| Attribute |
Type |
Description |
| isDefault |
boolean |
True if this is the default sharing policy. |
| name |
string |
Name of the sharing policy. |
| sharingEnabled |
boolean |
The "enabled" setting from the PowerShell command. If "False", no calendar sharing is allowed with users outside of the O365 organization. |
| domains |
list |
List of domains and what kind of calendar details can be shared with them. |
| domain |
string |
Possible values are "*" (represents users outside of the o365 organization who have an o365 account), "Anonymous" (represents users outside of the o365 organization who do not have an o365 account). |
| sharingAllowedDetails |
string |
Possible values are "CalendarSharingFreeBusySimple" (share free/busy hours only), "CalendarSharingFreeBusyDetail" (share free/busy hours, subject, and location), "CalendarSharingFreeBusyReviewer" (share free/busy hours, subject, location, and the body of the message or calendar item), "ContactsSharing" (share contacts only). |
| Attribute |
Type |
Description |
| id |
string |
Specifies the identifier of a conditionalAccessPolicy object. |
| state |
string |
Specifies the state of the conditionalAccessPolicy object. Possible values are "enabled", "disabled", "enabledForReportingButNotEnforced". |
| conditions |
sequence |
Specifies the rules that must be met for the policy to apply. |
| clientAppTypes |
list |
Client application types included in the policy. Possible values are "all", "browser", "mobileAppsAndDesktopClients", "exchangeActiveSync", "easSupported", "other". |
| users |
sequence |
Users, groups, and roles included in and excluded from the policy. |
| includeUsers |
list |
A list of user IDs in the scope of the policy (unless the user ID explicitly excluded, i.e. the user ID is in the "excludeUsers" list), or one of "None", "All", or "GuestsOrExternalUsers", . |
| excludeUsers |
list |
A list of user IDs excluded from the scope of the policy and/or "GuestsOrExternalUsers". |
| includeGroups |
list |
A list of group IDs in the scope of the policy (unless the group ID is explicitly excluded, i.e. the group ID is in the "excludeGroups" list), or "All". |
| excludeGroups |
list |
Group IDs excluded from scope of policy. |
| includeRoles |
list |
A list of role IDs in scope of policy (unless explicitly excluded, i.e. the role ID is in the "excludeRoles" list), or "All". |
| excludeRoles |
list |
Role IDs excluded from scope of policy. |
| grantControls |
sequence |
Specifies the grant controls that must be fulfilled to pass the policy. |
| builtInControls |
list |
List of values of built-in controls required by the policy. Possible values are "block", "mfa", "compliantDevice", "domainJoinedDevice", "approvedApplication", "compliantApplication", "passwordChange". |
| Attribute |
Type |
Description |
| id |
string |
The ID of the compliance policy. |
| odatatype |
string |
To distinguish between different platforms (Android, iOS). |
| passwordPreviousPasswordBlockCount |
number |
Prevent reuse of previous passwords. |
| passcodePreviousPasscodeBlockCount |
number |
For iOS to prevent reuse of previous passwords. |
| passwordPreviousPasswordCountToBlock |
number |
Prevent reuse of previous passwords. |
| passwordExpirationDays |
number |
Password expiration in days. "null" if no expiration. |
| passcodeExpirationDays |
number |
Passcode expiration in days. "null" if no expiration. (iOS) |
| passwordMinimumLength |
number |
Minimum length of the password. |
| passcodeMinimumLength |
number |
Minimum length of the password. (iOS) |
| passwordRequiredType |
string |
The password type (e.g. alphanumeric). |
| passcodeRequiredType |
string |
The password type (e.g. alphanumeric). (iOS) |
| passwordBlockSimple |
boolean |
Block simple passwords. |
| passcodeBlockSimple |
boolean |
Block simple passwords. (iOS) |
| passwordRequired |
boolean |
Require the use of a password. |
| passcodeRequired |
boolean |
Require the use of a password. (iOS) |
| storageRequireDeviceEncryption |
boolean |
Indicates whether or not to require device encryption. |
| passcodeSignInFailureCountBeforeWipe |
number |
Number of failed authentication attempts before a device is wiped. (iOS) |
| passwordSignInFailureCountBeforeFactoryReset |
number |
Number of failed authentication attempts before a device is wiped. (Windows 8) |
| passwordMinutesOfInactivityBeforeScreenTimeout |
number |
Minutes of inactivity before the screen times out. |
| passwordMinutesOfInactivityBeforeLock |
number |
Minutes of inactivity before the screen locks. (macOS) |
| passcodeMinutesOfInactivityBeforeScreenTimeout |
number |
Minutes of inactivity before the screen times out. |
| passcodeMinutesOfInactivityBeforeLock |
number |
Minutes of inactivity before the screen locks. (iOS) |
| passwordRequireWhenResumeFromIdleState |
boolean |
Require the user to provide a password when the device is resumed from idle status. |
| Attribute |
Type |
Description |
| id |
string |
The unique identifier for this domain. (e.g. "dev-o365.yourcompany.com" or "yourcompany.onmicrosoft.com") |
| spfRecordPublished |
boolean |
To get this value, use `nslookup -type=txt domain.com` and ensure that a value exists that contains `include:spf.protection.outlook.com.` Set this to "true" if the record is valid and existing. |
| DMARCRecordPublished |
boolean |
To get this value, use `nslookup -type=txt _dmarc.` and Ensure that a policy exists that starts with `v=DMARC1;`. Set this to "true" if the record is valid and existing. |
| DomainName |
string |
SMTP domain for which the server sends and receives email. |
| DomainType |
string |
Identifies the type of domain for which the Exchange server sends and receives email. |
| AddressBookEnabled |
boolean |
Value that indicates whether to enable recipient filtering for this accepted domain. |
| AuthenticationType |
string |
Indicates how email addresses in the domain are authenticated. |
| Default |
boolean |
Value that indicates whether the domain is the default domain for the Exchange server. |
| EnableNego2Authentication |
boolean |
Value that indicates whether the domain will use Negotiated2 authentication. |
| InitialDomain |
boolean |
Value that indicates whether the domain is the initial domain for new accounts. |
| IsCoexistenceDomain |
boolean |
Value that indicates whether the domain is a coexistence domain. |
| IsDefaultFederatedDomain |
boolean |
Value that indicates whether the domain is the default domain for federation requests. |
| OutboundOnly |
boolean |
Value that indicates whether the domain is used for outbound email only. |
| PendingFederatedAccountNamespace |
boolean |
Value that indicates whether the domain is pending a federation account request. |
| PendingFederatedDomain |
boolean |
Value that indicates whether the domain is pending a domain federation request. |
| PendingRemoval |
boolean |
Value that indicates whether the domain is in the process of being removed. |
| PerimeterDuplicateDetected |
boolean |
Value that indicates whether the domain is duplicated. |
| Attribute |
Type |
Description |
| OAuth2ClientProfileEnabled |
boolean |
Whether OAuth 2.0 is enabled. |
| MailTipsAllTipsEnabled |
boolean |
True if mail tips are enabled. |
| MailTipsExternalRecipientsTipsEnabled |
boolean |
True if external recipient mail tips are enabled. |
| MailTipsGroupMetricsEnabled |
boolean |
True if mail tips group metrics are enabled. |
| MailTipsLargeAudienceThreshold |
number |
This setting defines a "large audience" in your tenant. If an email is about to be sent to a large audience, a mail tip will be shown to alert the user. |
| userMailboxAuditEnabled |
boolean |
If true, mailbox auditing is enabled for all user mailboxes. |
| nonUserMailboxAuditEnabled |
boolean |
If true, all non-user mailboxes have audit enabled. Otherwise, at least 1 non-user mailbox has auditing disabled. You can get this information from PowerShell using the command `Get-Mailbox -Filter 'AuditEnabled -eq $false -and RecipientTypeDetails -ne "UserMailbox" -and RecipientTypeDetails -ne "SharedMailbox"' -ResultSize 1 | Select-Object Id, Name, AuditEnabled` |
| DefaultMailboxRegion |
string |
The default mailbox region of the organization. Example value - "nam" |
| OrganizationId |
string |
The identifier for the Exchange organization. |
| AllowToAddGuests |
boolean |
If true, group owners will be allowed to add people outside of the organization to Microsoft365 Groups as guests. |
| GuestsEnabled |
boolean |
If true, guest group members will be able to access group content. |
| BookingsEnabled |
boolean |
If true, the entire origanization will be able to use Microsoft Bookings. |
| Attribute |
Type |
Description |
| Identity |
string |
The id of the TransportRule |
| Name |
string |
The name of the Mail Transport Rule. |
| State |
string |
The state of the TransportRule. For example, "Enabled" |
| RedirectMessageTo |
string |
An email address that this MailTransportRule will auto-forward emails to. |
| SetScl |
number |
Spam Confidence Level. -1 = Bypass spam filters. 0-4 = perform normal spam filtering. 5-6 = mark as spam. 7-9 = mark as high confidence spam. See https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages?view=o365-worldwide for more info. |
| SenderDomainIs |
list |
The sender domain that is being checked in this Mail Transport Rule. |
| Priority |
number |
The priority level of the Transport Rule that determines the order of rule processing. 0 is the highest priority. |
| SentToScope |
string |
The "sent to scope" condition being checked in this Transport Rule. Possible values are "InOrganization", "NotInOrganization", "ExternalPartner" and "ExternalNonPartner". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more details. |
| FromScope |
string |
The "from scope" condition being checked in this Transport Rule. Possible values are "InOrganization" "NotInOrganization". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more details. |
| MessageTypeMatches |
string |
Specifies a condition that looks for messages of a specified type. Possible values are "OOF", "AutoForward", "Encrypted", "Calendaring", "PermissionControlled", Voicemail", "Signed", "ApprovalRequest", and "ReadReceipt". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more information. |
| RejectMessageEnhancedStatusCode |
string |
Specifies the enhanced status code that's used when the rule rejects messages. See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more information. |
| RejectMessageReasonText |
string |
Specifies the explanation text that's used when a TransportRule rejects a message. |
| Attribute |
Type |
Description |
| id |
string |
Unique ID of the MalwareFilterPolicy |
| Id |
string |
ID of the MalwareFilterPolicy |
| Name |
string |
Name of the MalwareFilterPolicy |
| EnableFileFilter |
boolean |
The Common Attachment Types Filter lets a user block known and custom malicious file types from being attached to emails. This setting is set to "True" if the "Common Attachment Types" filter is enabled. |
| EnableInternalSenderAdminNotifications |
boolean |
If true, an admin will receive an email notification if an internal user is detected sending malware. |
| InternalSenderAdminAddress |
string |
The email address of the admin who will receive notifications when an internal user is detected sending malware. |
| ZapEnabled |
boolean |
If true, zero-hour auto purge (ZAP) is enabled for this anti-malware policy. ZAP will quarantine messages that contain malware attachments. |
| IsValid |
boolean |
The validity for the MalwareFilterPolicy |
| Action |
string |
This parameter describes what actions to take if a message contains malwares. Availavle options are DeleteMessage, DeleteAttachmentAndUseDefaultAlert, and DeleteAttachmentAndUseCustomAlert. |
| Attribute |
Type |
Description |
| id |
string |
Combination of azureTenantId_createdDateTime. |
| azureTenantId |
string |
GUID string for tenant ID. |
| createdDateTime |
string |
The date when the entity is created. |
| maxScore |
number |
Tenant maximum possible score on specified date. |
| currentScore |
number |
Tenant current attained score on specified date. |
| controlScores |
list |
Contains tenant scores for a set of controls. |
| controlName |
string |
Unique name for the control. |
| controlCategory |
string |
Control action category (Identity, Data, Device, Apps, Infrastructure). |
| score |
number |
Tenant achieved score for the control (it varies day by day depending on tenant operations on the control). |
| description |
string |
Description of the control. |
| isEnforced |
boolean |
Whether this control score is enforced or not. |
| IsApplicable |
boolean |
Whether this control score is applicable or not. |
| implementationStatus |
string |
Description of current status, e.g. "You currently have 4 global admins". |
| lastSynced |
string |
The datetime when last synced in ISO 8601 format. |
| scoreInPercentage |
number |
The current score as a percentage. |
| total |
number |
None |
| count |
number |
None |
| on |
boolean |
Indicate whether the policy is turned on. |
| reviewed |
number |
Unix timestamp. |
| Attribute |
Type |
Description |
| legacyAuthProtocolsEnabled |
boolean |
If False, basic authentication and other legacy authentication mechanisms are not allowed for this SharePoint tenant. |
| disallowInfectedFileDownload |
boolean |
If True, files that ATP has detected as infected will not be allowed to be downloaded via SharePoint. |
| preventExternalUsersFromResharing |
boolean |
If True, external users will not be able to share files and folders unless they were the original owner of the resource. |
| sharingDomainRestrictionMode |
number |
The sharing domain restriction being used. 0 = None, 1 = "AllowList", 2 = "BlockList". See https://docs.microsoft.com/en-us/dotnet/api/microsoft.sharepoint.client.sharing.sharingdomainrestrictionmode?view=sharepoint-csom |
| sharingAllowedDomainList |
list |
List of domains that resources are allowed to be shared with, if "sharingDomainRestrictionMode" = 1 (AllowList) |
| sharingBlockedDomainList |
list |
List of domains that resources will not be allowed to be shared with, if "sharingDomainRestrictionMode" = 2 (BlockList) |
| isUnmanagedSyncClientForTenantRestricted |
boolean |
If True, file syncing for OneDrive / SharePoint will only be allowed on PCs joined to specific domains. (See property "allowedDomainListForSyncClient") |
| allowedDomainListForSyncClient |
list |
The list of allowed domains if "isUnManagedSyncClientForTenantRestricted" is set to True. |
| blockMacSync |
boolean |
If True, MacOS devices cannot sync files from OneDrive / SharePoint. |
| requireAnonymousLinksExpireInDays |
number |
The number of days before an anonymous sharing link for a file expires. A value of -1 indicates no expiry. |
| requireAcceptingAccountMatchInvitedAccount |
boolean |
If true, external users must accept sharing invitations using the same account that the invitations were sent to. |
| displayNamesOfFileViewers |
boolean |
If true, file owners can see the names of people who viewed their files in OneDrive. |
| displayNamesOfFileViewersInSpo |
boolean |
If true, file owners can see the names of people who viewed their files in SharePoint. |
| allowLimitedAccessOnUnmanagedDevices |
boolean |
If true, unmanaged devices will only be allowed limited, web-only access to SharePoint. Note only one of the allowLimitedAccessOnUnmanagedDevices and blockAccessOnUnmanagedDevices settings can be true at the same time. If both settings are false, then all devices, unmanaged or not, will have full access to SharePoint. |
| blockAccessOnUnmanagedDevices |
boolean |
If true, unmanaged devices will not be allowed access to SharePoint. Note only one of the allowLimitedAccessOnUnmanagedDevices and blockAccessOnUnmanagedDevices settings can be true at the same time. If both settings are false, then all devices, unmanaged or not, will have full access to SharePoint. |
| notifyOwnersWhenItemsReshared |
boolean |
If true, OneDrive owners will receive a notification when other users invite additional external users to shared files. |
| notifyOwnersWhenInvitationsAccepted |
boolean |
If true, OneDrive owners will receive a notification when external users accept invitations to access files. |
| ownerAnonymousNotification |
boolean |
If true, OneDrive owners will receive a notification when an anonymous link is created or changed. |
| displayStartASiteOption |
boolean |
If false, the site creation command will be hidden in SharePoint. |
| excludedFileExtensionsForSyncClient |
list |
The list of excluded file extensions when syncing OneDrive files. |
| orphanedPersonalSitesRetentionPeriod |
number |
Specifies the number of days after a user's Active Directory account is deleted that their OneDrive for Business content will be deleted. |
| Attribute |
Type |
Description |
| AllowBasicAuthActiveSync |
boolean |
Whether to allow Basic authentication with Exchange Active Sync. |
| AllowBasicAuthAutodiscover |
boolean |
Whether to allow Basic authentication with Autodiscover. |
| AllowBasicAuthImap |
boolean |
Whether to allow Basic authentication with IMAP. |
| AllowBasicAuthMapi |
boolean |
Whether to allow Basic authentication with MAPI. |
| AllowBasicAuthOfflineAddressBook |
boolean |
Whether to allow Basic authentication with Offline Address Books. |
| AllowBasicAuthOutlookService |
boolean |
Whether to allow Basic authentication with the Outlook service. |
| AllowBasicAuthPop |
boolean |
Whether to allow Basic authentication with POP. |
| AllowBasicAuthPowershell |
boolean |
Whether to allow Basic authentication with PowerShell. |
| AllowBasicAuthReportingWebServices |
boolean |
Whether to allow Basic authentication with reporting web services. |
| AllowBasicAuthRest |
boolean |
Whether to allow Basic authentication with REST API. |
| AllowBasicAuthRpc |
boolean |
Whether to allow Basic authentication with RPC. |
| AllowBasicAuthSmtp |
boolean |
Whether to allow Basic authentication with SMTP. |
| AllowBasicAuthWebServices |
boolean |
whether to allow Basic authentication with Exchange Web Services (EWS). |
| Attribute |
Type |
Description |
| id |
string |
The unique identifier for the user. |
| userPrincipalName |
string |
The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization. |
| mail |
string |
The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com. |
| displayName |
string |
The name displayed in the address book for the user. |
| givenName |
string |
The first name of the user. |
| surname |
string |
The last name of the user. |
| passwordPolicies |
string |
A string representing password policies applied to this specific user. If the value is empty, or "None", then this user does not have any special password policy settings and follows the default password policies set for the Azure tenant. Possible values for this field include "DisableStrongPassword", "DisablePasswordExpiration", or a combination of these two (e.g "DisableStrongPassword, DisablePasswordExpiration"). |
| Attribute |
Type |
Description |
| id |
string |
The ID of the OAuth2PermissionGrant. |
| clientId |
string |
The ID of the client service principal for the application which is authorized to act on behalf of a signed-in user when accessing an API. Corresponds to the 'objectId' field inside the Azure 'Enterprise applications' page. |
| consentType |
string |
Indicates if authorization is granted for the client application to impersonate all users or only a specific user. 'AllPrincipals' indicates authorization to impersonate all users. 'Principal' indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Non-admin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. |
| principalId |
string |
The ID of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is 'AllPrincipals' this value is null. Required when consentType is 'Principal'. |
| resourceId |
string |
The ID of the resource service principal to which access is authorized. This identifies the API which the client is authorized to attempt to call on behalf of a signed-in user. |
| scope |
string |
A space-separated list of the claim values for delegated permissions which should be included in access tokens for the resource application (the API). For example, 'openid User.Read GroupMember.Read.All'. Each claim value should match the value field of one of the delegated permissions defined by the API, listed in the publishedPermissionScopes property of the resource service principal. |
| Attribute |
Type |
Description |
| Identity |
string |
The id of this InboundConnector. |
| Enabled |
boolean |
Whether this InboundConnector is enabled or not. |
| ConnectorType |
string |
The type of connector. Can be "Partner" or "OnPremises". |
| SenderIPAddresses |
list |
The SenderIPAddresses parameter specifies the source IPV4 IP addresses that the connector accepts messages from. |
| SenderDomains |
list |
The SenderDomains parameter specifies the source domains that the connector accepts messages for. |
| AssociatedAcceptedDomains |
list |
The AssociatedAcceptedDomains parameter restricts the source domains that use the connector to the specified accepted domains. A valid value is an SMTP domain that is configured as an accepted domain in your Microsoft 365 organization. |
| RequireTls |
boolean |
Whether or not TLS is required. |
| RestrictDomainsToIPAddresses |
boolean |
The RestrictDomainsToIPAddresses parameter specifies whether to reject mail that comes from unknown source IP addresses. |
| RestrictDomainsToCertificate |
boolean |
The RestrictDomainsToCertificate parameter specifies whether the Subject value of the TLS certificate is checked before messages can use the connector. |
| CloudServicesMailEnabled |
boolean |
The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft 365. |
| TreatMessagesAsInternal |
boolean |
The TreatMessagesAsInternal parameter specifies an alternative method to identify messages sent from an on-premises organization as internal messages. You should only consider using this parameter when your on-premises organization does not use Exchange. |
| TlsSenderCertificateName |
string |
The TlsSenderCertificateName parameter specifies the TLS certificate that is used when the value of the RequireTls parameter is $true. |
| EFSkipLastIP |
boolean |
The EFSkipIPs parameter specifies the behavior of Enhanced Filtering for Connectors. |
| EFSkipIPs |
list |
The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false. |
| EFUsers |
list |
The EFUsers parameter specifies the recipients that Enhanced Filtering for Connectors applies to. The default value is blank ($null), which means Enhanced Filtering for Connectors is applied to all recipients. You can specify multiple recipient email addresses separated by commas. |
| IsValid |
boolean |
Whether this InboundConnector is valid or not. |
| Name |
string |
Name of the inbound connector |
| Attribute |
Type |
Description |
| Identity |
string |
The id of this OutboundConnector. |
| Enabled |
boolean |
Whether this OutboundConnector is enabled or not. |
| ConnectorType |
string |
The type of connector. Can be "Partner" or "OnPremises". |
| UseMXRecord |
boolean |
The UseMXRecord parameter enables or disables DNS routing for the connector. |
| RecipientDomains |
list |
The RecipientDomains parameter specifies the domains that the Outbound connector routes mail to. You can specify multiple domains separated by commas. |
| SmartHosts |
list |
The SmartHosts parameter specifies the smart host that the Outbound connector uses to route mail. |
| TlsDomain |
string |
The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can not embed a wildcard character, as shown in the following example: domain.*.contoso.com |
| TlsSettings |
string |
The TlsSettings parameter specifies the TLS authentication level that is used for outbound TLS connections established by this Outbound connector. |
| IsTransportRuleScoped |
boolean |
The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule). |
| RouteAllMessagesViaOnPremises |
boolean |
The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system in hybrid organizations. |
| CloudServicesMailEnabled |
boolean |
The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. |
| AllAcceptedDomains |
boolean |
The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization. |
| SenderRewritingEnabled |
boolean |
The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for traffic to on-premises. This parameter is only effective for OnPremises connectors as Partner connectors already have SRS rewriting enabled. |
| TestMode |
boolean |
The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector. |
| ValidationRecipients |
list |
The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector. |
| IsValidated |
boolean |
The IsValidated parameter specifies whether the Outbound connector has been validated. |
| IsValid |
boolean |
Whether or not this OutboundConnector is valid. |
| Attribute |
Type |
Description |
| id |
string |
The id of the named location. |
| odatatype |
string |
To distinguish between different types of named locations. Value can be #microsoft.graph.countryNamedLocation or #microsoft.graph.ipNamedLocation. |
| displayName |
string |
The display name of the named location. |
| countriesAndRegions |
list |
List of countries and/or regions in two-letter format specified by ISO 3166-2. |
| includeUnknownCountriesAndRegions |
boolean |
true if IP addresses that don't map to a country or region should be included in the named location. |
| countryLookupMethod |
string |
Determines what method is used to decide which country the user is located in. Possible values are clientIpAddress(default) and authenticatorAppGps. |
| isTrusted |
boolean |
true if this location is explicitly trusted. |
| ipRanges |
list |
List of IP address ranges in IPv4 CIDR format (e.g. 1.2.3.4/32) or any allowable IPv6 format from IETF RFC596. |
| odatatype |
string |
Used to distinguish between different types of ip ranges. Possible values are #microsoft.graph.iPv4CidrRange and #microsoft.graph.iPv6CidrRange. |
| cidrAddress |
string |
IPv4 or IPv6 address in CIDR notation. |
| Attribute |
Type |
Description |
| id |
string |
Unique ID of the HostedContentFilterPolicy |
| Id |
string |
ID of the HostedContentFilterPolicy |
| Identity |
string |
The identifier for this policy. |
| Name |
string |
The name for the HostedContentFilterPolicy. |
| BulkThreshold |
number |
The BulkThreshold parameter specifies the BCL on messages that triggers the action specified by the BulkSpamAction parameter (greater than the specified BCL value, not greater than or equal to). A valid value is an integer from 1 to 9. The default value is 7, which means a BCL of 8 or 9 on messages will trigger the action that's specified by the BulkSpamAction parameter. A higher BCL indicates the message is more likely to generate complaints (and is therefore more likely to be spam). |
| MarkAsSpamNdrBackscatter |
string |
The MarkAsSpamNdrBackscatter parameter marks a message as spam when the message is a non-delivery report (also known as an NDR or bounce messages) sent to a forged sender (known as backscatter). Valid values are: Off: The setting is disabled. This is the default value. On: The setting is enabled. Backscatter is given the SCL 9 (high confidence spam), and the X-header X-CustomSpam: Backscatter NDR is added to the message. |
| InlineSafetyTipsEnabled |
boolean |
The InlineSafetyTipsEnabled parameter specifies whether to enable or disable safety tips that are shown to recipients in messages. |
| PhishSpamAction |
string |
The PhishSpamAction parameter specifies the action to take on messages that are marked as phishing (not high confidence phishing). Phishing messages use fraudulent links or spoofed domains to get personal information. Valid values are: AddXHeader: Add the AddXHeaderValue parameter value to the message header and deliver the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. ModifySubject: Add the ModifySubject parameter value to the beginning of the subject line, deliver the message, and move the message to the Junk Email folder (same caveats as MoveToJmf). MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. The message is moved only if the junk email rule is enabled on the mailbox (it's enabled by default). Quarantine: Move the message to the quarantine. This is the default value. The quarantined message is available to the intended recipients (as of April, 2020) and admins. Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter. |
| HighConfidencePhishAction |
string |
The HighConfidencePhishAction parameter specifies the action to take on messages that are marked as high confidence phishing (not phishing). Phishing messages use fraudulent links or spoofed domains to get personal information. Valid values are: MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. The message is moved only if the junk email rule is enabled on the mailbox (it's enabled by default). Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter. Quarantine: Move the message to quarantine. By default, messages that are quarantined as high confidence phishing are available only to admins. Or, you can use the HighConfidencePhishQuarantineTag parameter to specify what end-users are allowed to do on quarantined messages. |
| ZapEnabled |
boolean |
If true, zero-hour auto purge (ZAP) is enabled for this HostedContentFilterPolicy. |
| PhishZapEnabled |
boolean |
The PhishZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect phishing in already delivered messages in Exchange Online mailboxes. |
| SpamZapEnabled |
boolean |
The SpamZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect spam in already delivered messages in Exchange Online mailboxes. |
| IsValid |
boolean |
The validity for the HostedContentFilterPolicy. |
| Attribute |
Type |
Description |
| allowInvitesFrom |
string |
Indicates who can invite external users to the organization. Possible values are: none, adminsAndGuestInviters, adminsGuestInvitersAndAllMembers, everyone. everyone is the default setting for all cloud environments except US Government. |
| guestUserRoleId |
string |
Represents role templateId for the role that should be granted to guest user. Currently following roles are supported: User (a0b1b346-4d3e-4e8b-98f8-753987be4970), Guest User (10dae51f-b6af-4016-8d66-8c2a99b929b3), and Restricted Guest User (2af84b1e-32c8-42b7-82bc-daa82404023b). |
| defaultUserRolePermissions |
sequence |
Default user role permissions for the AAD tenant. |
| allowedToCreateApps |
boolean |
Indicates whether the default user role can create applications. |
| allowedToCreateSecurityGroups |
boolean |
Indicates whether the default user role can create security groups. |
| allowedToReadOtherUsers |
boolean |
Indicates whether the default user role can read other users. |
| Attribute |
Type |
Description |
| id |
string |
The unique identifier for this retention policy. |
| IsDefault |
boolean |
Whether the retention policy is the default retention policy. |
| IsDefaultArbitrationMailbox |
boolean |
Whether default retention policy for arbitration mailboxes in Exchange Online organization |
| Name |
string |
Unique name for the retention policy. |
| Identity |
string |
Specifies the name, distinguished name (DN), or GUID of the retention policy. |
| WhenChangedUTC |
number |
When the retention policy was last changed. |
| WhenCreatedUTC |
number |
When the retention policy was created. |
| RetentionId |
string |
The identity of the retention policy to ensure mailboxes moved from an on-premises Exchange deployment to the cloud continue to have the same retention policy applied to them. |
| IsValid |
boolean |
Whether the retention policy is valid. |
| RetentionPolicyTagLinks |
Reference to RetentionPolicyTag |
Specifies the names of retention policy tags to be associated with this policy. |
| Attribute |
Type |
Description |
| id |
string |
The unique identifier for this retention policy tag. |
| RetentionEnabled |
boolean |
Specifies whether the tag is enabled. When set to False, the tag is disabled, and no retention action is taken on messages that have the tag applied. |
| RetentionAction |
string |
Specifies the action for the retention policy. |
| AgeLimitForRetention |
number |
Specifies the age at which retention is enforced on an item. The age limit corresponds to the number of days from the date the item was delivered, or the date an item was created if it wasn't delivered. |
| Type |
string |
Specifies the type of retention tag being created. |
| IsPrimary |
boolean |
Specifies whether its primary retention policy tag. |
| MessageClass |
string |
Specifies the message type to which the tag applies. If not specified, the default value is set to '*'. |
| RetentionId |
string |
Specifies an alternate tag ID to ensure the retention tag found on mailbox items tagged in one Exchange organization matches the tag when the mailbox is moved to another Exchange organization. |
| Name |
string |
Specifies the name of the retention policy tag. |
| WhenChangedUTC |
number |
Specifies when the retention policy tag was last changed. |
| WhenCreatedUTC |
number |
Specifies when the retention policy tag was created. |
| IsValid |
boolean |
Specifies whether the retention policy tag is valid. |
| Attribute |
Type |
Description |
| id |
string |
The unique identifier for this retention policy. |
| IsDefault |
boolean |
Whether this is the default mobile device mailbox policy |
| AllowNonProvisionableDevices |
boolean |
Whether mobile device mailbox policy allows non provisionable devices |
| Name |
string |
Unique name for the mobile device mailbox policy |
| Identity |
string |
Specifies the name, distinguished name (DN), or GUID of the mobile device mailbox policy. |
| WhenChangedUTC |
number |
When the mobile device mailbox policy was last changed. |
| WhenCreatedUTC |
number |
When the mobile device mailbox policy was created. |
| AlphanumericPasswordRequired |
boolean |
Whether mobile device mailbox policy requires alpha-numeric password. |
| DeviceEncryptionEnabled |
boolean |
Whether the mobile device mailbox policy requires encryption. |
| PasswordEnabled |
boolean |
Whether the mobile device mailbox policy has password enabled. |
| PasswordRecoveryEnabled |
boolean |
Whether the mobile device mailbox policy has password recovery enabled. |
| MaxInactivityTimeLock |
string |
Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked |
| PasswordHistory |
number |
Specifies the number of unique new passwords that need to be created on the mobile device before an old password can be reused. |
