Resource Type
Account
SharePoint
SharepointTenant
Security
SecureScore
Exchange
ClientAccess
OwaMailboxPolicy
Devices
MobileDeviceMailboxPolicy
Organization
OrganizationConfig AuthenticationPolicy
PolicyAndCompliance
TransportRule
EncryptionAndCertificate
SmimeConfig
AntiSpamAntiMalware
MalwareFilterRule HostedContentFilterPolicy DkimSigningConfig HostedContentFilterRule MalwareFilterPolicy HostedOutboundSpamFilterPolicy QuarantinePolicy
DefenderForOffice365
SafeLinksPolicy AntiPhishPolicy SafeAttachmentPolicy AtpPolicyForO365
RoleBasedAccessControl
RoleAssignmentPolicy
SharingAndCollaboration
SharingPolicy OrganizationRelationship
MailFlow
InboundConnector AcceptedDomain OutboundConnector RemoteDomain
PolicyAndComplianceAudit
RetentionPolicyTag AdminAuditLogConfig RetentionPolicy

ATTRIBUTE TYPE REFERS TO DESCRIPTION
IsDefaultFederatedDomain boolean Value that indicates whether the domain is the default domain for federation requests.
DMARCRecordPublished boolean To get this value, use `nslookup -type=txt _dmarc.<domain>` and Ensure that a policy exists that starts with `v=DMARC1;`. Set this to "true" if the record is valid and existing.
AuthenticationType string Indicates how email addresses in the domain are authenticated.
InitialDomain boolean Value that indicates whether the domain is the initial domain for new accounts.
PerimeterDuplicateDetected boolean Value that indicates whether the domain is duplicated.
id string The unique identifier for this domain. (e.g. "dev-o365.yourcompany.com" or "yourcompany.onmicrosoft.com")
IsCoexistenceDomain boolean Value that indicates whether the domain is a coexistence domain.
PendingRemoval boolean Value that indicates whether the domain is in the process of being removed.
PendingFederatedDomain boolean Value that indicates whether the domain is pending a domain federation request.
spfRecordPublished boolean To get this value, use `nslookup -type=txt domain.com` and ensure that a value exists that contains `include:spf.protection.outlook.com.` Set this to "true" if the record is valid and existing.
Default boolean Value that indicates whether the domain is the default domain for the Exchange server.
EnableNego2Authentication boolean Value that indicates whether the domain will use Negotiated2 authentication.
OutboundOnly boolean Value that indicates whether the domain is used for outbound email only.
PendingFederatedAccountNamespace boolean Value that indicates whether the domain is pending a federation account request.
DomainName string SMTP domain for which the server sends and receives email.
DomainType string Identifies the type of domain for which the Exchange server sends and receives email.
AddressBookEnabled boolean Value that indicates whether to enable recipient filtering for this accepted domain.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
IsValid boolean The validity for the AdminAuditLogConfig.
AdminAuditLogMailbox string Description pending.
id string ID of the AdminAuditLogConfig
Name string Name of the AdminAuditLogConfig
LogLevel string Specifies whether additional properties should be included in the log entries. Valid values are None and Verbose.
TestCmdletLoggingEnabled boolean Specifies whether the execution of test cmdlets should be logged. Test cmdlets begin with the verb Test. Valid values are true and false. The default value is false.
Identity string Specifies the name of AdminAuditLog.
UnifiedAuditLogFirstOptInDate number Description pending.
LoadBalancerCount number Description pending.
UnifiedAuditLogIngestionEnabled boolean Indicate whether the audit log search is turned on.
AdminAuditLogExcludedCmdlets list<string> Specifies which cmdlets should be excluded from auditing. Use this parameter if you want to exclude specific cmdlets you don't want to audit even if they match a wildcard string specified in the AdminAuditLogCmdlets parameter.
AdminAuditLogEnabled boolean Indicate whether the audit log is enabled.
AdminAuditLogCmdlets list<string> Specifies which cmdlets should be audited. You can specify one or more cmdlets, separated by commas. You can also use the wildcard character (*) to match multiple cmdlets in one or more of the entries in the cmdlet list. To audit all cmdlets, specify only the wildcard character (*).
AdminAuditLogAgeLimit string Specifies how long each log entry should be kept before it's deleted. The default age limit is 90 days.
AdminAuditLogParameters list<string> Specifies which parameters should be audited on the cmdlets you specified using the AdminAuditLogCmdlets parameter. You can specify one or more parameters, separated by commas. You can also use the wildcard character (*) to match multiple parameters in one or more of the entries in the parameters list. To audit all parameters, specify only the wildcard character (*).
RefreshInterval number Description pending.
PartitionInfo list<string> Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Name string Name of the AntiPhish policy, e.g. "Office365 AntiPhish Default".
TargetedDomainProtectionAction string Specifies the action to take on detected domain impersonation messages. You specify the protected domains in the TargetedDomainsToProtect parameter. Valid values are: NoAction: This is the default value. BccMessage: Add the recipients specified by the TargetedDomainActionRecipients parameter to the Bcc field of the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. Quarantine: Move the message to quarantine. Quarantined high confidence phishing messages are only available to admins. As of April 2020, quarantined phishing messages are available to the intended recipients. Redirect: Redirect the message to the recipients specified by the TargetedDomainActionRecipients parameter.
IsDefault boolean Whether the AntiPhishPolicy is the default policy.
TargetedUsersToProtect list<string> Specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to true.
EnableTargetedDomainsProtection boolean Specifies whether to enable domain impersonation protection for a list of specified domains.
EnableMailboxIntelligenceProtection boolean Specifies whether to enable or disable taking action for impersonation detections from mailbox intelligence results. This parameter is meaningful only if the EnableMailboxIntelligence parameter is set to the value true.
MailboxIntelligenceProtectionAction string Specifies what to do with messages that fail mailbox intelligence protection. Valid values are: NoAction: This is the default value. Note that this value has the same result as setting the EnableMailboxIntelligenceProtection parameter to false when the EnableMailboxIntelligence parameter is true. BccMessage: Add the recipients specified by the MailboxIntelligenceProtectionActionRecipients parameter to the Bcc field of the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. Quarantine: Move the message to quarantine. Quarantined high confidence phishing messages are only available to admins. As of April 2020, quarantined phishing messages are available to the intended recipients. Redirect: Redirect the message to the recipients specified by the MailboxIntelligenceProtectionActionRecipients parameter.
EnableUnusualCharactersSafetyTips boolean Specifies whether to enable the safety tip that's shown to recipients for unusual characters in domain and user impersonation detections.
PhishThresholdLevel number Specifies the tolerance level that's used by machine learning in the handling of phishing messages. Valid values are: 1: Standard: This is the default value. The severity of the action that's taken on the message depends on the degree of confidence that the message is phishing (low, medium, high, or very high confidence). For example, messages that are identified as phishing with a very high degree of confidence have the most severe actions applied, while messages that are identified as phishing with a low degree of confidence have less severe actions applied. 2: Aggressive: Messages that are identified as phishing with a high degree of confidence are treated as if they were identified with a very high degree of confidence. 3: More aggressive: Messages that are identified as phishing with a medium or high degree of confidence are treated as if they were identified with a very high degree of confidence. 4: Most aggressive: Messages that are identified as phishing with a low, medium, or high degree of confidence are treated as if they were identified with a very high degree of confidence.
TargetedUserProtectionAction string Specifies the action to take on detected user impersonation messages. You specify the protected users in the TargetedUsersToProtect parameter. Valid values are: NoAction: This is the default value. BccMessage: Add the recipients specified by the TargetedDomainActionRecipients parameter to the Bcc field of the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. Quarantine: Move the message to quarantine. Quarantined high confidence phishing messages are only available to admins. As of April 2020, quarantined phishing messages are available to the intended recipients. Redirect: Redirect the message to the recipients specified by the TargetedDomainActionRecipients parameter.
AdminDisplayName string Specifies a description for the policy.
EnableUnauthenticatedSender boolean "True" if Unauthenticated Sender Identification is enabled. (https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#unauthenticated-sender)
TargetedDomainActionRecipients list<string> Specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage.
EnableMailboxIntelligence boolean Specifies whether to enable or disable mailbox intelligence, which is artificial intelligence (AI) that determines user email patterns with their frequent contacts. Mailbox intelligence helps distinguish between messages from legitimate and impersonated senders based on a recipient's previous communication history.
EnableSimilarUsersSafetyTips boolean Specifies whether to enable the safety tip that's shown to recipients for user impersonation detections.
DmarcQuarantineAction string Description pending.
IsValid boolean The validity for the AntiPhishPolicy.
id string id of the AntiPhishPolicy.
AuthenticationFailAction string When an incoming email message's sender fails authentication, this setting describes the possible default actions that will take place. Possible values are "MoveToJmf" (Moves the email to the junk folder), "Quarantine" (Moves the email to quarantine).
HonorDmarcPolicy boolean Description pending.
MailboxIntelligenceQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by mailbox intelligence (the MailboxIntelligenceProtectionAction parameter value is Quarantine).
Identity string Specifies the antiphish policy that you want to view.
EnableSpoofIntelligence boolean "True" if "Spoof Intelligence" is enabled.
EnableTargetedUserProtection boolean Specifies whether to enable user impersonation protection for a list of specified users.
TargetedUserActionRecipients list<string> Specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage.
ExcludedSenders list<string> Specifies an exception for impersonation protection that looks for the specified message sender.
EnableSimilarDomainsSafetyTips boolean Specifies whether to enable the safety tip that's shown to recipients for domain impersonation detections.
SpoofQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by spoof intelligence (the AuthenticationFailAction parameter value is Quarantine).
EnableViaTag boolean If "True", the "Via Tag" will be applied to certain email messages. See https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#unauthenticated-sender for more details.
TargetedDomainsToProtect list<string> Specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to true.
TargetedDomainQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by domain impersonation protection (the TargetedDomainProtectionAction parameter value is Quarantine).
EnableOrganizationDomainsProtection boolean Specifies whether to enable domain impersonation protection for all registered domains in the Microsoft 365 organization.
ImpersonationProtectionState string Specifies the configuration of impersonation protection. Valid values are: Automatic: This is the default value in the default policy named Office365 AntiPhish Policy. Manual: This is the default value in custom policies that you create. Off.
DmarcRejectAction string Description pending.
EnableFirstContactSafetyTips boolean Specifies whether to enable or disable the safety tip that's shown when recipients first receive an email from a sender or do not often receive email from a sender.
ExcludedDomains list<string> Specifies an exception for impersonation protection that looks for the specified domains in the message sender.
MailboxIntelligenceProtectionActionRecipients list<string> Specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage.
TargetedUserQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by user impersonation protection (the TargetedUserProtectionAction parameter value is Quarantine).
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
EnableSafeDocs boolean The EnableSafeDocs parameter enables or disables Safe Documents for the entire organization.
AllowSafeDocsOpen boolean The AllowSafeDocsOpen parameter allows or prevents users from leaving Protected View (that is, opening the document) if the document has been identified as malicious.
BlockUrls list<string> Specifies the URLs that are always blocked by Safe Links in email messages and Safe Links for Office 365 apps.
IsValid boolean Whether the Atp policy is valid.
EnableATPForSPOTeamsODB boolean The EnableATPForSPOTeamsODB parameter enables or disables Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowBasicAuthActiveSync boolean Whether to allow Basic authentication with Exchange Active Sync.
AllowBasicAuthAutodiscover boolean Whether to allow Basic authentication with Autodiscover.
AllowBasicAuthPowershell boolean Whether to allow Basic authentication with PowerShell.
AllowBasicAuthRest boolean Whether to allow Basic authentication with REST API.
AllowBasicAuthRpc boolean Whether to allow Basic authentication with RPC.
id string ID of the AuthenticationPolicy
AllowBasicAuthImap boolean Whether to allow Basic authentication with IMAP.
AllowBasicAuthWebServices boolean whether to allow Basic authentication with Exchange Web Services (EWS).
Name string Name of the AuthenticationPolicy
Identity string Specifies the authentication policy you want to modify.
AllowBasicAuthMapi boolean Whether to allow Basic authentication with MAPI.
AllowBasicAuthOfflineAddressBook boolean Whether to allow Basic authentication with Offline Address Books.
AllowBasicAuthOutlookService boolean Whether to allow Basic authentication with the Outlook service.
AllowBasicAuthPop boolean Whether to allow Basic authentication with POP.
IsValid boolean The validity for the AuthenticationPolicy.
AllowBasicAuthReportingWebServices boolean Whether to allow Basic authentication with reporting web services.
AllowBasicAuthSmtp boolean Whether to allow Basic authentication with SMTP.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
id string ID of the DkimSigningConfig
IsValid boolean The validity for the DkimSigningConfig.
BodyCanonicalization string Specifies the canonicalization algorithm that's used to create and verify the message body part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message body in transit. Valid values are: Relaxed: Changes in whitespace and changes in empty lines at the end of the message body are tolerated. This is the default value. Simple: Only changes in empty lines at the end of the message body are tolerated.
Identity string Specifies the DKIM signing policy that you want to view.
IncludeKeyExpiration boolean Description pending.
RotateOnDate number Description pending.
Algorithm string Description pending.
Enabled boolean "True" if DKIM signing is enabled for this tenant, "False" otherwise.
Selector2CNAME string Description pending.
Selector2PublicKey string Description pending.
Selector1CNAME string Description pending.
HeaderCanonicalization string Specifies the canonicalization algorithm that's used to create and verify the message header part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message headers in transit. Valid values are: Relaxed: Common modifications to the message header are tolerated (for example, Header field line rewrapping, changes in unnecessary whitespace or empty lines, and changes in case for header fields). This is the default value. Simple: No changes to the header fields are tolerated.
SelectorBeforeRotateOnDate string Description pending.
SelectorAfterRotateOnDate string Description pending.
Selector1KeySize number Description pending.
Selector2KeySize number Description pending.
Domain string A domain under the current O365 tenant.
Selector1PublicKey string Description pending.
NumberOfBytesToSign string Description pending.
IsDefault boolean Whether the DkimSigningConfig is the default policy.
Status boolean Status of DkimSigningConfig.
IncludeSignatureCreationTime boolean Description pending.
KeyCreationTime number Description pending.
Name string Name of the DkimSigningConfig
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AnyMailTransportRuleRedirectMessageToExternalDomain boolean True if any of the mail transport rules is set up to redirect to any external domains.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
SpamAction string Specifies the action to take on messages that are marked as spam
MarkAsSpamObjectTagsInHtml string Parameter marks a message as spam when the message contains HTML <object> tags.
PhishQuarantineTag string Parameter specifies the quarantine policy that's used on messages that are quarantined as phishing (the PhishSpamAction parameter value is Quarantine).
BlockedSenders list<string> Specifies senders that are always marked as spam sources.
MarkAsSpamFromAddressAuthFail string Marks a message as spam when Sender ID filtering encounters a hard fail.
MarkAsSpamWebBugsInHtml string Marks a message as spam when the message contains web bugs (also known as web beacons).
MarkAsSpamEmbedTagsInHtml string Marks a message as spam when the message contains HTML embed tag.
ZapEnabled boolean If true, zero-hour auto purge (ZAP) is enabled for this HostedContentFilterPolicy.
HighConfidenceSpamAction string Specifies the action to take on messages that are marked as high confidence spam (not spam, bulk email, phishing, or high confidence phishing).
MarkAsSpamSpfRecordHardFail string Parameter marks a message as spam when SPF record checking encounters a hard fail.
IncreaseScoreWithRedirectToOtherPort string Increases the spam score of messages that contain links that redirect to TCP ports other than 80 (HTTP), 8080 (alternate HTTP), or 443 (HTTPS).
BulkSpamAction string Specifies the action to take on messages that are marked as bulk email.
HighConfidencePhishAction string The HighConfidencePhishAction parameter specifies the action to take on messages that are marked as high confidence phishing (not phishing). Phishing messages use fraudulent links or spoofed domains to get personal information. Valid values are: MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. The message is moved only if the junk email rule is enabled on the mailbox (it's enabled by default). Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter. Quarantine: Move the message to quarantine. By default, messages that are quarantined as high confidence phishing are available only to admins. Or, you can use the HighConfidencePhishQuarantineTag parameter to specify what end-users are allowed to do on quarantined messages.
SpamZapEnabled boolean The SpamZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect spam in already delivered messages in Exchange Online mailboxes.
AddXHeaderValue string Specifies the X-header name (not value) to add to spam messages when a spam filtering verdict parameter is set to the value AddXHeader.
DownloadLink boolean Shows or hides a link in end-user spam quarantine notifications to download the Junk Email Reporting Tool for Outlook.
RegionBlockList list<string> Parameter specifies the source countries or regions that are marked as spam when the EnableRegionBlockList parameter value is true.
AllowedSenders list<string> Specifies a list of trusted senders that skip spam filtering.
EnableLanguageBlockList boolean Enables or disables marking messages that were written in specific languages as spam.
InlineSafetyTipsEnabled boolean The InlineSafetyTipsEnabled parameter specifies whether to enable or disable safety tips that are shown to recipients in messages.
TestModeBccToRecipients list<string> Specifies the blind carbon copy (Bcc) recipients to add to spam messages when the TestModeAction ASF parameter is set to the value BccMessage.
ModifySubjectValue string Specifies the text to prepend to the existing subject of messages when a spam filtering verdict parameter is set to the value ModifySubject.
HighConfidenceSpamQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as high confidence spam.
SpamQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as spam.
PhishSpamAction string The PhishSpamAction parameter specifies the action to take on messages that are marked as phishing (not high confidence phishing). Phishing messages use fraudulent links or spoofed domains to get personal information. Valid values are: AddXHeader: Add the AddXHeaderValue parameter value to the message header and deliver the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. ModifySubject: Add the ModifySubject parameter value to the beginning of the subject line, deliver the message, and move the message to the Junk Email folder (same caveats as MoveToJmf). MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. The message is moved only if the junk email rule is enabled on the mailbox (it's enabled by default). Quarantine: Move the message to the quarantine. This is the default value. The quarantined message is available to the intended recipients (as of April, 2020) and admins. Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter.
TestModeAction string Specifies the additional action to take on messages when one or more IncreaseScoreWith* or MarkAsSpam*.
EndUserSpamNotificationCustomSubject string Specifies a custom subject for end-user spam notification messages.
HighConfidencePhishQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as high confidence phishing.
IncreaseScoreWithNumericIps string Increases the spam score of messages that contain links to IP addresse.
MarkAsSpamBulkMail string Allows spam filtering to act on bulk email messages.
AllowedSenderDomains list<string> Specifies trusted domains that aren't processed by the spam filter. Messages from senders in these domains are stamped with SFV:SKA in the X-Forefront-Antispam-Report header and receive a spam confidence level (SCL) of -1, so the messages are delivered to the recipient's inbox.
LanguageBlockList string Parameter enables or disables marking messages that were written in specific languages as spam.
IncreaseScoreWithImageLinks string Increases the spam score of messages that contain image links to remote websites.
MarkAsSpamJavaScriptInHtml string Marks a message as spam when the message contains JavaScript or VBScript.
EndUserSpamNotificationLanguage string Specifies the language of end-user spam quarantine notifications.
BlockedSenderDomains list<string> Specifies domains that are always marked as spam sources.
QuarantineRetentionPeriod number Specifies the number of days that spam messages remain in quarantine when a spam filtering verdict parameter is set to the value Quarantine.
EnableRegionBlockList boolean Enables or disables marking messages that are sent from specific countries or regions as spam.
MarkAsSpamEmptyMessages string Marks a message as spam when the message contains no subject, no content in the message body, and no attachments.
Identity string The identifier for this policy.
MarkAsSpamNdrBackscatter string The MarkAsSpamNdrBackscatter parameter marks a message as spam when the message is a non-delivery report (also known as an NDR or bounce messages) sent to a forged sender (known as backscatter). Valid values are: Off: The setting is disabled. This is the default value. On: The setting is enabled. Backscatter is given the SCL 9 (high confidence spam), and the X-header X-CustomSpam: Backscatter NDR is added to the message.
IsValid boolean The validity for the HostedContentFilterPolicy.
PhishZapEnabled boolean The PhishZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect phishing in already delivered messages in Exchange Online mailboxes.
MarkAsSpamFormTagsInHtml string Parameter marks a message as spam when the message contains HTML form tags.
MarkAsSpamSensitiveWordList string Marks a message as spam when the message contains words from the sensitive words list.
IncreaseScoreWithBizOrInfoUrls string Increases the spam score of messages that contain links to .biz or .info domains.
BulkQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as bulk email.
BulkThreshold number The BulkThreshold parameter specifies the BCL on messages that triggers the action specified by the BulkSpamAction parameter (greater than the specified BCL value, not greater than or equal to). A valid value is an integer from 1 to 9. The default value is 7, which means a BCL of 8 or 9 on messages will trigger the action that's specified by the BulkSpamAction parameter. A higher BCL indicates the message is more likely to generate complaints (and is therefore more likely to be spam).
MarkAsSpamFramesInHtml string Marks a message as spam when the message contains HTML frame or iframe tags.
RedirectToRecipients list<string> Specifies the email addresses of replacement recipients when a spam filtering verdict parameter is set to the value Redirect.
EnableEndUserSpamNotifications boolean Enables for disables sending end-user spam quarantine notifications.
EndUserSpamNotificationFrequency number Specifies the repeat interval in days that end-user spam quarantine notifications are sent.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
id string ID of the HostedContentFilterRule
Description string Specifies a Description for the HostedContentFilterRule.
HostedContentFilterPolicy string HostedContentFilterPolicy The HostedContentFilterPolicy associated with this HostedContentFilterRule.
SentTo list<string> Specifies a condition for the rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient.
RecipientDomainIs list<string> Specifies a condition for the rule that looks for recipients with email address in the specified domains.
Conditions list<string> Description pending.
Name string Name of the HostedContentFilterRule
State string If Enabled, the HostedContentFilterRule is in use.
Priority number Specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.
Comments string Specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.
ExceptIfSentToMemberOf list<string> Specifies an exception for the rule that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups. You can use any value that uniquely identifies the group.
ExceptIfRecipientDomainIs list<string> Specifies an exception for the rule that looks for recipients with email address in the specified domains.
SentToMemberOf list<string> Specifies a condition that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups. You can use any value that uniquely identifies the group.
ExceptIfSentTo list<string> Specifies an exception for the rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient.
ImmutableId string Description pending.
IsValid boolean The validity for the HostedContentFilterRule.
Identity string Specifies the spam filter rule that you want to view.
Exceptions list<string> Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
BccSuspiciousOutboundMail boolean Send copies of suspicious messages to specific people.
ConfigurationType string Description pending
IsValid boolean The validity for the HostedOutboundSpamFilterPolicy.
ActionWhenThresholdReached string Specifies the action to take when any of the limits specified in the policy are reached. Valid values are: Alert: No action, alert only. BlockUser: Prevent the user from sending email messages. BlockUserForToday: Prevent the user from sending email messages until the following day. This is the default value.
BccSuspiciousOutboundAdditionalRecipients list<string> Specifies an email address to add to the Bcc field of outgoing spam messages.
AdminDisplayName string Specifies a description for the policy.
NotifyOutboundSpam boolean Notify specific people if senders are blocked.
RecipientLimitPerDay number Specifies the maximum number of recipients that a user can send to within a day. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.
RecipientLimitExternalPerHour number Specifies the maximum number of external recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.
AutoForwardingMode string Specifies how the policy controls automatic email forwarding to external recipients. Valid values are: Automatic: This is the default value. This setting is now the same as Off. When this setting was originally introduced, this value was equivalent to On. On: Automatic external email forwarding is not restricted. Off: Automatic external email forwarding is disabled and will result in a non-delivery report (also known as an NDR or bounce message) to the sender.
RecipientLimitInternalPerHour number Specifies the maximum number of internal recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.
Enabled boolean Whether this policy is enabled or not.
Identity string Unique Identifier for the policy.
id string id of the HostedOutboundSpamFilterPolicy
Name string Name of the HostedOutboundSpamFilterPolicy
IsDefault boolean Whether the HostedOutboundSpamFilterPolicy is the default policy.
NotifyOutboundSpamRecipients list<string> Specifies the email addresses of admins to notify when an outgoing spam is detected.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
SenderIPAddresses list<string> The SenderIPAddresses parameter specifies the source IPV4 IP addresses that the connector accepts messages from.
RestrictDomainsToIPAddresses boolean The RestrictDomainsToIPAddresses parameter specifies whether to reject mail that comes from unknown source IP addresses.
CloudServicesMailEnabled boolean The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft 365.
TreatMessagesAsInternal boolean The TreatMessagesAsInternal parameter specifies an alternative method to identify messages sent from an on-premises organization as internal messages. You should only consider using this parameter when your on-premises organization does not use Exchange.
EFSkipLastIP boolean The EFSkipIPs parameter specifies the behavior of Enhanced Filtering for Connectors.
EFSkipIPs list<string> The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false.
EFUsers list<string> The EFUsers parameter specifies the recipients that Enhanced Filtering for Connectors applies to. The default value is blank ($null), which means Enhanced Filtering for Connectors is applied to all recipients. You can specify multiple recipient email addresses separated by commas.
Identity string The id of this InboundConnector.
ConnectorType string The type of connector. Can be "Partner" or "OnPremises".
AssociatedAcceptedDomains list<string> The AssociatedAcceptedDomains parameter restricts the source domains that use the connector to the specified accepted domains. A valid value is an SMTP domain that is configured as an accepted domain in your Microsoft 365 organization.
RequireTls boolean Whether or not TLS is required.
Enabled boolean Whether this InboundConnector is enabled or not.
SenderDomains list<string> The SenderDomains parameter specifies the source domains that the connector accepts messages for.
RestrictDomainsToCertificate boolean The RestrictDomainsToCertificate parameter specifies whether the Subject value of the TLS certificate is checked before messages can use the connector.
TlsSenderCertificateName string The TlsSenderCertificateName parameter specifies the TLS certificate that is used when the value of the RequireTls parameter is $true.
IsValid boolean Whether this InboundConnector is valid or not.
Name string Name of the inbound connector
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
CustomExternalBody string Specifies the body of the custom notification message for malware detections in messages from external senders.
CustomInternalSubject string Specifies the subject of the custom notification message for malware detections in messages from internal senders.
FileTypes list<string> Specifies the file types that are automatically blocked by common attachment blocking (also known as the Common Attachment Types Filter), regardless of content.
FileTypeAction string Specifies what's done to messages that contain one or more attachments where the file extension is included in the FileTypes parameter (common attachment blocking).
Action string This parameter describes what actions to take if a message contains malwares. Availavle options are DeleteMessage, DeleteAttachmentAndUseDefaultAlert, and DeleteAttachmentAndUseCustomAlert.
id string ID of the MalwareFilterPolicy
ZapEnabled boolean If true, zero-hour auto purge (ZAP) is enabled for this anti-malware policy. ZAP will quarantine messages that contain malware attachments.
ExternalSenderAdminAddress string Specifies the email address of the administrator who will receive notification messages for malware detections in messages from external senders.
CustomExternalSubject string Specifies the subject of the custom notification message for malware detections in messages from external senders.
CustomInternalBody string Specifies the body of the custom notification message for malware detections in messages from internal senders.
EnableInternalSenderAdminNotifications boolean If true, an admin will receive an email notification if an internal user is detected sending malware.
EnableFileFilter boolean The Common Attachment Types Filter lets a user block known and custom malicious file types from being attached to emails. This setting is set to "True" if the "Common Attachment Types" filter is enabled.
IsDefault boolean Whether the MalwareFilterPolicy is the default policy.
CustomFromName string Specifies the From name of the custom notification message for malware detections in messages from internal or external senders.
QuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as malware.
Name string Name of the MalwareFilterPolicy
IsValid boolean The validity for the MalwareFilterPolicy.
AdminDisplayName string Specifies a description for the policy.
EnableExternalSenderAdminNotifications boolean Enables or disables sending malware detection notification messages to an administrator for messages from external senders.
CustomNotifications boolean Enables or disables custom notification messages for malware detections in messages from internal or external senders.
CustomFromAddress string Specifies the From address of the custom notification message for malware detections in messages from internal or external senders.
InternalSenderAdminAddress string The email address of the admin who will receive notifications when an internal user is detected sending malware.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Identity string Specifies the malware filter rule that you want to view. You can use any value that uniquely identifies the rule.
Comments string Specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.
ExceptIfSentToMemberOf string Specifies an exception that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups.
State string If Enabled, the MalwareFilterRule is in use.
MalwareFilterPolicy string MalwareFilterPolicy The MalwareFilterPolicy associated.
Priority number Specifies a priority value for the rule that determines the order of rule processing.
RecipientDomainIs string Specifies a condition that looks for recipients with email address in the specified domains.
Conditions list<string> Description pending.
ImmutableId string Description pending.
id string ID of the MalwareFilterRule
Name string Name of the MalwareFilterRule
SentTo string Specifies a condition that looks for recipients in messages.
ExceptIfRecipientDomainIs string Specifies an exception that looks for recipients with email address in the specified domains.
Description string Specifies a Description for the MalwareFilterRule.
Exceptions list<string> Description pending.
IsValid boolean The validity for the MalwareFilterRule.
SentToMemberOf list<string> Specifies a condition that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups.
ExceptIfSentTo string Specifies an exception that looks for recipients in messages.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowMobileOTAUpdate boolean Specifies whether the policy can be sent to the mobile device over a cellular data connection.
AllowHTMLEmail boolean Specifies whether HTML-formatted email is enabled on the mobile device.
AllowRemoteDesktop boolean Specifies whether the mobile device can initiate a remote desktop connection.
AllowSimplePassword boolean Specifies whether a simple password is allowed on the mobile device.
AllowTextMessaging boolean Specifies whether text messaging is allowed from the mobile device.
MaxEmailHTMLBodyTruncationSize string Specifies the maximum size at which HTML-formatted email messages are truncated when synchronized to the mobile device..
AllowInternetSharing boolean Specifies whether the mobile device can be used as a modem to connect a computer to the Internet.
MinPasswordLength number Specifies the minimum number of characters in the mobile device password.
MaxCalendarAgeFilter string Specifies the maximum range of calendar days that can be synchronized to the mobile device.
DevicePolicyRefreshInterval string Specifies how often the policy is sent to the mobile device..
MaxPasswordFailedAttempts number Specifies the number of attempts a user can make to enter the correct password for the mobile device.
UnapprovedInROMApplicationList list<string> Specifies a list of applications that can't be run in ROM on the mobile device.
AllowUnsignedApplications boolean Specifies whether unsigned applications can be installed on the mobile device.
RequireSignedSMIMEAlgorithm string Specifies the algorithm that's used to sign S/MIME messages on the mobile device.
IrmEnabled boolean Specifies whether Information Rights Management (IRM) is enabled for the mobile device.
AttachmentsEnabled boolean Specifies whether attachments can be downloaded on the mobile device.
DeviceEncryptionEnabled boolean Whether the mobile device mailbox policy has password enabled.
RequireEncryptionSMIMEAlgorithm string Specifies the algorithm that's required to encrypt S/MIME messages on a mobile device..
AllowStorageCard boolean Specifies whether the mobile device can access information stored on a storage card.
AllowExternalDeviceManagement boolean Specifies whether an external device management program is allowed to manage the mobile device.
Identity string Specifies the name, distinguished name (DN),or GUID of the mobile device mailbox policy.
MaxInactivityTimeLock string Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked.
UNCAccessEnabled boolean Specifies whether access to Microsoft Windows file shares is enabled from the mobile device.
PasswordExpiration string Specifies how long a password can be used on a mobile device before the user is forced to change the password.
AllowPOPIMAPEmail boolean Specifies whether the user can configure a POP3 or IMAP4 email account on the mobile device.
IsDefault boolean Whether this is the default mobile device mailbox policy.
PasswordHistory number Specifies the number of unique new passwords that need to be created on the mobile device before an old password can be reused.
RequireManualSyncWhenRoaming boolean Specifies whether the mobile device must synchronize manually while roaming.
MaxEmailAgeFilter string Specifies the maximum number of days of email items to synchronize to the mobile device.
id string The unique identifier for this mobile device mailbox policy.
PasswordRecoveryEnabled boolean Whether the mobile device mailbox policy has password recovery enabled.
RequireDeviceEncryption boolean Specifies whether encryption is required on the mobile device..
AllowCamera boolean Specifies whether the mobile device's camera is allowed.
AllowBrowser boolean Specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile device.
AllowWiFi boolean Specifies whether wireless Internet access is allowed on the mobile device.
AllowSMIMEEncryptionAlgorithmNegotiation string Specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified encryption algorithm.
AllowMicrosoftPushNotifications boolean Specifies whether push notifications are enabled on the mobile device..
MaxEmailBodyTruncationSize string Specifies the maximum size at which email messages are truncated when synchronized to the mobile device.
Name string Unique name for the mobile device mailbox policy
AlphanumericPasswordRequired boolean Whether mobile device mailbox policy requires alpha-numeric password.
PasswordEnabled boolean Whether the mobile device mailbox policy has password enabled.
ApprovedApplicationList list<string> Specifies a configured list of approved applications for the device.
RequireEncryptedSMIMEMessages boolean Specifies whether the mobile device must send encrypted S/MIME messages.
AllowIrDA boolean Specifies whether infrared connections are allowed to the mobile device.
MinPasswordComplexCharacters number Parameter specifies the character sets that are required in the password of the mobile device.
AllowDesktopSync boolean Specifies whether the mobile device can synchronize with a desktop computer through a cable..
WSSAccessEnabled boolean Specifies whether access to Microsoft Windows SharePoint Services is enabled from the mobile device.
RequireStorageCardEncryption boolean Specifies whether storage card encryption is required on the mobile device.
AllowConsumerEmail boolean Whether the user can configure a personal email account on the mobile device.
AllowGooglePushNotifications boolean Controls whether the user can receive push notifications from Google for Outlook on the web for devices.
AllowNonProvisionableDevices boolean Whether mobile device mailbox policy allows non provisionable devices.
MaxAttachmentSize string Specifies the maximum size of attachments that can be downloaded to the mobile device.
AllowSMIMESoftCerts boolean Specifies whether S/MIME software certificates are allowed on the mobile device.
AllowUnsignedInstallationPackages boolean Specifies whether unsigned installation packages are allowed to run on the mobile device.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ForeignForestFQDN list<string> Description pending.
BookingsNamingPolicyPrefixEnabled boolean Available only in the cloud-based service. Description pending.
AllowToAddGuests boolean If true, group owners will be allowed to add people outside of the organization to Microsoft365 Groups as guests.
MailTipsMailboxSourcedTipsEnabled boolean Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled.
MicrosoftExchangeRecipientEmailAddresses list<string> Specifies one or more email addresses for the recipient. All valid Microsoft Exchange email address types may be used. You can specify multiple values for this parameter as a comma-delimited list. If the MicrosoftExchangeRecipientEmailAddressPolicyEnabled parameter is set to true, the email addresses are automatically generated by the default email address policy. This means you can't use the MicrosoftExchangeRecipientEmailAddresses parameter.
ActivityBasedAuthenticationTimeoutInterval string Specifies the period of inactivity that causes an automatic logoff in Outlook on the web.
BookingsNamingPolicySuffixEnabled boolean Available only in the cloud-based service. Description pending.
WebPushNotificationsDisabled boolean Specifies whether to enable or disable Web Push Notifications in Outlook on the Web. This feature provides web push notifications which appear on a user's desktop while the user is not using Outlook on the Web. This brings awareness of incoming messages while they are working elsewhere on their computer.
DefaultMinutesToReduceShortEventsBy number Specifies the number of minutes to reduce calendar events by if the events are less than 60 minutes long. A valid value is an integer from 0 to 29. The default value is 5.
ComplianceMLBgdCrawlEnabled boolean Available only in the cloud-based service. Description pending.
DirectReportsGroupAutoCreationEnabled boolean Specifies whether to enable or disable the automatic creation of direct report Microsoft 365 Groups.
ActivityBasedAuthenticationTimeoutEnabled boolean Enables or disables the inactivity interval for automatic logoff in Outlook on the web (formerly known as Outlook Web App).
AuditDisabled boolean Specifies whether to disable or enable mailbox auditing for the organization.
IsDualWriteEnabled boolean Description pending.
ServicePlan string Description pending.
DefaultPublicFolderProhibitPostQuota string Specifies the size of a public folder at which users are notified that the public folder is full. Users can't post to a folder whose size is larger than the DefaultPublicFolderProhibitPostQuota parameter value.
AutoExpandingArchiveEnabled boolean Description pending.
IPListBlocked list<string> Specifies the blocked IP addresses that aren't allowed to connect to Exchange Online organization. Valid values are: Single IP address. IP address range. Classless InterDomain Routing (CIDR) IP address range.
OutlookGifPickerDisabled boolean Disables the GIF Search (powered by Bing) feature that's built into the Compose page in Outlook on the web.
DistributionGroupNameBlockedWordsList list<string> Specifies words that can't be included in the Display Name values of distribution groups that are created by users.
BookingsCreationOfCustomQuestionsRestricted boolean Specifies whether Bookings admins can add custom questions.
EnableOutlookEvents boolean Specifies whether Outlook or Outlook on the web (formerly known as Outlook Web App) automatically discovers events from email messages and adds them to user calendars.
MicrosoftExchangeRecipientReplyRecipient string Specifies the recipient that should receive messages sent to the Exchange recipient. Typically, you would configure a mailbox to receive the messages sent to the Exchange recipient.
DefaultMailboxRegion string The default mailbox region of the organization.
IsGroupMemberAllowedToEditContent boolean Available only in the cloud-based service. Description pending.
IsUpgradingOrganization boolean Description pending.
EwsAllowOutlook boolean Enables or disables access to mailboxes by Outlook clients that use Exchange Web Services. Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing.
MicrosoftExchangeRecipientPrimarySmtpAddress string Specifies the primary return SMTP email address for the Exchange recipient. If the MicrosoftExchangeRecipientEmailAddressPolicyEnabled parameter is set to true, you can't use the MicrosoftExchangeRecipientPrimarySmtpAddress parameter.
DefaultMinutesToReduceLongEventsBy number Specifies the number of minutes to reduce calendar events by if the events are 60 minutes or longer. A valid value is an integer from 0 to 29. The default value is 10.
PublicFoldersLockedForMigration boolean Specifies whether users are locked out from accessing down level public folder servers. When you set the PublicFoldersLockedForMigration parameter to true, users are locked out from accessing down level public folder servers. This is used for public folder migration during final stages. The default value is false, which means that the user is able to access public folder servers.
ExternalCloudAccessEnabled boolean Description pending.
ManagedFolderHomepage string Specifies the URL of the web page that's displayed when users click the Managed Folders folder in Outlook. If a URL isn't specified, Outlook doesn't display a managed folders home page.
AppsForOfficeEnabled boolean Specifies whether to enable apps for Outlook features. By default, the parameter is set to true. If the flag is set to false, no new apps can be activated for any user in the organization.
IsMIPLabelForGroupsEnabled boolean Description pending.
OrganizationId string The identifier for the Exchange organization.
IsTenantInGracePeriod boolean Description pending.
IsGuidPrefixedLegacyDnDisabled boolean Description pending.
BookingsAuthEnabled boolean Specifies whether to enforce authentication to access all published Bookings pages.
PublicFolderMigrationComplete boolean Is used during public folder migration. When you set the PublicFolderMigrationComplete parameter to true, transport starts rerouting the queued messages to a new destination. The default value is false.
PublicFolderShowClientControl boolean Enables or disables access to public folders in Microsoft Outlook.
IsAddressListPagingEnabled boolean Description pending.
DefaultMailboxRegionLastUpdateTime number Description pending.
BookingsEnabled boolean If true, the entire origanization will be able to use Microsoft Bookings.
IntuneManagedStatus boolean Description pending.
MaxInformationBarrierSegments number Description pending.
EwsAllowEntourage boolean Specifies whether to enable or disable Entourage 2008 to access Exchange Web Services (EWS) for the entire organization.
HiddenMembershipGroupsCreationEnabled boolean Description pending.
InformationBarriersRestrictPeopleSearch boolean Description pending.
IsProcessEhaMigratedMessagesEnabled boolean Description pending.
LegacyExchangeDN string Description pending.
ConnectorsActionableMessagesEnabled boolean Specifies whether to enable or disable actionable buttons in messages (connector cards) from connected apps on Outlook on the web.
LeanPopoutEnabled boolean Specifies whether to enable faster loading of pop-out messages in Outlook on the web for Internet Explorer and Microsoft Edge.
SendFromAliasEnabled boolean Allows mailbox users to send messages using aliases (proxy addresses). It does this by disabling the rewriting of aliases to their primary SMTP address. This change is implemented in the Exchange Online service. At the same time, Outlook clients are making changes to natively support aliases for sending and receiving messages. Even without an updated client, changes in behavior may be seen for users using any email client as the setting affects all messages sent and received by a mailbox.
DefaultPublicFolderMovedItemRetention string Specifies how long items that have been moved between mailboxes are kept in the source mailbox for recovery purposes before being removed by the Public Folder Assistant.
BookingsNamingPolicyEnabled boolean Available only in the cloud-based service. Description pending.
CustomerFeedbackEnabled boolean Specifies whether the Exchange server is enrolled in the Microsoft Customer Experience Improvement Program.
PublicFolderMailboxesMigrationComplete boolean Is used during public folder migration. true: Queued messages are rerouted to the new destination. false (This is the default value).
OrganizationSummary list<string> Specifies a summarized description that best represents your organization.
OutlookPayEnabled boolean Enables or disables Microsoft Pay in the Microsoft 365 organization.
DefaultAuthenticationPolicy string Specifies the authentication policy that's used for the whole organization. You can use any value that uniquely identifies the policy.
MailboxDataEncryptionEnabled boolean Description pending.
RecallReadMessagesEnabled boolean Available only in the cloud-based service. Description pending.
DefaultPublicFolderDeletedItemRetention string Specifies the default value of the length of time to retain deleted items for public folders across the entire organization. This attribute applies to all public folders in the organization that don't have their own RetainDeletedItemsFor attribute set.
BookingsNotesEntryRestricted boolean Specifies whether appointment notes can be collected from Bookings customers.
Identity string Specifies the name of the OrganizationConfig.
IsMailboxForcedReplicationDisabled boolean Description pending.
MaskClientIpInReceivedHeadersEnabled boolean Available only in the cloud-based service. Description pending.
BookingsNamingPolicyPrefix string Available only in the cloud-based service. Description pending.
RPSEnabled boolean Description pending.
ForeignForestRecipientAdminUSGSid string Description pending.
BookingsEnabledLastUpdateTime number Description pending.
MapiHttpEnabled boolean Enables or disables access to mailboxes in Outlook by using MAPI over HTTP.
DisablePlusAddressInRecipients boolean Specifies whether to enable or disable plus addressing (also known as subaddressing) for Exchange Online mailboxes.
DistributionGroupDefaultOU string Specifies the container where distribution groups are created by default.
FindTimeLockPollForAttendeesEnabled boolean Controls whether the Lock poll for attendees setting is managed by the organization.
nonUserMailboxAuditEnabled boolean If true, all non-user mailboxes have audit enabled. Otherwise, at least 1 non-user mailbox has auditing disabled. You can get this information from PowerShell using the command `Get-Mailbox -Filter 'AuditEnabled -eq $false -and RecipientTypeDetails -ne "UserMailbox" -and RecipientTypeDetails -ne "SharedMailbox"' -ResultSize 1 | Select-Object Id, Name, AuditEnabled`
EwsApplicationAccessPolicy string Specifies the client applications that have access to EWS and REST. Valid values are: EnforceAllowList: Only applications specified by the EwsAllowList parameter are allowed to access EWS and REST. Access by other applications is blocked. EnforceBlockList: All applications are allowed to access EWS and REST, except for the applications specified by the EwsBlockList parameter.
PublicComputersDetectionEnabled boolean Specifies whether Outlook on the web will detect when a user signs from a public or private computer or network, and then enforces the attachment handling settings from public networks.
OfficeGraphActivitySharingOrgOptout boolean Description pending.
AppsForOfficeCorpCatalogAppsCount number Description pending.
PreviousAdminDisplayVersion string Description pending.
ResourceAddressLists list<string> Description pending.
OutlookTextPredictionDisabled boolean Available only in the cloud-based service. Description pending.
ReadTrackingEnabled boolean Specifies whether the tracking for read status for messages in an organization is enabled.
IsTenantAccessBlocked boolean Description pending.
Heuristics string Description pending.
InformationBarrierMode string Description pending.
GuestsEnabled boolean If true, guest group members will be able to access group content.
OrganizationPrivacyStatementLink string Description pending.
MimeTypes list<string> Description pending.
HybridConfigurationStatus string Description pending.
EwsEnabled boolean specifies whether to globally enable or disable EWS access for the entire organization, regardless of what application is making the request. Valid values are: true: All EWS access is enabled. false: All EWS access is disabled. null (blank): The setting isn't configured. Access to EWS is controlled individually by the related EWS parameters (for example EwsAllowEntourage). This is the default value.
BookingsSearchEngineIndexDisabled boolean Available only in the cloud-based service. Description pending.
WebSuggestedRepliesDisabled boolean Specifies whether to enable or disable Suggested Replies in Outlook on the web. This feature provides suggested replies to emails so users can easily and quickly respond to messages.
EwsBlockList list<string> Specifies the applications that aren't allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EnforceBlockList. All other applications that aren't specified by this parameter are allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.
ShortenEventScopeDefault string Specifies whether calendar events start late or end early in the organization. Valid values are: 0 or None: Calendar events in the organization don't automatically start late or end early. This is the default value. 1 or EndEarly: By default, the end time of all calendar events is reduced by the number of minutes as specified by the values of the DefaultMinutesToReduceLongEventsBy and DefaultMinutesToReduceShortEventsBy parameters. 2 or StartLate: By default, the start time of all calendar events is delayed by the number of minutes as specified by the values of the DefaultMinutesToReduceLongEventsBy and DefaultMinutesToReduceShortEventsBy parameters.
IsJitEnabled boolean Description pending.
RootPublicFolderMailbox object Description pending.
 IsValid boolean Specifies if RootPublicFolderMailbox is valid.
 CanUpdate boolean Description pending.
 HierarchyMailboxGuid string Description pending.
 LockedForMigration boolean Indicates if the public folder hierarchy is locked or not.
GroupsCreationWhitelistedId string Description pending.
AdfsIssuer string Specifies URL of the AD FS server that's used for AD FS claims-based authentication. This is the URL where AD FS relying parties send users for authentication.
SCLJunkThreshold number Specifies the spam confidence level (SCL) threshold. Messages with an SCL greater than the value that you specify for the SCLJunkThreshold parameter are moved to the Junk Email folder. Valid values are integers from 0 through 9, inclusive.
OnlineMeetingsByDefaultEnabled boolean Specifies whether to set all meetings as Teams or Skype for Business by default during meeting creation. Valid values are: true: All meetings are online by default. false: All meetings are not online by default. null: If the organization value has not been specified, the default behavior is for meetings to be online.
PublicFolderMailboxesLockedForNewConnections boolean Specifies whether users are allowed to make new connections to public folder mailboxes.
IsExcludedFromOffboardMigration boolean Specifies that no new moves from the cloud to your on-premises organization are permitted. When this flag is set, no offboarding move requests are allowed.
ForeignForestOrgAdminUSGSid string Description pending.
MailTipsGroupMetricsEnabled boolean True if mail tips group metrics are enabled.
MailTipsLargeAudienceThreshold number This setting defines a "large audience" in your tenant. If an email is about to be sent to a large audience, a mail tip will be shown to alert the user.
SharePointUrl string Description pending.
AdfsSignCertificateThumbprints list<string> Specifies one or more X.509 token-signing certificates that are used for AD FS claims-based authentication. This parameter uses certificate thumbprint values (GUIDs) to identify the certificates.
FocusedInboxOn boolean Enables or disables Focused Inbox for the organization.
FindTimeAutoScheduleDisabled boolean Controls automatically scheduling the meeting once a consensus is reached in meeting polls using the FindTime Outlook add-in. Valid values are: true: Reaching a consensus for the meeting time doesn't automatically schedule the meeting, and the meeting organizer can't change this setting (Off). false: By default, reaching a consensus for the meeting time doesn't automatically schedule the meeting, but meeting organizer is allowed to turn on this setting.
BlockMoveMessagesForGroupFolders boolean Available only in the cloud-based service. Description pending.
IsComplianceTrialEnabled boolean Description pending.
BasicAuthBlockedApps string Description pending.
InformationBarriersEnforcementEnabled boolean Description pending.
TenantRelocationsAllowed boolean Description pending.
DefaultPublicFolderIssueWarningQuota string Specifies the default value across the entire organization for the public folder size at which a warning message is sent to this folder's owners, warning that the public folder is almost full. This attribute applies to all public folders within the organization that don't have their own warning quota attribute set. The default value of this attribute is unlimited.
SmtpActionableMessagesEnabled boolean Specifies whether to enable or disable action buttons in email messages in Outlook on the web.
LinkPreviewEnabled boolean Specifies whether link preview of URLs in email messages is allowed for the organization.
ReleaseTrack string Description pending.
ByteEncoderTypeFor7BitCharsets number Specifies the 7-bit transfer encoding method for MIME format for messages sent to this remote domain. The valid values for this parameter are: 0: Always use default 7-bit transfer encoding for HTML and plain text. 1: Always use QP (quoted-printable) encoding for HTML and plain text. 2: Always use Base64 encoding for HTML and plain text. 5: Use QP encoding for HTML and plain text unless line wrapping is enabled in plain text. If line wrapping is enabled, use 7-bit encoding for plain text. 6: Use Base64 encoding for HTML and plain text, unless line wrapping is enabled in plain text. If line wrapping is enabled in plain text, use Base64 encoding for HTML, and use 7-bit encoding for plain text. 13: Always use QP encoding for HTML. Always use 7-bit encoding for plain text. 14: Always use Base64 encoding for HTML. Always use 7-bit encoding for plain text.
ForeignForestViewOnlyAdminUSGSid string Description pending.
ExchangeNotificationRecipients list<string> Specifies the recipients for Exchange notifications sent to administrators regarding their organizations. If the ExchangeNotificationEnabled parameter is set to false, no notification messages are sent. Be sure to enclose values that contain spaces in quotation marks (") and separate multiple values with commas.
BookingsSocialSharingRestricted boolean Specifies whether users can see the social sharing options inside Bookings.
DefaultPublicFolderMaxItemSize string Specifies the default maximum size for posted items within public folders across the entire organization. Items larger than the value of the DefaultPublicFolderMaxItemSize parameter are rejected. This attribute applies to all public folders within the organization that don't have their own MaxItemSize attribute set. The default value of this attribute is unlimited.
DefaultGroupAccessType string Specifies the default access type for Microsoft 365 Groups. Valid values are: Public. Private (this is the default value).
ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled boolean Enables or disables the inactivity interval for automatic logoff for single sign-on in Outlook on the Web.
ConnectorsEnabledForTeams boolean Specifies whether to enable or disable connected apps on Teams.
AllowedMailboxRegionsLastUpdateTime number Description pending.
GroupsCreationEnabled boolean Description pending.
FindTimeAttendeeAuthenticationEnabled boolean Controls whether attendees are required to verify their identity in meeting polls using the FindTime Outlook add-in.
ACLableSyncedObjectEnabled boolean Specifies whether remote mailboxes in hybrid environments are stamped as ACLableSyncedMailboxUser.
ForwardSyncLiveIdBusinessInstance boolean Description pending.
GroupsNamingPolicy string Description pending.
IsMixedMode boolean Description pending.
BookingsPhoneNumberEntryRestricted boolean Specifies whether phone numbers can be collected from Bookings customers.
EwsAllowList list<string> Specifies the applications that are allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EwsAllowList. Other applications that aren't specified by this parameter aren't allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.
userMailboxAuditEnabled boolean If true, mailbox auditing is enabled for all user mailboxes.
OcmGroupId string Description pending.
Industry string Specifies the industry that best represents your organization.
AllowedMailboxRegions list<string> Description pending.
Name string Name of OrganizationConfig.
ForestConfigVersion string Description pending.
RealTimeLogServiceEnabled boolean Description pending.
BookingsBlockedWordsEnabled boolean Available only in the cloud-based service. Description pending.
WACDiscoveryEndpoint string Specifies the discovery endpoint for Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server) for all mailboxes in the organization.
SiteMailboxCreationURL string Specifies the URL that's used to create site mailboxes. Site mailboxes improve collaboration and user productivity by allowing access to both SharePoint documents and Exchange email in Outlook 2013 or later.
IsDehydrated boolean Description pending.
BookingsNamingPolicySuffix string Available only in the cloud-based service. Description pending.
ElcProcessingDisabled boolean Specifies whether to enable or disable the processing of mailboxes by the Managed Folder Assistant.
EwsAllowMacOutlook boolean Enables or disables access to mailboxes by Outlook for Mac clients that use Exchange Web Services
CompassEnabled boolean Description pending.
BookingsExposureOfStaffDetailsRestricted boolean Specifies whether the attributes of internal Bookings staff members (for example, email addresses) are visible to external Bookings customers.
BookingsAddressEntryRestricted boolean Specifies whether addresses can be collected from Bookings customers.
DisableMailboxForSubstrateOnlyFinished boolean Description pending.
AsyncSendEnabled boolean Specifies whether to enable or disable async send in Outlook on the web.
TargetServicePlan string Description pending.
id string id of the OrganizationConfig.
IsUpdatingServicePlan boolean Description pending.
MaxConcurrentMigrations string Specifies the maximum number of concurrent migrations that your organization can configure at any specific time.
ConnectorsEnabledForOutlook boolean Specifies whether to enable or disable connected apps in Outlook on the web.
RmsoSubscriptionStatus string Description pending.
MessageHighlightsEnabled boolean Available only in the cloud-based service. Description pending.
PrivateCatalogAppsCount number Description pending.
MailTipsAllTipsEnabled boolean True if mail tips are enabled.
MicrosoftExchangeRecipientEmailAddressPolicyEnabled boolean Specifies whether the default email address policy is automatically applied to the Exchange recipient. The default value is true. If this parameter is set to true, Exchange automatically adds new email addresses to the Exchange recipient when email address policies are added or modified in the Exchange organization. If this parameter is set to false, you must manually add new email addresses to the Exchange recipient when email address policies are added or modified.
MatchSenderOrganizerProperties boolean Available only in the cloud-based service. Description pending.
FindTimeOnlineMeetingOptionDisabled boolean Controls the availability of the Online meeting checkbox for Teams or Skype in meeting polls using the FindTime Outlook add-in.
GuestsUsageGuidelinesLink string Description pending.
ConnectorsEnabledForSharepoint boolean Specifies whether to enable or disable connected apps on SharePoint.
HierarchicalAddressBookRoot string Specifies the user, contact, or group to be used as the root organization for a hierarchical address book in the Exchange organization. You can use any value that uniquely identifies the recipient.
MessageRemindersEnabled boolean Enables or disables the message reminders feature in the organization.
IsExcludedFromOnboardMigration boolean Specifies that no new moves from your on-premises organization to the cloud are permitted. When this flag is set, no onboarding move requests are allowed.
IsLicensingEnforced boolean Description pending.
MaxInformationBarrierBridges number Description pending.
DistributionGroupNamingPolicy string Specifies the additional text that's applied to the Display Name value of distribution groups created by users. You can require a prefix, a suffix, or both. The prefix and suffix can be text strings, user attribute values from the person who created the group, or a combination of text strings and attributes.
MailTipsExternalRecipientsTipsEnabled boolean True if external recipient mail tips are enabled.
UpgradeIBInProgress boolean Description pending.
OutlookMobileGCCRestrictionsEnabled boolean Specifies whether to enable or disable features within Outlook for iOS and Android that are not FedRAMP compliant for Microsoft 365 US Government Community Cloud (GCC) customers.
EndUserDLUpgradeFlowsDisabled boolean Specifies whether to prevent users from upgrading their own distribution groups to Microsoft 365 Groups in an Exchange Online organization.
DataInsightsFlag number Description pending.
BookingsPaymentsEnabled boolean Specifies whether to enable the online payment node inside Bookings.
InPlaceHolds list<string> Description pending.
GroupsUsageGuidelinesLink string Description pending.
IsValid boolean The validity for the OrganizationConfig.
MessageRecallEnabled boolean Available only in the cloud-based service. Description pending.
SharedDomainEmailAddressFlowEnabled boolean Available only in the cloud-based service. Description pending.
DefaultDataEncryptionPolicy string Description pending.
BookingsSmsMicrosoftEnabled boolean Available only in the cloud-based service. Description pending.
ConnectorsEnabled boolean Specifies whether to enable or disable all connected apps in organization.
BookingsMembershipApprovalRequired boolean Enables a membership approval requirement when new staff members are added to Bookings calendars.
DisplayName string Display name of OrganizationConfig.
VisibleMeetingUpdateProperties string Specifies whether meeting message updates will be auto-processed on behalf of attendees. Auto-processed updates are applied to the attendee's calendar item, and then the meeting message is moved to the deleted items. The attendee never sees the update in their inbox, but their calendar is updated.
AzurePremiumSubscriptionStatus boolean Description pending.
AdfsAudienceUris list<string> Specifies one or more external URLs that are used for Active Directory Federation Services (AD FS) claims-based authentication. For example, the external Outlook on the web and external Exchange admin center (EAC) URLs.
IsGroupFoldersAndRulesEnabled boolean Available only in the cloud-based service. Description pending.
InformationBarriersManagementEnabled boolean Description pending.
WorkspaceTenantEnabled boolean Enables or disables workspace booking in the organization.
AutodiscoverPartialDirSync boolean Is for scenarios where tenants have Directory Synced some of their Active Directory users into the cloud, but still have on-premises Exchange users that are not Directory Synced. Setting this parameter to true will cause unknown users to be redirected to the on-premises endpoint and will allow on-premises users to discover their mailbox automatically. Online email addresses will be susceptible to enumeration. We recommend full Directory Sync for all Active Directory users and leaving this parameter with the default false.
PublicFoldersEnabled string Specifies how public folders are deployed in your organization. This parameter uses one of the following values. Local: The public folders are deployed locally in your organization. Remote: The public folders are deployed in the remote forest. None: No public folders are deployed for this organization.
ExchangeNotificationEnabled boolean Enables or disables Exchange notifications sent to administrators regarding their organizations.
DefaultPublicFolderAgeLimit string Specifies the default age limit for the contents of public folders across the entire organization. Content in a public folder is automatically deleted when this age limit is exceeded. This attribute applies to all public folders in the organization that don't have their own AgeLimit setting.
OAuth2ClientProfileEnabled boolean Whether OAuth 2.0 is enabled.
MobileAppEducationEnabled boolean Specifies whether to show or hide the Outlook for iOS and Android education reminder in Outlook on the web (formerly known as Outlook Web App).
ConnectorsEnabledForYammer boolean Specifies whether to enable or disable connected apps on Yammer.
IsEopTrialEnabled boolean Description pending.
RemotePublicFolderMailboxes list<string> Specifies the identities of the public folder objects (represented as mail user objects locally) corresponding to the public folder mailboxes created in the remote forest. The public folder values set here are used only if the public folder deployment is a remote deployment.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Identity string The id of this OrganizationRelationship.
Enabled boolean Whether this OrganizationRelationship is enabled or not.
DomainNames list<string> A list of domain names in that are part of this OrganizationRelationship.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
CloudServicesMailEnabled boolean The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers.
ConnectorType string The type of connector. Can be "Partner" or "OnPremises".
RecipientDomains list<string> The RecipientDomains parameter specifies the domains that the Outbound connector routes mail to. You can specify multiple domains separated by commas.
TlsSettings string The TlsSettings parameter specifies the TLS authentication level that is used for outbound TLS connections established by this Outbound connector.
AllAcceptedDomains boolean The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization.
IsValid boolean Whether or not this OutboundConnector is valid.
ValidationRecipients list<string> The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector.
Identity string The id of this OutboundConnector.
UseMXRecord boolean The UseMXRecord parameter enables or disables DNS routing for the connector.
SmartHosts list<string> The SmartHosts parameter specifies the smart host that the Outbound connector uses to route mail.
TlsDomain string The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can not embed a wildcard character, as shown in the following example: domain.*.contoso.com
IsTransportRuleScoped boolean The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule).
SenderRewritingEnabled boolean The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for traffic to on-premises. This parameter is only effective for OnPremises connectors as Partner connectors already have SRS rewriting enabled.
TestMode boolean The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector.
IsValidated boolean The IsValidated parameter specifies whether the Outbound connector has been validated.
Enabled boolean Whether this OutboundConnector is enabled or not.
RouteAllMessagesViaOnPremises boolean The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system in hybrid organizations.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
RulesEnabled boolean Specifies whether a user can view, create, or modify server-side rules in Outlook on the web.
NpsSurveysEnabled boolean Specifies whether to enable or disable the Net Promoter Score (NPS) survey in Outlook on the web. The survey allows users to rate Outlook on the web on a scale of 1 to 5, and to provide feedback and suggested improvements in free text.
AllowOfflineOn string Specifies when Outlook Web App in offline mode is available for supported web browsers. Valid values are: PrivateComputersOnly: Offline mode is available in private computer sessions. By default in Exchange 2013 or later and Exchange Online, all Outlook on the web sessions are considered to be on private computers. In Exchange 2013 or later, users can only specify public computer sessions if you've enabled the private/public selection on the sign in page (the LogonPagePublicPrivateSelectionEnabled parameter value is $true on the Set-OwaVirtualDirectory cmdlet). NoComputers: Offline mode is disabled. AllComputers: Offline mode is available for public and private computer sessions.
NotesEnabled boolean Specifies whether the Notes folder is available in Outlook on the web.
SatisfactionEnabled boolean Specifies whether to enable or disable the satisfaction survey.
OutlookBetaToggleEnabled boolean Specifies whether to enable or disable the Outlook on the web Preview toggle. The Preview toggle allows users to try the new Outlook on the web experience.
LinkedInEnabled boolean If False, LinkedIn contact synchronization is disabled.
WebReadyDocumentViewingOnPublicComputersEnabled boolean Specifies whether WebReady Document Viewing is in public computer sessions.
TextMessagingEnabled boolean Specifies whether users can send and receive text messages in Outlook on the web.
id string id of the OwaMailboxPolicy
OnSendAddinsEnabled boolean Specifies whether to enable or disable on send add-ins in Outlook on the web (add-ins that support events when a user clicks Send).
OWALightEnabled boolean Controls the availability of the light version of Outlook on the web.
AdditionalStorageProvidersAvailable boolean If False, additional storage providers (such as Box, DropBox, etc.) in Outlook on the Web will be restricted.
InstantMessagingType string Specifies the type of instant messaging provider in Outlook on the web. Valid values are: None: This is the default value in on-premises Exchange. Ocs: Lync or Skype (formerly known as Office Communication Server). This is the default value in Exchange Online.
OrganizationEnabled boolean When the OrganizationEnabled parameter is set to false, the Automatic Reply option doesn't include external and internal options, the address book doesn't show the organization hierarchy, and the Resources tab in Calendar forms is disabled. The default value is true.
GlobalAddressListEnabled boolean Specifies whether the global address list is available in Outlook on the web.
InternalSPMySiteHostURL string Specifies the My Site Host URL for internal users (for example, https://sp01.contoso.com).
ThemeSelectionEnabled boolean Specifies whether users can change the theme in Outlook on the web.
OutboundCharset string Specifies the character set that's used for outgoing messages in Outlook on the web. Valid values are: AutoDetect: Examine the first 2 kilobytes (KB) of text in the message to determine the character set that's used in outgoing messages. This is the default value. AlwaysUTF8: Always use UTF-8 encoded Unicode characters in outgoing messages, regardless of the detected text in the message, or the user's language choice in Outlook on the web. Use this value if replies to UTF-8 encoded messages aren't being encoded in UTF-8. UserLanguageChoice: Use the user's language choice in Outlook on the web to encode outgoing messages.
BookingsMailboxCreationEnabled boolean Allows you disable Microsoft Bookings.
ShowOnlineArchiveEnabled boolean Available only in the cloud-based service. Description pending.
ForceSaveFileTypes list<string> Specifies the attachment file types (file extensions) that can only be saved from Outlook on the web (not opened).
WebReadyDocumentViewingSupportedFileTypes list<string> This is a read-only parameter that can't be modified; use the WebReadyFileTypes parameter instead.
UMIntegrationEnabled boolean Specifies whether Unified Messaging (UM) integration is enabled in Outlook on the web.
GroupCreationEnabled boolean Specifies whether Microsoft 365 Group creation is available in Outlook and Outlook on the web.
ClassicAttachmentsEnabled boolean Specifies whether users can attach local files as regular email attachments in Outlook on the web.
IsValid boolean The validity for the OwaMailboxPolicy.
ForceSaveMimeTypes list<string> Specifies the MIME extensions in attachments that only allow the attachments to be saved locally (not opened).
IsDefault boolean Specifies whether the Outlook on the web policy is the default policy that's used to configure the Outlook on the web settings for new mailboxes.
LogonAndErrorLanguage number Specifies the language that used in Outlook on the web for forms-based authentication and for error messages when a user's current language setting can't be read.
SaveAttachmentsToCloudEnabled boolean Specifies whether users can save regular email attachments to the cloud.
DisplayPhotosEnabled boolean Specifies whether users see sender photos in Outlook on the web.
AdditionalAccountsEnabled boolean Available only in the cloud-based service. Description pending.
ForceSaveAttachmentFilteringEnabled boolean Specifies whether files are filtered before they can be saved from Outlook on the web.
UserVoiceEnabled boolean Specifies whether to enable or disable Outlook UserVoice in Outlook on the web. Outlook UserVoice is a customer feedback area that's available in Microsoft 365.
PersonalAccountCalendarsEnabled boolean Specifies whether to allow users to connect to their personal Outlook.com or Google Calendar in Outlook on the web.
ChangePasswordEnabled boolean Specifies whether users can change their passwords from inside Outlook on the web.
TasksEnabled boolean Specifies whether Tasks folder is available in Outlook Web App.
ReferenceAttachmentsEnabled boolean Specifies whether users can attach files from the cloud as linked attachments in Outlook on the web.
PrintWithoutDownloadEnabled boolean Specifies whether to allow printing of supported files without downloading the attachment in Outlook on the web.
TeamsnapCalendarsEnabled boolean Specifies whether to allow users to connect to their personal TeamSnap calendars in Outlook on the web.
ExternalImageProxyEnabled boolean Specifies whether to load all external images through the Outlook external image proxy.
SignaturesEnabled boolean Specifies whether to enable or disable the use of signatures in Outlook on the web.
PlacesEnabled boolean Specifies whether to enable or disable Places in Outlook on the web. Places lets users search, share, and map location details by using Bing.
BlockedMimeTypes list<string> Specifies MIME extensions in attachments that prevent the attachments from being saved locally or viewed from Outlook on the web.
ReportJunkEmailEnabled boolean Specifies whether users can report messages as junk or not junk to Microsoft in Outlook on the web.
PredictedActionsEnabled boolean Description pending.
PublicFoldersEnabled boolean Specifies whether a user can browse or read items in public folders in Outlook Web App.
ForceWebReadyDocumentViewingFirstOnPrivateComputers boolean Secifies whether private computers must first preview an Office file as a web page in WebReady Document Viewing before opening the file from Outlook Web App.
WebReadyDocumentViewingOnPrivateComputersEnabled boolean Specifies whether WebReady Document Viewing is available in private computer sessions.
SMimeSuppressNameChecksEnabled boolean Specifies whether to suppress name check in S/MIME messages. You don't need to specify a value with this switch.
BookingsMailboxDomain string Is available only in the cloud-based service. Description pending.
MessagePreviewsDisabled boolean Description pending.
ProjectMocaEnabled boolean Enables or disables access to Project Moca in Outlook on the web.
AllowedOrganizationAccountDomains list<string> Available only in the cloud-based service. Description pending.
UserDiagnosticEnabled boolean Description pending.
RecoverDeletedItemsEnabled boolean Specifies whether a user can use Outlook Web App to view, recover, or delete permanently items that have been deleted from the Deleted Items folder.
JournalEnabled boolean Specifies whether the Journal folder is available in Outlook on the web.
ActionForUnknownFileAndMIMETypes string Specifies how to handle file types that aren't specified in the Allow, Block, and Force Save lists for file types and MIME types. Valid values are: Allow (This is the default value.) ForceSave. Block.
BlockedFileTypes list<string> Specifies a list of attachment file types (file extensions) that can't be saved locally or viewed from Outlook on the web.
RemindersAndNotificationsEnabled boolean Specifies whether notifications and reminders are enabled in Outlook on the web.
ChangeSettingsAccountEnabled boolean Is functional only in the cloud-based service. Description pending.
WebReadyFileTypes list<string> Specifies the attachment file types (file extensions) that can be viewed by WebReady Document Viewing in Outlook on the web.
Identity string Specifies the Outlook on the web mailbox policy that you want to modify.
WebReadyDocumentViewingSupportedMimeTypes list<string> This is a read-only parameter that can't be modified; use the WebReadyMimeTypes parameter instead.
InterestingCalendarsEnabled boolean Specifies whether interesting calendars are available in Outlook on the web
IRMEnabled boolean Specifies whether Information Rights Management (IRM) features are available in Outlook on the web.
WacViewingOnPublicComputersEnabled boolean Specifies whether to enable or disable web viewing of supported Office documents in public computer sessions in Office Online Server.
FeedbackEnabled boolean Specifies whether to enable or disable inline feedback surveys in Outlook on the web.
ExternalSPMySiteHostURL string Specifies the My Site Host URL for external users (for example, https://sp01.contoso.com).
SilverlightEnabled boolean Specifies whether a user can use Microsoft Silverlight features in Outlook Web App.
UseGB18030 boolean Specifies whether to use the GB18030 character set instead of GB2312 in Outlook on the web.
PhoneticSupportEnabled boolean Specifies phonetically spelled entries in the address book. This parameter is available for use in Japan.
PremiumClientEnabled boolean Controls the availability of the full version of Outlook Web App.
ContactsEnabled boolean Specifies whether to enable or disable Contacts in Outlook Web App.
LocalEventsEnabled boolean Specifies whether local events calendars are available in Outlook on the web.
ForceWacViewingFirstOnPublicComputers boolean Specifies whether public computers must first preview an Office file as a web page in Office Online Server before opening the file in the local application.
WebPartsFrameOptionsType string Specifies what sources can access web parts in IFRAME or FRAME elements in Outlook on the web. Valid values are: None: There are no restrictions on displaying Outlook on the web content in a frame. SameOrigin: This is the default value and the recommended value. Display Outlook on the web content only in a frame that has the same origin as the content. Deny: Blocks display of Outlook on the web content in a frame, regardless of the origin of the site attempting to access it.
WeatherEnabled boolean Specifies whether to enable or disable weather information in the calendar in Outlook on the web.
SetPhotoURL string Controls where users go to select their photo. Note that you can't specify a URL that contains one or more picture files, as there is no mechanism to copy a URL photo to the properties of the users' Exchange Online mailboxes.
DelegateAccessEnabled boolean Specifies whether delegates can use Outlook on the web or Outlook Web App to open folders that they have delegate access to.
WebReadyMimeTypes list<string> Specifies the MIME extensions of attachments that allow the attachments to be viewed by WebReady Document Viewing in Outlook on the web.
ItemsToOtherAccountsEnabled boolean Available only in the cloud-based service. Description pending.
ConditionalAccessPolicy string Specifies the Outlook on the Web Policy for limited access. For this feature to work properly, you also need to configure a Conditional Access policy in the Azure Active Directory Portal. Valid values are: Off: No conditional access policy is applied to Outlook on the web. This is the default value. ReadOnly: Users can't download attachments to their local computer, and can't enable Offline Mode on non-compliant computers. They can still view attachments in the browser. ReadOnlyPlusAttachmentsBlocked: All restrictions from ReadOnly apply, but users can't view attachments in the browser.
OneWinNativeOutlookEnabled boolean Controls the availability of the new Outlook for Windows App.
WacEditingEnabled boolean Specifies whether to enable or disable editing documents in Outlook on the web by using Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server).
AllowCopyContactsToDeviceAddressBook boolean Specifies whether users can copy the contents of their Contacts folder to a mobile device's native address book when using Outlook on the web for devices.
SpellCheckerEnabled boolean Specifies whether to enable or disable the built-in Outlook Web App spell checker in the full version of Outlook Web App.
DirectFileAccessOnPrivateComputersEnabled boolean Specifies the left-click options for attachments in Outlook on the web for private computer sessions.
FacebookEnabled boolean If False, Facebook contact synchronization is disabled.
AllowedFileTypes list<string> Specifies the attachment file types (file extensions) that can be saved locally or viewed from Outlook on the web.
SearchFoldersEnabled boolean Specifies whether Search Folders are available in Outlook on the web.
ThirdPartyFileProvidersEnabled boolean Description pending.
SkipCreateUnifiedGroupCustomSharepointClassification boolean Specifies whether to skip a custom SharePoint page during the creation of Microsoft 365 Groups in Outlook on the web.
CalendarEnabled boolean Specifies whether to enable or disable the calendar in Outlook Web App.
ForceWebReadyDocumentViewingFirstOnPublicComputers boolean Specifies whether Public computers must first preview an Office file as a web page in WebReady Document Viewing before opening the file from Outlook Web App.
WacViewingOnPrivateComputersEnabled boolean Specifies whether to enable or disable web viewing of supported Office documents private computer sessions in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server).
Name string Name of the OwaMailboxPolicy
ConditionalAccessFeatures list<string> Description pending.
SetPhotoEnabled boolean Specifies whether users can add, change, and remove their sender photo in Outlook on the web.
WebReadyDocumentViewingForAllSupportedTypes boolean Specifies whether to enable WebReady Document Viewing for all supported file and MIME types.
InstantMessagingEnabled boolean Specifies whether instant messaging is available in Outlook on the web. This does not affect chat capabilities provided by Skype for Business or Teams.
PersonalAccountsEnabled boolean Available only in the cloud-based service. Description pending.
AllAddressListsEnabled boolean Specifies which address lists are available in Outlook on the web.
DefaultTheme string Specifies the default theme that's used in Outlook on the web when the user hasn't selected a theme.
ExplicitLogonEnabled boolean Specifies whether to allow a user to open someone else's mailbox in Outlook on the web (provided that user has permissions to the mailbox).
ActiveSyncIntegrationEnabled boolean Specifies whether to enable or disable Exchange ActiveSync settings in Outlook on the web.
SMimeEnabled boolean Specifies whether users can download the S/MIME control for Outlook Web App and use it to read and compose signed and encrypted messages.
WacOMEXEnabled boolean Specifies whether to enable or disable apps for Outlook in Outlook on the web in Office Online Server.
WacExternalServicesEnabled boolean Specifies whether to enable or disable external services when viewing documents in Outlook on the web (for example, machine translation) by using Office Online Server.
AllowedMimeTypes list<string> Specifies the MIME extensions of attachments that allow the attachments to be saved locally or viewed from Outlook on the web.
JunkEmailEnabled boolean Specifies whether the Junk Email folder and junk email management are available in Outlook on the web.
ForceWacViewingFirstOnPrivateComputers boolean Specifies whether private computers must first preview an Office file as a web page in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server) before opening the file in the local application.
UseISO885915 boolean Specifies whether to use the character set ISO8859-15 instead of ISO8859-1 in Outlook on the web.
DirectFileAccessOnPublicComputersEnabled boolean Specifies the left-click options for attachments in Outlook on the web for public computer sessions.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Name string Name of the Quarantine policy, e.g. "DefaultFullAccessPolicy".
ESNEnabled boolean The ESNEnabled parameter specifies whether to enable quarantine notifications (formerly known as end-user spam notifications) for the policy.
EndUserQuarantinePermissions list<object> List of end user quarantine permissions.
QuarantinePolicyType string Type of quarantine policy.
QuarantineRetentionDays number Retention of quarantine policy in days.
Identity string Specifies the name, distinguished name (DN), or GUID of the quarantine policy.
IsValid boolean Whether this QuarantinePolicy is valid or not.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Name string The name of the Remote Domain asset. The default Remote Domain on an O365 account has name "Default", and domain "*".
DomainName string The remote domain that is being configured. "*" represents any remote domain. The default Remote Domain setting in an O365 account has the name "Default" and domain "*".
AutoForwardEnabled boolean If False, AutoForwarding of email to this remote domain will not be allowed.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
RetentionId string The identity of the retention policy to ensure mailboxes moved from an on-premises Exchange deployment to the cloud continue to have the same retention policy applied to them.
IsDefault boolean Whether the retention policy is the default retention policy.
RetentionPolicyTagLinks list<string> RetentionPolicyTag The RetentionPolicyTags associated.
id string The unique identifier for this retention policy.
Name string Unique name for the retention policy.
IsValid boolean Whether the retention policy is valid.
IsDefaultArbitrationMailbox boolean Whether default retention policy for arbitration mailboxes in Exchange Online organization.
Identity string Specifies the name, distinguished name (DN),or GUID of the retention policy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
TriggerForRetention string Specifies the date that's considered as the start date of the retention period. An item can reach its retention limit a specific number of days after the item was delivered or after it was moved into a specific folder. Valid values include: WhenDelivered The item expires based on when it was delivered. WhenMoved The item expires based on the date it was moved. If this parameter isn't present and the RetentionEnabled parameter is set to $true, an error is returned.
RawRetentionId string Specifies the raw RetentionId.
Type string Specifies the type of retention tag being created.
IsValid boolean Specifies whether the retention policy tag is valid.
LocalizedComment list<string> Specifies localized comments and their languages.
Comment string Specifies a comment for the tag.
id string The unique identifier for this retention policy tag.
IsPrimary boolean Specifies whether its primary retention policy tag.
LocalizedRetentionPolicyTagName list<string> Specifies localized tag names and their languages.
Identity string Specifies the name of the tag.
Name string Specifies the name of the retention policy tag.
RetentionId string Specifies an alternate tag ID to ensure the retention tag found on mailbox items tagged in one Exchangeorganization matches the tag when the mailbox is moved to another Exchange organization.
MustDisplayCommentEnabled boolean Specifies whether the comment can be hidden..
SystemTag boolean Specifies that the tag is created for internal Exchange functionality.
Description string Specifies a Description for the tag.
LegacyManagedFolder string Specifies the name of a managed folder. The retention tag is created by using retention settings from the managed folder and its managed content settings. You can use this parameter to create retention tags based on existing managed folders to migrate users from managed folder mailbox policies to retention policies.
MessageClassDisplayName string Specifies the message class display name.
RetentionEnabled boolean Specifies whether the tag is enabled. When set to False, the tag is disabled, and no retentionaction is taken on messages that have the tag applied.
RetentionAction string Specifies the action for the retention policy.
AgeLimitForRetention number Specifies the age at which retention is enforced on an item. The age limit corresponds to the number of days from the date the item was delivered,or the date an item was created if it wasn't delivered.
MessageClass string Specifies the message type to which the tag applies. If not specified, the default value is set to '*'.
MoveToDestinationFolder string Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AssignedRoles list<string> List of roles assigned to this policy. Some sample values are "My Custom Apps", "My Marketplace Apps", "My ReadWriteMailbox Apps".
Name string Name of the policy.
Description string Description of the role assignment policy.
IsDefault boolean True if this is the default role assignment policy.
IsValid boolean True if this is a valid role assignment policy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Identity string The identifier for this policy.
id string id of the SafeAttachmentPolicy
ActionOnError boolean Specifies the error handling option for Safe Attachments scanning (what to do if attachment scanning times out or an error occurs). Valid values are: true: This is the default value. The action specified by the Action parameter is applied to messages even when the attachments aren't successfully scanned. This value is required when the Redirect parameter value is $true. Otherwise, messages might be lost. false: The action specified by the Action parameter isn't applied to messages when the attachments aren't successfully scanned.
ConfidenceLevelThreshold number Description pending.
Action string The Action parameter specifies the action for the safe attachment policy. Valid values are: Allow: Deliver the message if malware is detected in the attachment and track scanning results. This value corresponds to Monitor for the Safe Attachments unknown malware response property of the policy in the admin center. Block: Block the email message that contains the malware attachment. This is the default value. Replace: Deliver the email message, but remove the malware attachment and replace it with warning text. DynamicDelivery: Deliver the email message with a placeholder for each email attachment. The placeholder remains until a copy of the attachment is scanned and determined to be safe.
EnableOrganizationBranding boolean Description pending.
Enable boolean If true, the Action parameter specifies the action for the Safe Attachment policy. If false, Attachments are not scanned by Safe Attachments.
IsValid boolean The validity for the SafeAttachmentPolicy.
QuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as malware by Safe Attachments.
ScanTimeout number Description pending.
RedirectAddress string Specifies the email address to deliver messages that were identified by Safe Attachments as containing malware attachments when the Redirect parameter is set to the value true.
OperationMode string Description pending.
Name string Name of the SafeAttachmentPolicy
IsDefault boolean Whether the SafeAttachmentPolicy is the default policy.
IsBuiltInProtection boolean Description pending.
Redirect boolean Specifies whether to deliver messages that were identified by Safe Attachments as containing malware attachments to another email address.
AdminDisplayName string Specifies a description for the policy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
EnableForInternalSenders boolean Specifies whether the Safe Links policy is applied to messages sent between internal senders and internal recipients within the same Exchange Online organization.
CustomNotificationText string Specifies the customized notification text to show to users.
id string Unique ID of the SafeLinksPolicy.
AllowClickThrough boolean The AllowClickThrough parameter specifies whether to allow users to click through to the original URL on warning pages.
DoNotRewriteUrls list<string> Specifies the URLs that are not rewritten by Safe Links scanning.
DeliverMessageAfterScan boolean Specifies whether to deliver email messages only after Safe Links scanning is complete.
DisableUrlRewrite boolean Specifies whether to rewrite (wrap) URLs in email message.
EnableSafeLinksForOffice boolean The EnableSafeLinksForOffice parameter specifies whether to enable Safe Links protection for Microsoft Office Apps.
IsValid boolean Whether SafeLinksPolicy is valid one.
RecommendedPolicyType string Used for Standard and Strict policy creation.
EnableSafeLinksForEmail boolean The EnableSafeLinksForEmail parameter specifies whether to enable Safe Links protection for email messages.
TrackClicks boolean Specifies whether to track user clicks related to Safe Links protection of links.
EnableOrganizationBranding boolean Specifies whether your organization's logo is displayed on Safe Links warning and notification pages..
ScanUrls boolean Specifies whether to enable or disable real-time scanning of clicked links in email messages.
EnableSafeLinksForTeams boolean Specifies whether Safe Links is enabled for Microsoft Teams.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
id string Combination of azureTenantId_createdDateTime.
azureTenantId string GUID string for tenant ID.
createdDateTime number The date when the entity is created.
maxScore number Tenant maximum possible score on specified date.
currentScore number Tenant current attained score on specified date.
controlScores list<object> Contains tenant scores for a set of controls.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
coreRequestFilesLinkEnabled boolean Enable or disable the Request files link on the core partition for all SharePoint sites (not including OneDrive sites). If this value is not set, Request files will only show for OneDrives with Anyone links enabled.
storageQuotaAllocated number Storage quota that is allocated for all sites in the tenant.
blockMacSync boolean If True, MacOS devices cannot sync files from OneDrive / SharePoint.
iPAddressAllowList string Comma separated list of allowed IP addresses or IP address ranges.
resourceQuota number Resource quota that is available for all sites in the tenant.
anyoneLinkTrackUsers boolean Specifies whether anyone links should track link users.
customizedExternalSharingServiceUrl string Specifies a URL that will be appended to the error message that is surfaced when a user is blocked from sharing externally by policy. This URL can be used to direct users to internal portals to request help or to inform them about your organization's policies. An example value is "https://www.contoso.com/sharingpolicies".
oneDriveRequestFilesLinkEnabled boolean Enable or disable the Request files link on the OneDrive partition for all OneDrive sites.
reduceTempTokenLifetimeEnabled boolean Enables reduced session timeout for temporary URLs used by apps for document download scenarios.
externalServicesEnabled boolean Enables external services(services that are not in the Office 365 datacenters) for a tenant.
fileAnonymousLinkType string Type of anonymous access link of files to allow recipients to only view or view and edit.
ownerAnonymousNotification boolean If true, OneDrive owners will receive a notification when an anonymous link is created or changed.
conditionalAccessPolicyErrorHelpLink string A Link for help when Conditional Access Policy blocks a user.
disableSpacesActivation boolean Specifies whether activation of spaces are disabled or not.
iPAddressWACTokenLifetime number Allows to set the session timeout. If you are a tenant administrator and you begin IP address enforcement for OneDrive for Business in Office 365, this enforcement automatically activates a tenant parameter IPAddressWACTokenLifetime. The default value is 15 minutes, when IP Address Enforcement is True.
blockAccessOnUnmanagedDevices boolean If true, unmanaged devices will not be allowed access to SharePoint. Note only one of the allowLimitedAccessOnUnmanagedDevices and blockAccessOnUnmanagedDevices settings can be true at the same time. If both settings are false, then all devices, unmanaged or not, will have full access to SharePoint.
oneDriveForGuestsEnabled boolean Lets OneDrive for Business creation for administrator managed guest users. Administrator managed Guest users use credentials in the resource tenant to access the resources.
excludedFileExtensionsForSyncClient list<string> The list of excluded file extensions when syncing OneDrive files.
permissiveBrowserFileHandlingOverride boolean Enables the Permissive browser file handling. By default, the browser file handling is set to Strict.
userVoiceForFeedbackEnabled boolean Enables or disables the User Voice Feedback button.
viewInFileExplorerEnabled boolean Enables or disables the ability to use View in Explorer in Microsoft Edge (93) or above.
allowLimitedAccessOnUnmanagedDevices boolean If true, unmanaged devices will only be allowed limited, web-only access to SharePoint. Note only one of the allowLimitedAccessOnUnmanagedDevices and blockAccessOnUnmanagedDevices settings can be true at the same time. If both settings are false, then all devices, unmanaged or not, will have full access to SharePoint.
conditionalAccessPolicy string Specifies conditional access policy for the tenant.
oneDriveLoopSharingCapability string Specifies sharing capabilities of Onedrive loop.
commentsOnFilesDisabled boolean Disables or enables commenting functionality on the files.
isWBFluidEnabled boolean Specifies whether Whiteboard is enabled or disabled for OneDrive for Business users. Whiteboard on OneDrive for Business is automatically enabled for applicable Microsoft 365 tenants but can be disabled.
startASiteFormUrl string Specifies URL of the form to load in the Start a Site dialog.
oneDriveStorageQuota number Specifies a default OneDrive for Business storage quota for the tenant. It will be used for new OneDrive for Business sites created.
syncPrivacyProfileProperties boolean Specifies whether privacy profile properties synced or not.
disableCustomAppAuthentication boolean Prevents apps using an Azure Access Control (ACS) app-only access token to access SharePoint.
emailAttestationRequired boolean Sets email attestation to required.
filePickerExternalImageSearchEnabled boolean For Webparts that support inserting images, like for example Image or Hero webpart, the Web search (Powered by Bing) option will be available if enabled.
isCollabMeetingNotesFluidEnabled boolean Specifies whether CollabMeetingNotes Fluid Framework is enabled or not.
provisionSharedWithEveryoneFolder boolean Creates a Shared with Everyone folder in every user's new OneDrive for Business document library.
coreRequestFilesLinkExpirationInDays number Specifies the number of days before a Request files link expires for all SharePoint sites (not including OneDrive sites).
disabledModernListTemplateIds list<string> An array of modern List template ids that are disabled on the tenant.
showEveryoneExceptExternalUsersClaim boolean Enables the administrator to hide the "Everyone except external users" claim in the People Picker.
viewersCanCommentOnMediaDisabled boolean Controls whether viewers commenting on media items is disabled or not.
requireAnonymousLinksExpireInDays number The number of days before an anonymous sharing link for a file expires. A value of -1 indicates no expiry.
allowGuestUserShareToUsersNotInSiteCollection boolean This setting will allow guests to share to users not in the site.
compatibilityRange string Determines which compatibility range is available for new site collections
coreSharingCapability string Determines what level of sharing is available for SharePoint sites (not including OneDrive sites).
disableBackToClassic boolean Specifies whether back to classic link is disabled in Modern UX.
enableAutoNewsDigest boolean Enable or disable auto news digest.
specialCharactersStateInFileFolderNames string Permits the use of special characters in file and folder names in SharePoint Online and OneDrive for Business document libraries.
sharingBlockedDomainList list<string> List of domains that resources will not be allowed to be shared with, if "sharingDomainRestrictionMode" = "BlockList"
allowAnonymousMeetingParticipantsToAccessWhiteboards string Specifies whether to allow anonymous meeting participants to access whiteboards.
allowEditing boolean Prevents users from editing Office files in the browser and copying and pasting Office file contents out of the browser window.
applyAppEnforcedRestrictionsToAdHocRecipients boolean When the feature is enabled, all guest users are subject to conditional access policy. By default guest users who are accessing SharePoint Online files with pass code are exempt from the conditional access policy.
enableAIPIntegration boolean This parameter enables SharePoint to process the content of files stored in SharePoint and OneDrive with sensitivity labels that include encryption.
disabledWebPartIds list<string> Allows administrators to prevent certain web parts from being added to pages or rendering on pages on which they were previously added.
reduceTempTokenLifetimeValue number Specifies the session timeout value for temporary URLs. The value can be in between 5 and 15 minutes and the default value is 15 minutes.
showEveryoneClaim boolean Enables the administrator to hide the Everyone claim in the People Picker.
showPeoplePickerGroupSuggestionsForIB boolean The ShowPeoplePickerGroupSuggestionsForIB setting allows showing group suggestions for information barriers (IBs) in the People Picker.
stopNew2010Workflows boolean Prevents creation of new SharePoint 2010 classic workflows.
notifyOwnersWhenInvitationsAccepted boolean If true, OneDrive owners will receive a notification when external users accept invitations to access files.
blockSendLabelMismatchEmail boolean When a sensitivity label mismatch occurs between the label on the document uploaded and the label on the site, SharePoint Online captures an audit record, and sends an Incompatible sensitivity label detected email notification to the person who uploaded the document and the site owner. The notification contains details of the document which caused the problem and the label assigned to the document and to the site. The comparison happens between the priority of these two labels.
disableListSync boolean Specifies whether Nucleus Sync should be disabled for Lists.
sharingCapability string Specifies what level of sharing is available for the site.
stopNew2013Workflows boolean Prevents creation of new SharePoint 2013 classic workflows.
orphanedPersonalSitesRetentionPeriod number Specifies the number of days after a user's Active Directory account is deleted that their OneDrive for Business content will be deleted.
includeAtAGlanceInShareEmails boolean Enable or disable the At A Glance feature in sharing e-mails. This provides the key points and time to read for the shared item if available.
limitedAccessFileType string Allows users to preview only Office files in the browser. This option increases security, but may be a barrier to user productivity.
allowOverrideForBlockUserInfoVisibility boolean Specifies whether to override block user info visibility.
disablePersonalListCreation boolean Specifies whether personal list creation is disabled or not.
socialBarOnSitePagesDisabled boolean The Social Bar will appear on all modern SharePoint pages with the exception of the home page of a site. It will give users the ability to like a page, see the number of views, likes, and comments on a page, and see the people who have liked a page.
enableGuestSignInAcceleration boolean Accelerates guest-enabled site collections as well as member-only site collections when the SignInAccelerationDomain parameter is set.
folderAnonymousLinkType string Type of anonymous access link of folders to allow recipients to only view or view and edit.
notificationsInOneDriveForBusinessEnabled boolean Enables or disables notifications in OneDrive for Business.
displayStartASiteOption boolean If false, the site creation command will be hidden in SharePoint.
allowCommentsTextOnEmailEnabled boolean When this parameter is true, the email notification that a user receives when is mentioned, includes the surrounding document context.
defaultLinkPermission string Lets administrators choose the default permission of the link in the sharing dialog box in OneDrive for Business and SharePoint Online. This applies to anonymous access, internal and direct links.
preventExternalUsersFromResharing boolean If True, external users will not be able to share files and folders unless they were the original owner of the resource.
bccExternalSharingInvitations boolean When the feature is enabled, all external sharing invitations that are sent will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.
commentsOnSitePagesDisabled boolean Disables or enables commenting functionality on the site pages.
externalUserExpireInDays number Specifies the number of days before an external user will expire and be removed from the site collection if the policy is enabled. Value can be from 30 to 730 days.
oDBAccessRequests string Specifies if AccessRequests is On, Off or Unspecified for Onedrive for Business.
useFindPeopleInPeoplePicker boolean This feature enables tenant admins to enable ODB and SPO to respect Exchange supports Address Book Policy (ABP) policies in the people picker.
showOpenInDesktopOptionForSyncedFiles boolean The ShowOpenInDesktopOptionForSyncedFiles setting displays the "Open in desktop" option when users go to SharePoint or OneDrive on the web and open the shortcut menu for a file that they're syncing with the OneDrive sync app.
signInAccelerationDomain string Specifies the home realm discovery value to be sent to Azure Active Directory (AAD) during the user sign-in process.
mediaTranscription string Defines the media transcription policy.
oneDriveRequestFilesLinkExpirationInDays number Specifies the number of days before a Request files link expires for all OneDrive sites. The value can be from 0 to 730 days.
resourceQuotaAllocated number Resource quota that is allocated for all sites in the tenant.
legacyAuthProtocolsEnabled boolean If False, basic authentication and other legacy authentication mechanisms are not allowed for this SharePoint tenant.
informationBarriersSuspension boolean Specifies whether information barriers suspensed or not.
showPeoplePickerSuggestionsForGuestUsers boolean Shows people picker suggestions for guest users.
oDBMembersCanShare string Specifies if MembersCanShare is On, Off or Unspecified for Onedrive for Business.
publicCdnEnabled boolean Enables or disables the public CDN.
storageQuota number Storage quota that is available for all sites in the tenant.
workflow2010Disabled boolean Specifies whether workflow 2010 is disabled or not.
contentTypeSyncSiteTemplatesList list<string> When the feature is enabled, the Content Type Hub will push content types to OneDrive for Business sites.
iPAddressEnforcement boolean Allows access from network locations that are defined by an administrator.
isFluidEnabled boolean Specifies whether Fluid Framework is enabled or not.
noAccessRedirectUrl string Specifies the URL of the redirected site for those site collections which have the locked state "NoAccess."
publicCdnOrigins list<string> Specifies a list of the Public CDN origins.
showAllUsersClaim boolean Enables the administrator to hide the All Users claim groups in People Picker.
displayNamesOfFileViewersInSpo boolean If true, file owners can see the names of people who viewed their files in SharePoint.
disableOutlookPSTVersionTrimming boolean Specifies whether Outlook PST version trimming is disabled or not.
enableAzureADB2BIntegration boolean Enables the preview for OneDrive and SharePoint integration with Azure AD B2B.
defaultSharingLinkType string Lets administrators choose what type of link appears is selected in the "Get a link" sharing dialog box in OneDrive for Business and SharePoint Online.
officeClientADALDisabled boolean When set to true this will disable the ability to use Modern Authentication that leverages ADAL across the tenant.
disallowInfectedFileDownload boolean If True, files that ATP has detected as infected will not be allowed to be downloaded via SharePoint.
sharingDomainRestrictionMode string The sharing domain restriction being used. Possible values are: "None", "AllowList", "BlockList".
requireAcceptingAccountMatchInvitedAccount boolean If true, external users must accept sharing invitations using the same account that the invitations were sent to.
emailAttestationReAuthDays number The number of days for email attestation re-authentication. Value can be from 1 to 365 days.
markNewFilesSensitiveByDefault string If external sharing is turned on, sensitive content could be shared and accessed by guests before the Office DLP rule finishes processing, you can address this issue by configuring this parameter.
isUnmanagedSyncClientForTenantRestricted boolean If True, file syncing for OneDrive / SharePoint will only be allowed on PCs joined to specific domains. (See property "allowedDomainListForSyncClient")
blockDownloadLinksFileType string Specifies the type of files that can be displayed when the block download links feature is being used.
commentsOnListItemsDisabled boolean Disables or enables commenting functionality on list items.
searchResolveExactEmailOrUPN boolean Removes the search capability from People Picker. This also does not allow SharePoint users to search for security groups or SharePoint groups.
sharingAllowedDomainList list<string> List of domains that resources are allowed to be shared with, if "sharingDomainRestrictionMode" = "AllowList"
notifyOwnersWhenItemsReshared boolean If true, OneDrive owners will receive a notification when other users invite additional external users to shared files.
externalUserExpirationRequired boolean Specifies whether to enable the external user expiration policy.
notificationsInSharePointEnabled boolean Enables or disables notifications in SharePoint.
allowedDomainListForSyncClient list<string> The list of allowed domains if "isUnManagedSyncClientForTenantRestricted" is set to True.
blockUserInfoVisibilityInOneDrive string Specifies block user info visibility in OneDrive.
labelMismatchEmailHelpLink string This parameter allows tenant admins to customize the "Help Link" in email with the subject "Incompatible sensitivity label detected."
publicCdnAllowedFileTypes string Specifies public CDN allowed file types.
displayNamesOfFileViewers boolean If true, file owners can see the names of people who viewed their files in OneDrive.
bccExternalSharingInvitationsList string Specifies a list of e-mail addresses to be BCC'd when the BCC for External Sharing feature is enabled. Multiple addresses can be specified by creating a comma separated list with no spaces.
blockUserInfoVisibilityInSharePoint string Specifies block user info visibility in SharePoint.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
isDefault boolean True if this is the default sharing policy.
name string Name of the sharing policy.
sharingEnabled boolean The "enabled" setting from the PowerShell command. If "False", no calendar sharing is allowed with users outside of the O365 organization.
domains list<object> List of domains and what kind of calendar details can be shared with them.
id string id of the SharingPolicy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
OWAForceSMIMEClientUpgrade boolean Specifies whether or not users are forced to upgrade an S/MIME control that's older than their current version in Outlook on the web. true: Users need to download and install the new control before they can use S/MIME. This is the default value. false: Users receive a warning if the S/MIME control on their computer is not current, but they can still use S/MIME without updating the control.
OWASenderCertificateAttributesToDisplay string Controls which certificate attributes are displayed when signature verification proceeds despite a mismatch between the sender's email address and the email address in sender's certificate.
OWAAlwaysEncrypt boolean Specifies whether all outgoing messages are automatically encrypted in Outlook on the web.
OWAClearSign boolean Specifies how email messages are signed in Outlook on the web. Valid values are: true: Digitally signed messages are clear-signed. This is the default value. false: digitally signed messages are opaque-signed.
OWADisableCRLCheck boolean Enables or disables CRL checking in Outlook on the web. Valid values are: true: CRL checks are disabled when validating certificates. false: CRL checks are enabled when validating certificates.This is the default value.
OWADLExpansionTimeout number Specifies the time in milliseconds that Outlook on the web waits when sending encrypted messages to members of a distribution group that requires expansion. A valid value is an integer between 0 and 4294967295 (UInt32). The default value is 60000 (60 seconds). If the operation doesn't complete in the time specified by this parameter, the operation fails and the message is not sent.
OWASigningAlgorithms string Specifies the list of symmetric encryption signing algorithms that are used by Outlook on the web to sign messages with the S/MIME control. Valid values are: 8003: CALG_MD5 or 128-bit MD5. 800E: CALG_SHA_512 or 512-bit Secure Hash Algorithm (SHA). 800D: CALG_SHA_384 or 384-bit SHA. 800C: CALG_SHA_256 or 256-bit SHA. 8004: SHA1 or 160-bit SHA-1 (This is the default value)
SMIMECertificatesExpiryDate number Description pending.
OWAAllowUserChoiceOfSigningCertificate boolean Specifies whether to allow users to select the certificate to use when they digitally sign email messages in Outlook on the web.
Name string Unique name for the smime config.
OWASignedEmailCertificateInclusion boolean Specifies whether the sender's encryption certificate is excluded from a signed email message in Outlook on the web. Valid values are: true: Outlook on the web and the S/MIME control include both signing and encrypting certificates with signed email messages. This is the default value. false: Outlook on the web and the S/MIME control do not include signing and encrypting certificates with signed email messages.
id string The unique identifier for this smime config.
OWAOnlyUseSmartCard boolean Specifies whether smartcard-based certificates are required for Outlook on the web message signing and decryption.
OWAUseSecondaryProxiesWhenFindingCertificates boolean Specifies whether alternative proxies are used during the certificate search in Outlook on the web.
SMIMEExpiredCertificateThumbprint string Description pending.
OWAIncludeCertificateChainAndRootCertificate boolean Specifies whether the certificate chains and root certificates of the signing or encryption certificates are included in the message in Outlook on the web.
OWAIncludeSMIMECapabilitiesInMessage boolean Specifies whether signed and encrypted messages in Outlook on the web include attributes that describe the supported encryption and signing algorithms.
OWATripleWrapSignedEncryptedMail boolean Specifies whether signed and encrypted email messages in Outlook on the web are triple-wrapped. Valid values are: true: A signed message is encrypted, and then the encrypted message is signed (signed-encrypted-signed). false: A signed message is encrypted only (there is no additional signing of the encrypted message). This is the default value.
IsValid boolean Whether the smime config is valid.
OWAAlwaysSign boolean Specifies whether all outgoing messages are automatically signed in Outlook on the web.
OWABCCEncryptedEmailForking number Specifies how Bcc messages are encrypted in Outlook on the web. Valid values are: 0: One encrypted message per Bcc recipient. This is the default value. 1: One single encrypted message for all Bcc recipients. 2: One encrypted message without Bcc forking.
OWACheckCRLOnSend boolean Specifies how the certificate revocation list (CRL) check is enforced when an email message is sent in Outlook on the web. Valid values are: true: When the CRL distribution point is inaccessible, Outlook on the web displays a warning dialog box and prevents signed or encrypted messages from being sent. false: When the CRL distribution point is inaccessible, Outlook on the web allows signed or encrypted messages to be sent. This is the default value.
OWACRLConnectionTimeout number Specifies the time in milliseconds that Outlook on the web waits while connecting to retrieve a single CRL as part of a certificate validation operation. A valid value is an integer between 0 and 4294967295 (UInt32). The default value is 60000 (60 seconds).
OWAEncryptTemporaryBuffers boolean Specifies whether the Outlook on the web client-side temporary message storage buffers are encrypted.
OWAIncludeCertificateChainWithoutRootCertificate boolean Specifies whether the certificate chains of the signing or encryption certificates are included in messages in Outlook on the web. Valid values are: true: Signed or encrypted messages include the full certificate chain, but not the root certificate. false: Signed or encrypted messages include only the signing and encrypting certificates, not their corresponding certificate chains. This is the default value.
OWAUseKeyIdentifier boolean Specifies whether a certificate's key identifier is used to encode the asymmetrically encrypted token in Outlook on the web.
SMIMECertificateIssuingCA list<string> Specifies the serialized certificate store (SST) that contains the Certificate Authority (CA) signing and intermediate certificate information.
OWACRLRetrievalTimeout boolean Specifies the time in milliseconds that Outlook on the web waits to retrieve all CRLs when validating a certificate. VA valid value is an integer between 0 and 4294967295 (UInt32). The default value is 10000 (10 seconds).
OWAEncryptionAlgorithms string Specifies a list of symmetric encryption algorithms that are used by Outlook on the web to encrypt messages. Valid values are: 6601: DES (56-bit). 6602: RC2. Supported key lengths are 40, 56, 64, and 128. RC2 is the only supported algorithm that offers multiple key lengths. 6603: 3DES (168-bit). 660E: AES128. 660F: AES192. 6610: AES256 (This is the default value).
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Name string The name of the Mail Transport Rule.
State string The state of the TransportRule. For example, "Enabled"
RedirectMessageTo string An email address that this MailTransportRule will auto-forward emails to.
MessageTypeMatches string Specifies a condition that looks for messages of a specified type. Possible values are "OOF", "AutoForward", "Encrypted", "Calendaring", "PermissionControlled", Voicemail", "Signed", "ApprovalRequest", and "ReadReceipt". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more information.
RejectMessageReasonText string Specifies the explanation text that's used when a TransportRule rejects a message.
Identity string The id of the TransportRule
SetScl number Spam Confidence Level. -1 = Bypass spam filters. 0-4 = perform normal spam filtering. 5-6 = mark as spam. 7-9 = mark as high confidence spam. See https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages?view=o365-worldwide for more info.
SenderDomainIs list<string> The sender domain that is being checked in this Mail Transport Rule.
Priority number The priority level of the Transport Rule that determines the order of rule processing. 0 is the highest priority.
SentToScope string The "sent to scope" condition being checked in this Transport Rule. Possible values are "InOrganization", "NotInOrganization", "ExternalPartner" and "ExternalNonPartner". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more details.
FromScope string The "from scope" condition being checked in this Transport Rule. Possible values are "InOrganization" "NotInOrganization". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more details.
RejectMessageEnhancedStatusCode string Specifies the enhanced status code that's used when the rule rejects messages. See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more information.