detect sensitive content. The default sensitive information type rule package is named Microsoft Rule Package. You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center (https://docs.microsoft.com/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center). |
| Get-DnssecStatusForVerifiedDomain | Security Reader | |
| Get-EmailTenantSettings | Security Reader | |
| Get-EOPProtectionPolicyRule | Security Reader | |
| Get-EtrLimits | Security Reader | |
| Get-EvaluationModeReport | Security Reader | |
| Get-EvaluationModeReportSeries | Security Reader | |
| Get-ExoPhishSimOverrideRule | Security Reader | |
| Get-ExoSecOpsOverrideRule | Security Reader | |
| Get-HistoricalSearch | Security Reader | A historical search provides message trace and report details in a comma-separated value (CSV) file for messages that are less than 90 days old. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-HostedConnectionFilterPolicy | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-HostedContentFilterPolicy | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-HostedContentFilterRule | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-HostedOutboundSpamFilterPolicy | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-HostedOutboundSpamFilterRule | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-InformationBarrierReportDetails | Security Reader | |
| Get-InformationBarrierReportSummary | Security Reader | |
| Get-IPv6StatusForAcceptedDomain | Security Reader | |
| Get-JitConfiguration | Security Reader | |
| Get-MailDetailATPReport | Security Reader | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For the reporting period you specify, the cmdlet returns the following information: - Date - Message ID - Message Trace ID - Domain - Subject - Message Size - Direction - Sender Address - Recipient Address - Event Type - Action - File Name - Malware Name This cmdlet is limited to 10,000 results. If you reach this limit, you can use the available parameters to filter the output. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MailDetailEncryptionReport | Security Reader | |
| Get-MailDetailEvaluationModeReport | Security Reader | |
| Get-MailDetailTransportRuleReport | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MailFilterListReport | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MailFlowStatusReport | Security Reader | This cmdlet returns the following information: - Date - Direction - Event Type - Count You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MailTrafficATPReport | Security Reader | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For the reporting period you specify, the cmdlet returns the following information: - Domain - Date - Event Type - Direction - Action - SubType - Policy Source - Verdict Source - Delivery Status - Message Count To see all of these columns (width issues), write the output to a file. For example, `Get-MailTrafficATPReport |
| Get-MailTrafficEncryptionReport | Security Reader | |
| Get-MailTrafficPolicyReport | Security Reader | For the reporting period you specify, the cmdlet returns the following information: - Domain - Date - DLP Policy - Transport Rule - Event Type - Direction - Message Count You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MailTrafficSummaryReport | Security Reader | This cmdlet has C1, C2 and C3 as header names and the meaning of them depends on the category you choose. Next you can see an explanation about each category: - InboundTransportRuleHits and OutboundTransportRuleHits: C1 is the transport rule name, C2 the audit level and C3 the hits. - TopSpamRecipient, TopMailSender, TopMailRecipient and TopMalwareRecipient: C1 is the recipient or sender and C2 the quantity of email messages. - TopMalware: C1 is the malware name and C2 the quantity of appearances. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MalwareFilterPolicy | Security Reader | Malware filter policies contain the malware settings and a list of domains to which those settings apply. A domain can't belong to more than one malware filter policy. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MalwareFilterRule | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MessageTrace | Security Reader | You can use this cmdlet to search message data for the last 10 days. If you run this cmdlet without any parameters, only data from the last 48 hours is returned. If you enter a start date that is older than 10 days, you will receive an error and the command will return no results. To search for message data that is greater than 10 days old, use the Start-HistoricalSearch and Get-HistoricalSearch cmdlets. This cmdlet returns a maximum of 1000000 results, and will timeout on very large queries. If your query returns too many results, consider splitting it up using smaller StartDate and EndDate intervals. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MessageTraceDetail | Security Reader | You can use this cmdlet to search message data for the last 10 days. If you enter a time period that's older than 10 days, you will receive an error and the command will return no results. To search for message data that is greater than 10 days old, use the Start-HistoricalSearch and Get-HistoricalSearch cmdlets. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MessageTraceDetailV2 | Security Reader | |
| Get-MessageTraceV2 | Security Reader | |
| Get-OMEConfiguration | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-OMEMessageStatus | Security Reader | If encryption for the message was successfully revoked, the command will return the message: The encrypted email with the subject "<subject>" and Message ID "<messageId>" was successfully revoked. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-PerimeterMessageTrace | Security Reader | |
| Get-PhishSimOverridePolicy | Security Reader | |
| Get-PolicyConfig | Security Reader | |
| Get-QuarantineMessage | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-QuarantineMessageHeader | Security Reader | Standard SMTP message header syntax is described in RFC 5322. This cmdlet displays the message header exactly as it appears in the message. Individual header fields are not unfolded. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-QuarantinePolicy | Security Reader | |
| Get-Recipient | Security Reader | The Get-Recipient cmdlet may not return all object-specific properties for a recipient. To view the object-specific properties for a recipient, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox, Get-MailUser, or Get-DistributionGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-ReportExecutionInstance | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-ReportSchedule | Security Reader | |
| Get-ReportScheduleList | Security Reader | |
| Get-ReportSubmissionPolicy | Security Reader | |
| Get-ReportSubmissionRule | Security Reader | |
| Get-RMSTemplate | Security Reader | The Get-RMSTemplate cmdlet doesn't return any active rights policy templates if internal licensing isn't enabled. Use the Get-IRMConfiguration cmdlet to check the InternalLicensingEnabled parameter. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-SafeAttachmentPolicy | Security Reader | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see Safe Attachments in Defender for Office 365 (https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-SafeAttachmentRule | Security Reader | Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see Safe Attachments in Defender for Office 365 (https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-SafeLinksAggregateReport | Security Reader | Note : If you run Get-SafeLinksAggregateReport without specifying a date range, the command will return an unspecified error. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. For the reporting period you specify, the cmdlet returns the following information: - Action (Allowed, Blocked, ClickedEventBlocked, and ClickedDuringScan) - App - MessageCount - RecipientCount You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-SafeLinksDetailReport | Security Reader | Note : If you run Get-SafeLinksDetailReport without specifying a date range, the command will return an unspecified error. Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. This cmdlet returns the following information: - ClickTime - InternalMessageId - ClientMessageId - SenderAddress - RecipientAddress - Url - UrlDomain - Action - AppName - SourceId - Organization - DetectedBy (Safe Links in Microsoft Defender for Office 365) - UrlType (currently empty) - Flags (0: Allowed 1: Blocked 2: ClickedEvenBlocked 3: ClickedDuringScan) You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-SafeLinksPolicy | Security Reader | Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-SafeLinksRule | Security Reader | Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-ScopeEntities | Security Reader | |
| Get-SecOpsOverridePolicy | Security Reader | |
| Get-SensitivityLabelActivityDetailsReport | Security Reader | |
| Get-SensitivityLabelActivityReport | Security Reader | |
| Get-SmtpDaneInboundStatus | Security Reader | |
| Get-SpoofIntelligenceInsight | Security Reader | |
| Get-SpoofMailReport | Security Reader | The spoof mail report is a feature in Defender for Office 36 that you can use to query information about insider spoofing detections in the last 30 days. For the reporting period you specify, the Get-SpoofMailReport cmdlet returns the following information: - Date: Date the message was sent. - Event Type: Typically, this value is SpoofMail. - Direction: This value is Inbound. - Domain: The sender domain. This corresponds to one of your organization's accepted domains. - Action: Typically, this value is GoodMail or CaughtAsSpam. - Spoofed Sender: The spoofed email address or domain in your organization from which the messages appear to be coming. - True Sender: The organizational domain of the PTR record, or pointer record, of the sending IP address, also known as the reverse DNS address. If the sending IP address does not have a PTR record, this field will be blank and the Sender IP column will be filled in. Both columns will not be filled in at the same time. - Sender IP: The IP address or address range of the source messaging server. If the sending IP address does have a PTR record, this field will be blank and the True Sender column will be filled in. Both columns will not be filled in at the same time. - Count: The number of spoofed messages that were sent to your organization from the source messaging server during the specified time period. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-TeamsProtectionPolicy | Security Reader | |
| Get-TeamsProtectionPolicyRule | Security Reader | |
| Get-TenantAllowBlockListItems | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-TenantAllowBlockListSpoofItems | Security Reader | |
| Get-TenantExemptionInfo | Security Reader | |
| Get-TenantExemptionQuota | Security Reader | |
| Get-TenantExemptionQuotaEligibility | Security Reader | |
| Get-TenantRecipientLimitInfo | Security Reader | |
| Get-TransportRule | Security Reader | On Mailbox servers, this cmdlet returns all rules in the Exchange organization that are stored in Active Directory. On an Edge Transport server, this cmdlet only returns rules that are configured on the local server. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-User | Security Reader | The Get-User cmdlet returns no mail-related properties for mailboxes or mail users. To view the mail-related properties for a user, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox or Get-MailUser). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| New-TenantExemptionInfo | Security Reader | |
| New-TenantExemptionQuota | Security Reader | |
| Preview-QuarantineMessage | Security Reader | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |