ATTRIBUTE TYPE REFERS TO DESCRIPTION
DomainName string SMTP domain for which the server sends and receives email.
ExternallyManaged boolean Specifies whether the domain is externally managed.
MailFlowPartner string Specifies the mail flow partner of the domain.
EnableNego2Authentication boolean Value that indicates whether the domain will use Negotiated2 authentication.
PendingFederatedAccountNamespace boolean Value that indicates whether the domain is pending a federation account request.
SendingFromDomainDisabled boolean Specifies whether the domain has sending from disabled.
PendingRemoval boolean Value that indicates whether the domain is in the process of being removed.
PerimeterDuplicateDetected boolean Value that indicates whether the domain is duplicated.
SPFTxtRecords list<string> Specifies the SPF TXT records of the domain.
DMARCTxtRecords list<string> Specifies the DMARC TXT records of the domain.
EmailOnly boolean Specifies whether the domain is email only.
LiveIdInstanceType string Specifies the live id instance type of the domain.
id string The unique identifier for this domain. (e.g. "dev-o365.yourcompany.com" or "yourcompany.onmicrosoft.com")
CanHaveCloudCache boolean Specifies whether the domain can have cloud cache.
ObjectClass list<string> Specifies the object class of the resource.
IsDefaultFederatedDomain boolean Value that indicates whether the domain is the default domain for federation requests.
FederatedOrganizationLink string Specifies the federated organization link of the domain.
IsValid boolean Specifies whether the domain is valid.
IsCoexistenceDomain boolean Value that indicates whether the domain is a coexistence domain.
OutboundOnly boolean Value that indicates whether the domain is used for outbound email only.
PendingFederatedDomain boolean Value that indicates whether the domain is pending a domain federation request.
spfRecordPublished boolean To get this value, use `nslookup -type=txt domain.com` and ensure that a value exists that contains `include:spf.protection.outlook.com.` Set this to "true" if the record is valid and existing.
DMARCRecordPublished boolean To get this value, use `nslookup -type=txt _dmarc.<domain>` and Ensure that a policy exists that starts with `v=DMARC1;`. Set this to "true" if the record is valid and existing.
Default boolean Value that indicates whether the domain is the default domain for the Exchange server.
InitialDomain boolean Value that indicates whether the domain is the initial domain for new accounts.
AuthenticationType string Indicates how email addresses in the domain are authenticated.
MatchSubDomains boolean Enables mail to be sent by and received from users on any subdomain of this accepted domain.
RawAuthenticationType string Specifies the raw authentication type of the domain.
PendingCompletion boolean Specifies whether the domain is pending completion.
DomainType string Identifies the type of domain for which the Exchange server sends and receives email.
AddressBookEnabled boolean Value that indicates whether to enable recipient filtering for this accepted domain.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AdminAuditLogEnabled boolean Indicate whether the audit log is enabled.
id string ID of the AdminAuditLogConfig
AdminAuditLogExcludedCmdlets list<string> Specifies which cmdlets should be excluded from auditing. Use this parameter if you want to exclude specific cmdlets you don't want to audit even if they match a wildcard string specified in the AdminAuditLogCmdlets parameter.
TestCmdletLoggingEnabled boolean Specifies whether the execution of test cmdlets should be logged. Test cmdlets begin with the verb Test. Valid values are true and false. The default value is false.
RefreshInterval number Description pending.
UnifiedAuditLogIngestionEnabled boolean Indicate whether the audit log search is turned on.
Name string Name of the AdminAuditLogConfig
AdminAuditLogCmdlets list<string> Specifies which cmdlets should be audited. You can specify one or more cmdlets, separated by commas. You can also use the wildcard character (*) to match multiple cmdlets in one or more of the entries in the cmdlet list. To audit all cmdlets, specify only the wildcard character (*).
AdminAuditLogAgeLimit string Specifies how long each log entry should be kept before it's deleted. The default age limit is 90 days.
AdminAuditLogParameters list<string> Specifies which parameters should be audited on the cmdlets you specified using the AdminAuditLogCmdlets parameter. You can specify one or more parameters, separated by commas. You can also use the wildcard character (*) to match multiple parameters in one or more of the entries in the parameters list. To audit all parameters, specify only the wildcard character (*).
Identity string Specifies the name of AdminAuditLog.
IsValid boolean The validity for the AdminAuditLogConfig.
LogLevel string Specifies whether additional properties should be included in the log entries. Valid values are None and Verbose.
AdminAuditLogMailbox string Description pending.
UnifiedAuditLogFirstOptInDate number Description pending.
LoadBalancerCount number Description pending.
PartitionInfo list<string> Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
IsDefault boolean Whether the AntiPhishPolicy is the default policy.
EnableTargetedDomainsProtection boolean Specifies whether to enable domain impersonation protection for a list of specified domains.
MailboxIntelligenceQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by mailbox intelligence (the MailboxIntelligenceProtectionAction parameter value is Quarantine).
Identity string Specifies the antiphish policy that you want to view.
ExcludedSenders list<string> Specifies an exception for impersonation protection that looks for the specified message sender.
EnableSimilarDomainsSafetyTips boolean Specifies whether to enable the safety tip that's shown to recipients for domain impersonation detections.
TargetedDomainProtectionAction string Specifies the action to take on detected domain impersonation messages. You specify the protected domains in the TargetedDomainsToProtect parameter. Valid values are: NoAction: This is the default value. BccMessage: Add the recipients specified by the TargetedDomainActionRecipients parameter to the Bcc field of the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. Quarantine: Move the message to quarantine. Quarantined high confidence phishing messages are only available to admins. As of April 2020, quarantined phishing messages are available to the intended recipients. Redirect: Redirect the message to the recipients specified by the TargetedDomainActionRecipients parameter.
EnableViaTag boolean If "True", the "Via Tag" will be applied to certain email messages. See https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#unauthenticated-sender for more details.
MailboxIntelligenceProtectionActionRecipients list<string> Specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage.
TargetedDomainActionRecipients list<string> Specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage.
EnableMailboxIntelligence boolean Specifies whether to enable or disable mailbox intelligence, which is artificial intelligence (AI) that determines user email patterns with their frequent contacts. Mailbox intelligence helps distinguish between messages from legitimate and impersonated senders based on a recipient's previous communication history.
TargetedUserQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by user impersonation protection (the TargetedUserProtectionAction parameter value is Quarantine).
EnableUnusualCharactersSafetyTips boolean Specifies whether to enable the safety tip that's shown to recipients for unusual characters in domain and user impersonation detections.
TargetedDomainQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by domain impersonation protection (the TargetedDomainProtectionAction parameter value is Quarantine).
EnableUnauthenticatedSender boolean "True" if Unauthenticated Sender Identification is enabled. (https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#unauthenticated-sender)
SpoofQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by spoof intelligence (the AuthenticationFailAction parameter value is Quarantine).
id string id of the AntiPhishPolicy.
HonorDmarcPolicy boolean Description pending.
TargetedDomainsToProtect list<string> Specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to true.
ImpersonationProtectionState string Specifies the configuration of impersonation protection. Valid values are: Automatic: This is the default value in the default policy named Office365 AntiPhish Policy. Manual: This is the default value in custom policies that you create. Off.
TargetedUserProtectionAction string Specifies the action to take on detected user impersonation messages. You specify the protected users in the TargetedUsersToProtect parameter. Valid values are: NoAction: This is the default value. BccMessage: Add the recipients specified by the TargetedDomainActionRecipients parameter to the Bcc field of the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. Quarantine: Move the message to quarantine. Quarantined high confidence phishing messages are only available to admins. As of April 2020, quarantined phishing messages are available to the intended recipients. Redirect: Redirect the message to the recipients specified by the TargetedDomainActionRecipients parameter.
EnableTargetedUserProtection boolean Specifies whether to enable user impersonation protection for a list of specified users.
MailboxIntelligenceProtectionAction string Specifies what to do with messages that fail mailbox intelligence protection. Valid values are: NoAction: This is the default value. Note that this value has the same result as setting the EnableMailboxIntelligenceProtection parameter to false when the EnableMailboxIntelligence parameter is true. BccMessage: Add the recipients specified by the MailboxIntelligenceProtectionActionRecipients parameter to the Bcc field of the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. Quarantine: Move the message to quarantine. Quarantined high confidence phishing messages are only available to admins. As of April 2020, quarantined phishing messages are available to the intended recipients. Redirect: Redirect the message to the recipients specified by the MailboxIntelligenceProtectionActionRecipients parameter.
IsValid boolean The validity for the AntiPhishPolicy.
PhishThresholdLevel number Specifies the tolerance level that's used by machine learning in the handling of phishing messages. Valid values are: 1: Standard: This is the default value. The severity of the action that's taken on the message depends on the degree of confidence that the message is phishing (low, medium, high, or very high confidence). For example, messages that are identified as phishing with a very high degree of confidence have the most severe actions applied, while messages that are identified as phishing with a low degree of confidence have less severe actions applied. 2: Aggressive: Messages that are identified as phishing with a high degree of confidence are treated as if they were identified with a very high degree of confidence. 3: More aggressive: Messages that are identified as phishing with a medium or high degree of confidence are treated as if they were identified with a very high degree of confidence. 4: Most aggressive: Messages that are identified as phishing with a low, medium, or high degree of confidence are treated as if they were identified with a very high degree of confidence.
AdminDisplayName string Specifies a description for the policy.
EnableSimilarUsersSafetyTips boolean Specifies whether to enable the safety tip that's shown to recipients for user impersonation detections.
ExcludedDomains list<string> Specifies an exception for impersonation protection that looks for the specified domains in the message sender.
DmarcQuarantineAction string Description pending.
EnableSpoofIntelligence boolean "True" if "Spoof Intelligence" is enabled.
AuthenticationFailAction string When an incoming email message's sender fails authentication, this setting describes the possible default actions that will take place. Possible values are "MoveToJmf" (Moves the email to the junk folder), "Quarantine" (Moves the email to quarantine).
EnableFirstContactSafetyTips boolean Specifies whether to enable or disable the safety tip that's shown when recipients first receive an email from a sender or do not often receive email from a sender.
TargetedUsersToProtect list<string> Specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to true.
EnableOrganizationDomainsProtection boolean Specifies whether to enable domain impersonation protection for all registered domains in the Microsoft 365 organization.
Name string Name of the AntiPhish policy, e.g. "Office365 AntiPhish Default".
EnableMailboxIntelligenceProtection boolean Specifies whether to enable or disable taking action for impersonation detections from mailbox intelligence results. This parameter is meaningful only if the EnableMailboxIntelligence parameter is set to the value true.
TargetedUserActionRecipients list<string> Specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage.
DmarcRejectAction string Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
IsValid boolean Whether the Atp policy is valid.
EnableATPForSPOTeamsODB boolean The EnableATPForSPOTeamsODB parameter enables or disables Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
EnableSafeDocs boolean The EnableSafeDocs parameter enables or disables Safe Documents for the entire organization.
AllowSafeDocsOpen boolean The AllowSafeDocsOpen parameter allows or prevents users from leaving Protected View (that is, opening the document) if the document has been identified as malicious.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowBasicAuthImap boolean Whether to allow Basic authentication with IMAP.
AllowBasicAuthPop boolean Whether to allow Basic authentication with POP.
AllowBasicAuthSmtp boolean Whether to allow Basic authentication with SMTP.
Name string Name of the AuthenticationPolicy
IsValid boolean The validity for the AuthenticationPolicy.
AllowBasicAuthOutlookService boolean Whether to allow Basic authentication with the Outlook service.
AllowBasicAuthWebServices boolean whether to allow Basic authentication with Exchange Web Services (EWS).
id string ID of the AuthenticationPolicy
AllowBasicAuthActiveSync boolean Whether to allow Basic authentication with Exchange Active Sync.
AllowBasicAuthReportingWebServices boolean Whether to allow Basic authentication with reporting web services.
AllowBasicAuthRest boolean Whether to allow Basic authentication with REST API.
AllowBasicAuthRpc boolean Whether to allow Basic authentication with RPC.
AllowBasicAuthAutodiscover boolean Whether to allow Basic authentication with Autodiscover.
AllowBasicAuthMapi boolean Whether to allow Basic authentication with MAPI.
AllowBasicAuthOfflineAddressBook boolean Whether to allow Basic authentication with Offline Address Books.
AllowBasicAuthPowershell boolean Whether to allow Basic authentication with PowerShell.
Identity string Specifies the authentication policy you want to modify.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Enabled boolean "True" if DKIM signing is enabled for this tenant, "False" otherwise.
HeaderCanonicalization string Specifies the canonicalization algorithm that's used to create and verify the message header part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message headers in transit. Valid values are: Relaxed: Common modifications to the message header are tolerated (for example, Header field line rewrapping, changes in unnecessary whitespace or empty lines, and changes in case for header fields). This is the default value. Simple: No changes to the header fields are tolerated.
IncludeKeyExpiration boolean Description pending.
SelectorAfterRotateOnDate string Description pending.
Selector2PublicKey string Description pending.
NumberOfBytesToSign string Description pending.
id string ID of the DkimSigningConfig
KeyCreationTime number Description pending.
Selector1KeySize number Description pending.
Selector2CNAME string Description pending.
SelectorBeforeRotateOnDate string Description pending.
Selector2KeySize number Description pending.
Domain string A domain under the current O365 tenant.
IsValid boolean The validity for the DkimSigningConfig.
IsDefault boolean Whether the DkimSigningConfig is the default policy.
Status boolean Status of DkimSigningConfig.
IncludeSignatureCreationTime boolean Description pending.
Algorithm string Description pending.
Name string Name of the DkimSigningConfig
BodyCanonicalization string Specifies the canonicalization algorithm that's used to create and verify the message body part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message body in transit. Valid values are: Relaxed: Changes in whitespace and changes in empty lines at the end of the message body are tolerated. This is the default value. Simple: Only changes in empty lines at the end of the message body are tolerated.
Identity string Specifies the DKIM signing policy that you want to view.
RotateOnDate number Description pending.
Selector1CNAME string Description pending.
Selector1PublicKey string Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AnyMailTransportRuleRedirectMessageToExternalDomain boolean True if any of the mail transport rules is set up to redirect to any external domains.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Identity string The identifier for ExternalInOutlook setting.
id string The id for the ExternalInOutlook setting.
Enabled boolean True means the feature is enabled; False means the feature is disabled.
AllowList list<string> The list of exceptions. Messages received from the specified senders or senders in the specified domains don't receive the External icon in the area of subject line.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
HighConfidenceSpamQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as high confidence spam.
PhishSpamAction string The PhishSpamAction parameter specifies the action to take on messages that are marked as phishing (not high confidence phishing). Phishing messages use fraudulent links or spoofed domains to get personal information. Valid values are: AddXHeader: Add the AddXHeaderValue parameter value to the message header and deliver the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. ModifySubject: Add the ModifySubject parameter value to the beginning of the subject line, deliver the message, and move the message to the Junk Email folder (same caveats as MoveToJmf). MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. The message is moved only if the junk email rule is enabled on the mailbox (it's enabled by default). Quarantine: Move the message to the quarantine. This is the default value. The quarantined message is available to the intended recipients (as of April, 2020) and admins. Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter.
ZapEnabled boolean If true, zero-hour auto purge (ZAP) is enabled for this HostedContentFilterPolicy.
BulkSpamAction string Specifies the action to take on messages that are marked as bulk email.
MarkAsSpamObjectTagsInHtml string Parameter marks a message as spam when the message contains HTML <object> tags.
MarkAsSpamBulkMail string Allows spam filtering to act on bulk email messages.
TestModeAction string Specifies the additional action to take on messages when one or more IncreaseScoreWith* or MarkAsSpam*.
IncreaseScoreWithRedirectToOtherPort string Increases the spam score of messages that contain links that redirect to TCP ports other than 80 (HTTP), 8080 (alternate HTTP), or 443 (HTTPS).
IsValid boolean The validity for the HostedContentFilterPolicy.
HighConfidenceSpamAction string Specifies the action to take on messages that are marked as high confidence spam (not spam, bulk email, phishing, or high confidence phishing).
PhishQuarantineTag string Parameter specifies the quarantine policy that's used on messages that are quarantined as phishing (the PhishSpamAction parameter value is Quarantine).
ModifySubjectValue string Specifies the text to prepend to the existing subject of messages when a spam filtering verdict parameter is set to the value ModifySubject.
PhishZapEnabled boolean The PhishZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect phishing in already delivered messages in Exchange Online mailboxes.
MarkAsSpamFromAddressAuthFail string Marks a message as spam when Sender ID filtering encounters a hard fail.
IncreaseScoreWithBizOrInfoUrls string Increases the spam score of messages that contain links to .biz or .info domains.
DownloadLink boolean Shows or hides a link in end-user spam quarantine notifications to download the Junk Email Reporting Tool for Outlook.
BlockedSenders list<string> Specifies senders that are always marked as spam sources.
MarkAsSpamSpfRecordHardFail string Parameter marks a message as spam when SPF record checking encounters a hard fail.
AllowedSenders list<string> Specifies a list of trusted senders that skip spam filtering.
MarkAsSpamNdrBackscatter string The MarkAsSpamNdrBackscatter parameter marks a message as spam when the message is a non-delivery report (also known as an NDR or bounce messages) sent to a forged sender (known as backscatter). Valid values are: Off: The setting is disabled. This is the default value. On: The setting is enabled. Backscatter is given the SCL 9 (high confidence spam), and the X-header X-CustomSpam: Backscatter NDR is added to the message.
HighConfidencePhishAction string The HighConfidencePhishAction parameter specifies the action to take on messages that are marked as high confidence phishing (not phishing). Phishing messages use fraudulent links or spoofed domains to get personal information. Valid values are: MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. The message is moved only if the junk email rule is enabled on the mailbox (it's enabled by default). Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter. Quarantine: Move the message to quarantine. By default, messages that are quarantined as high confidence phishing are available only to admins. Or, you can use the HighConfidencePhishQuarantineTag parameter to specify what end-users are allowed to do on quarantined messages.
AllowedSenderDomains list<string> Specifies trusted domains that aren't processed by the spam filter. Messages from senders in these domains are stamped with SFV:SKA in the X-Forefront-Antispam-Report header and receive a spam confidence level (SCL) of -1, so the messages are delivered to the recipient's inbox.
MarkAsSpamSensitiveWordList string Marks a message as spam when the message contains words from the sensitive words list.
MarkAsSpamJavaScriptInHtml string Marks a message as spam when the message contains JavaScript or VBScript.
RedirectToRecipients list<string> Specifies the email addresses of replacement recipients when a spam filtering verdict parameter is set to the value Redirect.
EnableRegionBlockList boolean Enables or disables marking messages that are sent from specific countries or regions as spam.
MarkAsSpamEmptyMessages string Marks a message as spam when the message contains no subject, no content in the message body, and no attachments.
SpamZapEnabled boolean The SpamZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect spam in already delivered messages in Exchange Online mailboxes.
MarkAsSpamFormTagsInHtml string Parameter marks a message as spam when the message contains HTML form tags.
IncreaseScoreWithImageLinks string Increases the spam score of messages that contain image links to remote websites.
MarkAsSpamEmbedTagsInHtml string Marks a message as spam when the message contains HTML embed tag.
InlineSafetyTipsEnabled boolean The InlineSafetyTipsEnabled parameter specifies whether to enable or disable safety tips that are shown to recipients in messages.
SpamAction string Specifies the action to take on messages that are marked as spam
BulkQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as bulk email.
Identity string The identifier for this policy.
BulkThreshold number The BulkThreshold parameter specifies the BCL on messages that triggers the action specified by the BulkSpamAction parameter (greater than the specified BCL value, not greater than or equal to). A valid value is an integer from 1 to 9. The default value is 7, which means a BCL of 8 or 9 on messages will trigger the action that's specified by the BulkSpamAction parameter. A higher BCL indicates the message is more likely to generate complaints (and is therefore more likely to be spam).
LanguageBlockList string Parameter enables or disables marking messages that were written in specific languages as spam.
MarkAsSpamWebBugsInHtml string Marks a message as spam when the message contains web bugs (also known as web beacons).
RegionBlockList list<string> Parameter specifies the source countries or regions that are marked as spam when the EnableRegionBlockList parameter value is true.
SpamQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as spam.
MarkAsSpamFramesInHtml string Marks a message as spam when the message contains HTML frame or iframe tags.
EnableLanguageBlockList boolean Enables or disables marking messages that were written in specific languages as spam.
BlockedSenderDomains list<string> Specifies domains that are always marked as spam sources.
QuarantineRetentionPeriod number Specifies the number of days that spam messages remain in quarantine when a spam filtering verdict parameter is set to the value Quarantine.
AddXHeaderValue string Specifies the X-header name (not value) to add to spam messages when a spam filtering verdict parameter is set to the value AddXHeader.
TestModeBccToRecipients list<string> Specifies the blind carbon copy (Bcc) recipients to add to spam messages when the TestModeAction ASF parameter is set to the value BccMessage.
HighConfidencePhishQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as high confidence phishing.
IncreaseScoreWithNumericIps string Increases the spam score of messages that contain links to IP addresses.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
State string If Enabled, the HostedContentFilterRule is in use.
Comments string Specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.
Name string Name of the HostedContentFilterRule
Description string Specifies a Description for the HostedContentFilterRule.
SentToMemberOf list<string> Specifies a condition that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups. You can use any value that uniquely identifies the group.
RecipientDomainIs list<string> Specifies a condition for the rule that looks for recipients with email address in the specified domains.
ExceptIfRecipientDomainIs list<string> Specifies an exception for the rule that looks for recipients with email address in the specified domains.
Exceptions list<string> Description pending.
ImmutableId string Description pending.
HostedContentFilterPolicy string HostedContentFilterPolicy The HostedContentFilterPolicy associated with this HostedContentFilterRule.
SentTo list<string> Specifies a condition for the rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient.
ExceptIfSentToMemberOf list<string> Specifies an exception for the rule that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups. You can use any value that uniquely identifies the group.
Identity string Specifies the spam filter rule that you want to view.
id string ID of the HostedContentFilterRule
IsValid boolean The validity for the HostedContentFilterRule.
Priority number Specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.
ExceptIfSentTo list<string> Specifies an exception for the rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient.
Conditions list<string> Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
NotifyOutboundSpam boolean Notify specific people if senders are blocked.
Enabled boolean Whether this policy is enabled or not.
IsValid boolean The validity for the HostedOutboundSpamFilterPolicy.
ActionWhenThresholdReached string Specifies the action to take when any of the limits specified in the policy are reached. Valid values are: Alert: No action, alert only. BlockUser: Prevent the user from sending email messages. BlockUserForToday: Prevent the user from sending email messages until the following day. This is the default value.
BccSuspiciousOutboundAdditionalRecipients list<string> Specifies an email address to add to the Bcc field of outgoing spam messages.
NotifyOutboundSpamRecipients list<string> Specifies the email addresses of admins to notify when an outgoing spam is detected.
Name string Name of the HostedOutboundSpamFilterPolicy
IsDefault boolean Whether the HostedOutboundSpamFilterPolicy is the default policy.
RecipientLimitPerDay number Specifies the maximum number of recipients that a user can send to within a day. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.
AdminDisplayName string Specifies a description for the policy.
BccSuspiciousOutboundMail boolean Send copies of suspicious messages to specific people.
Identity string Unique Identifier for the policy.
id string id of the HostedOutboundSpamFilterPolicy
ConfigurationType string Description pending
RecipientLimitExternalPerHour number Specifies the maximum number of external recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.
RecipientLimitInternalPerHour number Specifies the maximum number of internal recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.
AutoForwardingMode string Specifies how the policy controls automatic email forwarding to external recipients. Valid values are: Automatic: This is the default value. This setting is now the same as Off. When this setting was originally introduced, this value was equivalent to On. On: Automatic external email forwarding is not restricted. Off: Automatic external email forwarding is disabled and will result in a non-delivery report (also known as an NDR or bounce message) to the sender.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Identity string The id of this InboundConnector.
Enabled boolean Whether this InboundConnector is enabled or not.
SenderDomains list<string> The SenderDomains parameter specifies the source domains that the connector accepts messages for.
RequireTls boolean Whether or not TLS is required.
EFSkipLastIP boolean The EFSkipIPs parameter specifies the behavior of Enhanced Filtering for Connectors.
Name string Name of the inbound connector
RestrictDomainsToIPAddresses boolean The RestrictDomainsToIPAddresses parameter specifies whether to reject mail that comes from unknown source IP addresses.
ConnectorType string The type of connector. Can be "Partner" or "OnPremises".
CloudServicesMailEnabled boolean The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft 365.
TlsSenderCertificateName string The TlsSenderCertificateName parameter specifies the TLS certificate that is used when the value of the RequireTls parameter is $true.
EFUsers list<string> The EFUsers parameter specifies the recipients that Enhanced Filtering for Connectors applies to. The default value is blank ($null), which means Enhanced Filtering for Connectors is applied to all recipients. You can specify multiple recipient email addresses separated by commas.
IsValid boolean Whether this InboundConnector is valid or not.
SenderIPAddresses list<string> The SenderIPAddresses parameter specifies the source IPV4 IP addresses that the connector accepts messages from.
AssociatedAcceptedDomains list<string> The AssociatedAcceptedDomains parameter restricts the source domains that use the connector to the specified accepted domains. A valid value is an SMTP domain that is configured as an accepted domain in your Microsoft 365 organization.
RestrictDomainsToCertificate boolean The RestrictDomainsToCertificate parameter specifies whether the Subject value of the TLS certificate is checked before messages can use the connector.
TreatMessagesAsInternal boolean The TreatMessagesAsInternal parameter specifies an alternative method to identify messages sent from an on-premises organization as internal messages. You should only consider using this parameter when your on-premises organization does not use Exchange.
EFSkipIPs list<string> The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
IsDefault boolean Whether the MalwareFilterPolicy is the default policy.
AdminDisplayName string Specifies a description for the policy.
CustomFromName string Specifies the From name of the custom notification message for malware detections in messages from internal or external senders.
EnableExternalSenderAdminNotifications boolean Enables or disables sending malware detection notification messages to an administrator for messages from external senders.
QuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as malware.
EnableInternalSenderAdminNotifications boolean If true, an admin will receive an email notification if an internal user is detected sending malware.
IsValid boolean The validity for the MalwareFilterPolicy.
CustomNotifications boolean Enables or disables custom notification messages for malware detections in messages from internal or external senders.
FileTypeAction string Specifies what's done to messages that contain one or more attachments where the file extension is included in the FileTypes parameter (common attachment blocking).
ExternalSenderAdminAddress string Specifies the email address of the administrator who will receive notification messages for malware detections in messages from external senders.
CustomExternalBody string Specifies the body of the custom notification message for malware detections in messages from external senders.
CustomFromAddress string Specifies the From address of the custom notification message for malware detections in messages from internal or external senders.
id string ID of the MalwareFilterPolicy
EnableFileFilter boolean The Common Attachment Types Filter lets a user block known and custom malicious file types from being attached to emails. This setting is set to "True" if the "Common Attachment Types" filter is enabled.
ZapEnabled boolean If true, zero-hour auto purge (ZAP) is enabled for this anti-malware policy. ZAP will quarantine messages that contain malware attachments.
CustomExternalSubject string Specifies the subject of the custom notification message for malware detections in messages from external senders.
CustomInternalBody string Specifies the body of the custom notification message for malware detections in messages from internal senders.
CustomInternalSubject string Specifies the subject of the custom notification message for malware detections in messages from internal senders.
FileTypes list<string> Specifies the file types that are automatically blocked by common attachment blocking (also known as the Common Attachment Types Filter), regardless of content.
Action string This parameter describes what actions to take if a message contains malwares. Available options are DeleteMessage, DeleteAttachmentAndUseDefaultAlert, and DeleteAttachmentAndUseCustomAlert.
Name string Name of the MalwareFilterPolicy
InternalSenderAdminAddress string The email address of the admin who will receive notifications when an internal user is detected sending malware.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
SentTo string Specifies a condition that looks for recipients in messages.
SentToMemberOf list<string> Specifies a condition that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups.
Identity string Specifies the malware filter rule that you want to view. You can use any value that uniquely identifies the rule.
Name string Name of the MalwareFilterRule
Description string Specifies a Description for the MalwareFilterRule.
ImmutableId string Description pending.
Comments string Specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.
MalwareFilterPolicy string MalwareFilterPolicy The MalwareFilterPolicy associated.
Conditions list<string> Description pending.
IsValid boolean The validity for the MalwareFilterRule.
Priority number Specifies a priority value for the rule that determines the order of rule processing.
RecipientDomainIs string Specifies a condition that looks for recipients with email address in the specified domains.
ExceptIfSentToMemberOf string Specifies an exception that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups.
ExceptIfRecipientDomainIs string Specifies an exception that looks for recipients with email address in the specified domains.
State string If Enabled, the MalwareFilterRule is in use.
id string ID of the MalwareFilterRule
ExceptIfSentTo string Specifies an exception that looks for recipients in messages.
Exceptions list<string> Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowNonProvisionableDevices boolean Whether mobile device mailbox policy allows non provisionable devices.
AllowPOPIMAPEmail boolean Specifies whether the user can configure a POP3 or IMAP4 email account on the mobile device.
AllowUnsignedApplications boolean Specifies whether unsigned applications can be installed on the mobile device.
AllowHTMLEmail boolean Specifies whether HTML-formatted email is enabled on the mobile device.
AllowSimplePassword boolean Specifies whether a simple password is allowed on the mobile device.
AllowBrowser boolean Specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile device.
id string The unique identifier for this mobile device mailbox policy.
Name string Unique name for the mobile device mailbox policy
IsDefault boolean Whether this is the default mobile device mailbox policy.
PasswordRecoveryEnabled boolean Whether the mobile device mailbox policy has password recovery enabled.
AllowConsumerEmail boolean Whether the user can configure a personal email account on the mobile device.
AllowRemoteDesktop boolean Specifies whether the mobile device can initiate a remote desktop connection.
RequireEncryptedSMIMEMessages boolean Specifies whether the mobile device must send encrypted S/MIME messages.
MaxEmailHTMLBodyTruncationSize string Specifies the maximum size at which HTML-formatted email messages are truncated when synchronized to the mobile device..
DeviceEncryptionEnabled boolean Whether the mobile device mailbox policy has password enabled.
AllowMicrosoftPushNotifications boolean Specifies whether push notifications are enabled on the mobile device..
MaxAttachmentSize string Specifies the maximum size of attachments that can be downloaded to the mobile device.
AllowGooglePushNotifications boolean Controls whether the user can receive push notifications from Google for Outlook on the web for devices.
MaxCalendarAgeFilter string Specifies the maximum range of calendar days that can be synchronized to the mobile device.
AllowSMIMEEncryptionAlgorithmNegotiation string Specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified encryption algorithm.
DevicePolicyRefreshInterval string Specifies how often the policy is sent to the mobile device..
AllowExternalDeviceManagement boolean Specifies whether an external device management program is allowed to manage the mobile device.
UNCAccessEnabled boolean Specifies whether access to Microsoft Windows file shares is enabled from the mobile device.
AllowMobileOTAUpdate boolean Specifies whether the policy can be sent to the mobile device over a cellular data connection.
MaxEmailBodyTruncationSize string Specifies the maximum size at which email messages are truncated when synchronized to the mobile device.
AllowTextMessaging boolean Specifies whether text messaging is allowed from the mobile device.
PasswordHistory number Specifies the number of unique new passwords that need to be created on the mobile device before an old password can be reused.
MinPasswordComplexCharacters number Parameter specifies the character sets that are required in the password of the mobile device.
UnapprovedInROMApplicationList list<string> Specifies a list of applications that can't be run in ROM on the mobile device.
MaxEmailAgeFilter string Specifies the maximum number of days of email items to synchronize to the mobile device.
AllowStorageCard boolean Specifies whether the mobile device can access information stored on a storage card.
PasswordEnabled boolean Whether the mobile device mailbox policy has password enabled.
AllowUnsignedInstallationPackages boolean Specifies whether unsigned installation packages are allowed to run on the mobile device.
WSSAccessEnabled boolean Specifies whether access to Microsoft Windows SharePoint Services is enabled from the mobile device.
RequireDeviceEncryption boolean Specifies whether encryption is required on the mobile device..
AllowWiFi boolean Specifies whether wireless Internet access is allowed on the mobile device.
AllowCamera boolean Specifies whether the mobile device's camera is allowed.
RequireEncryptionSMIMEAlgorithm string Specifies the algorithm that's required to encrypt S/MIME messages on a mobile device..
MinPasswordLength number Specifies the minimum number of characters in the mobile device password.
IrmEnabled boolean Specifies whether Information Rights Management (IRM) is enabled for the mobile device.
ApprovedApplicationList list<string> Specifies a configured list of approved applications for the device.
AttachmentsEnabled boolean Specifies whether attachments can be downloaded on the mobile device.
AllowIrDA boolean Specifies whether infrared connections are allowed to the mobile device.
AllowDesktopSync boolean Specifies whether the mobile device can synchronize with a desktop computer through a cable..
Identity string Specifies the name, distinguished name (DN),or GUID of the mobile device mailbox policy.
AlphanumericPasswordRequired boolean Whether mobile device mailbox policy requires alphanumeric password.
MaxInactivityTimeLock string Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked.
PasswordExpiration string Specifies how long a password can be used on a mobile device before the user is forced to change the password.
MaxPasswordFailedAttempts string Specifies the number of attempts a user can make to enter the correct password for the mobile device.
AllowInternetSharing boolean Specifies whether the mobile device can be used as a modem to connect a computer to the Internet.
RequireManualSyncWhenRoaming boolean Specifies whether the mobile device must synchronize manually while roaming.
AllowSMIMESoftCerts boolean Specifies whether S/MIME software certificates are allowed on the mobile device.
RequireSignedSMIMEAlgorithm string Specifies the algorithm that's used to sign S/MIME messages on the mobile device.
RequireStorageCardEncryption boolean Specifies whether storage card encryption is required on the mobile device.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
GuestsUsageGuidelinesLink string Description pending.
InformationBarriersManagementEnabled boolean Description pending.
BookingsAuthEnabled boolean Specifies whether to enforce authentication to access all published Bookings pages.
FindTimeAutoScheduleDisabled boolean Controls automatically scheduling the meeting once a consensus is reached in meeting polls using the FindTime Outlook add-in. Valid values are: true: Reaching a consensus for the meeting time doesn't automatically schedule the meeting, and the meeting organizer can't change this setting (Off). false: By default, reaching a consensus for the meeting time doesn't automatically schedule the meeting, but meeting organizer is allowed to turn on this setting.
CustomerFeedbackEnabled boolean Specifies whether the Exchange server is enrolled in the Microsoft Customer Experience Improvement Program.
BookingsSearchEngineIndexDisabled boolean Available only in the cloud-based service. Description pending.
Industry string Specifies the industry that best represents your organization.
ExchangeNotificationRecipients list<string> Specifies the recipients for Exchange notifications sent to administrators regarding their organizations. If the ExchangeNotificationEnabled parameter is set to false, no notification messages are sent. Be sure to enclose values that contain spaces in quotation marks (") and separate multiple values with commas.
MessageRemindersEnabled boolean Enables or disables the message reminders feature in the organization.
ConnectorsEnabled boolean Specifies whether to enable or disable all connected apps in organization.
BookingsPhoneNumberEntryRestricted boolean Specifies whether phone numbers can be collected from Bookings customers.
BookingsAddressEntryRestricted boolean Specifies whether addresses can be collected from Bookings customers.
SCLJunkThreshold number Specifies the spam confidence level (SCL) threshold. Messages with an SCL greater than the value that you specify for the SCLJunkThreshold parameter are moved to the Junk Email folder. Valid values are integers from 0 through 9, inclusive.
DefaultPublicFolderIssueWarningQuota string Specifies the default value across the entire organization for the public folder size at which a warning message is sent to this folder's owners, warning that the public folder is almost full. This attribute applies to all public folders within the organization that don't have their own warning quota attribute set. The default value of this attribute is unlimited.
IsEopTrialEnabled boolean Description pending.
IsAddressListPagingEnabled boolean Description pending.
IsJitEnabled boolean Description pending.
AuditDisabled boolean Specifies whether to disable or enable mailbox auditing for the organization.
SendFromAliasEnabled boolean Allows mailbox users to send messages using aliases (proxy addresses). It does this by disabling the rewriting of aliases to their primary SMTP address. This change is implemented in the Exchange Online service. At the same time, Outlook clients are making changes to natively support aliases for sending and receiving messages. Even without an updated client, changes in behavior may be seen for users using any email client as the setting affects all messages sent and received by a mailbox.
ForeignForestRecipientAdminUSGSid string Description pending.
FindTimeLockPollForAttendeesEnabled boolean Controls whether the Lock poll for attendees setting is managed by the organization.
GroupsCreationEnabled boolean Description pending.
RPSEnabled boolean Description pending.
ConnectorsEnabledForOutlook boolean Specifies whether to enable or disable connected apps in Outlook on the web.
MessageHighlightsEnabled boolean Available only in the cloud-based service. Description pending.
nonUserMailboxAuditEnabled boolean If true, all non-user mailboxes have audit enabled. Otherwise, at least 1 non-user mailbox has auditing disabled. You can get this information from PowerShell using the command `Get-Mailbox -Filter 'AuditEnabled -eq $false -and RecipientTypeDetails -ne "UserMailbox" -and RecipientTypeDetails -ne "SharedMailbox"' -ResultSize 1 | Select-Object Id, Name, AuditEnabled`
DefaultPublicFolderDeletedItemRetention string Specifies the default value of the length of time to retain deleted items for public folders across the entire organization. This attribute applies to all public folders in the organization that don't have their own RetainDeletedItemsFor attribute set.
BookingsNotesEntryRestricted boolean Specifies whether appointment notes can be collected from Bookings customers.
IsValid boolean The validity for the OrganizationConfig.
IsMailboxForcedReplicationDisabled boolean Description pending.
DefaultAuthenticationPolicy string Specifies the authentication policy that's used for the whole organization. You can use any value that uniquely identifies the policy.
IsMIPLabelForGroupsEnabled boolean Description pending.
PublicFolderMailboxesLockedForNewConnections boolean Specifies whether users are allowed to make new connections to public folder mailboxes.
DefaultPublicFolderAgeLimit string Specifies the default age limit for the contents of public folders across the entire organization. Content in a public folder is automatically deleted when this age limit is exceeded. This attribute applies to all public folders in the organization that don't have their own AgeLimit setting.
RecallReadMessagesEnabled boolean Available only in the cloud-based service. Description pending.
IsProcessEhaMigratedMessagesEnabled boolean Description pending.
ElcProcessingDisabled boolean Specifies whether to enable or disable the processing of mailboxes by the Managed Folder Assistant.
IsGroupFoldersAndRulesEnabled boolean Available only in the cloud-based service. Description pending.
InPlaceHolds list<string> Description pending.
MobileAppEducationEnabled boolean Specifies whether to show or hide the Outlook for iOS and Android education reminder in Outlook on the web (formerly known as Outlook Web App).
DefaultMinutesToReduceLongEventsBy number Specifies the number of minutes to reduce calendar events by if the events are 60 minutes or longer. A valid value is an integer from 0 to 29. The default value is 10.
WebSuggestedRepliesDisabled boolean Specifies whether to enable or disable Suggested Replies in Outlook on the web. This feature provides suggested replies to emails so users can easily and quickly respond to messages.
PublicFolderShowClientControl boolean Enables or disables access to public folders in Microsoft Outlook.
AppsForOfficeEnabled boolean Specifies whether to enable apps for Outlook features. By default, the parameter is set to true. If the flag is set to false, no new apps can be activated for any user in the organization.
ComplianceMLBgdCrawlEnabled boolean Available only in the cloud-based service. Description pending.
MailTipsExternalRecipientsTipsEnabled boolean True if external recipient mail tips are enabled.
ActivityBasedAuthenticationTimeoutEnabled boolean Enables or disables the inactivity interval for automatic logoff in Outlook on the web (formerly known as Outlook Web App).
ForestConfigVersion string Description pending.
ManagedFolderHomepage string Specifies the URL of the web page that's displayed when users click the Managed Folders folder in Outlook. If a URL isn't specified, Outlook doesn't display a managed folders home page.
GroupsNamingPolicy string Description pending.
userMailboxAuditEnabled boolean If true, mailbox auditing is enabled for all user mailboxes.
ConnectorsActionableMessagesEnabled boolean Specifies whether to enable or disable actionable buttons in messages (connector cards) from connected apps on Outlook on the web.
SharePointUrl string Description pending.
MapiHttpEnabled boolean Enables or disables access to mailboxes in Outlook by using MAPI over HTTP.
DefaultPublicFolderMovedItemRetention string Specifies how long items that have been moved between mailboxes are kept in the source mailbox for recovery purposes before being removed by the Public Folder Assistant.
MaxInformationBarrierBridges number Description pending.
SharedDomainEmailAddressFlowEnabled boolean Available only in the cloud-based service. Description pending.
BookingsBlockedWordsEnabled boolean Available only in the cloud-based service. Description pending.
OutlookTextPredictionDisabled boolean Available only in the cloud-based service. Description pending.
PublicComputersDetectionEnabled boolean Specifies whether Outlook on the web will detect when a user signs from a public or private computer or network, and then enforces the attachment handling settings from public networks.
BookingsSocialSharingRestricted boolean Specifies whether users can see the social sharing options inside Bookings.
OutlookMobileGCCRestrictionsEnabled boolean Specifies whether to enable or disable features within Outlook for iOS and Android that are not FedRAMP compliant for Microsoft 365 US Government Community Cloud (GCC) customers.
BookingsNamingPolicyEnabled boolean Available only in the cloud-based service. Description pending.
OrganizationSummary list<string> Specifies a summarized description that best represents your organization.
OnlineMeetingsByDefaultEnabled boolean Specifies whether to set all meetings as Teams or Skype for Business by default during meeting creation. Valid values are: true: All meetings are online by default. false: All meetings are not online by default. null: If the organization value has not been specified, the default behavior is for meetings to be online.
AutoExpandingArchiveEnabled boolean Description pending.
DefaultMailboxRegionLastUpdateTime number Description pending.
MailTipsAllTipsEnabled boolean True if mail tips are enabled.
IntuneManagedStatus boolean Description pending.
AutodiscoverPartialDirSync boolean Is for scenarios where tenants have Directory Synced some of their Active Directory users into the cloud, but still have on-premises Exchange users that are not Directory Synced. Setting this parameter to true will cause unknown users to be redirected to the on-premises endpoint and will allow on-premises users to discover their mailbox automatically. Online email addresses will be susceptible to enumeration. We recommend full Directory Sync for all Active Directory users and leaving this parameter with the default false.
EwsBlockList list<string> Specifies the applications that aren't allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EnforceBlockList. All other applications that aren't specified by this parameter are allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.
ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled boolean Enables or disables the inactivity interval for automatic logoff for single sign-on in Outlook on the Web.
AdfsSignCertificateThumbprints list<string> Specifies one or more X.509 token-signing certificates that are used for AD FS claims-based authentication. This parameter uses certificate thumbprint values (GUIDs) to identify the certificates.
BasicAuthBlockedApps string Description pending.
AllowedMailboxRegionsLastUpdateTime number Description pending.
EwsAllowMacOutlook boolean Enables or disables access to mailboxes by Outlook for Mac clients that use Exchange Web Services
MicrosoftExchangeRecipientEmailAddressPolicyEnabled boolean Specifies whether the default email address policy is automatically applied to the Exchange recipient. The default value is true. If this parameter is set to true, Exchange automatically adds new email addresses to the Exchange recipient when email address policies are added or modified in the Exchange organization. If this parameter is set to false, you must manually add new email addresses to the Exchange recipient when email address policies are added or modified.
PublicFolderMigrationComplete boolean Is used during public folder migration. When you set the PublicFolderMigrationComplete parameter to true, transport starts rerouting the queued messages to a new destination. The default value is false.
DefaultGroupAccessType string Specifies the default access type for Microsoft 365 Groups. Valid values are: Public. Private (this is the default value).
WebPushNotificationsDisabled boolean Specifies whether to enable or disable Web Push Notifications in Outlook on the Web. This feature provides web push notifications which appear on a user's desktop while the user is not using Outlook on the Web. This brings awareness of incoming messages while they are working elsewhere on their computer.
BookingsNamingPolicyPrefixEnabled boolean Available only in the cloud-based service. Description pending.
TargetServicePlan string Description pending.
ExchangeNotificationEnabled boolean Enables or disables Exchange notifications sent to administrators regarding their organizations.
OrganizationId string The identifier for the Exchange organization.
GuestsEnabled boolean If true, guest group members will be able to access group content.
IsGroupMemberAllowedToEditContent boolean Available only in the cloud-based service. Description pending.
CompassEnabled boolean Description pending.
BookingsNamingPolicySuffixEnabled boolean Available only in the cloud-based service. Description pending.
id string id of the OrganizationConfig.
Heuristics string Description pending.
MailTipsGroupMetricsEnabled boolean True if mail tips group metrics are enabled.
FindTimeOnlineMeetingOptionDisabled boolean Controls the availability of the Online meeting checkbox for Teams or Skype in meeting polls using the FindTime Outlook add-in.
DisablePlusAddressInRecipients boolean Specifies whether to enable or disable plus addressing (also known as subaddressing) for Exchange Online mailboxes.
ForeignForestOrgAdminUSGSid string Description pending.
AsyncSendEnabled boolean Specifies whether to enable or disable async send in Outlook on the web.
IsComplianceTrialEnabled boolean Description pending.
OcmGroupId string Description pending.
ConnectorsEnabledForYammer boolean Specifies whether to enable or disable connected apps on Yammer.
RemotePublicFolderMailboxes list<string> Specifies the identities of the public folder objects (represented as mail user objects locally) corresponding to the public folder mailboxes created in the remote forest. The public folder values set here are used only if the public folder deployment is a remote deployment.
MailTipsMailboxSourcedTipsEnabled boolean Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled.
BookingsNamingPolicyPrefix string Available only in the cloud-based service. Description pending.
IsDualWriteEnabled boolean Description pending.
BookingsExposureOfStaffDetailsRestricted boolean Specifies whether the attributes of internal Bookings staff members (for example, email addresses) are visible to external Bookings customers.
BookingsMembershipApprovalRequired boolean Enables a membership approval requirement when new staff members are added to Bookings calendars.
DistributionGroupDefaultOU string Specifies the container where distribution groups are created by default.
IsTenantAccessBlocked boolean Description pending.
EwsAllowOutlook boolean Enables or disables access to mailboxes by Outlook clients that use Exchange Web Services. Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing.
OrganizationPrivacyStatementLink string Description pending.
DefaultPublicFolderMaxItemSize string Specifies the default maximum size for posted items within public folders across the entire organization. Items larger than the value of the DefaultPublicFolderMaxItemSize parameter are rejected. This attribute applies to all public folders within the organization that don't have their own MaxItemSize attribute set. The default value of this attribute is unlimited.
TenantRelocationsAllowed boolean Description pending.
PublicFolderMailboxesMigrationComplete boolean Is used during public folder migration. true: Queued messages are rerouted to the new destination. false (This is the default value).
DefaultMinutesToReduceShortEventsBy number Specifies the number of minutes to reduce calendar events by if the events are less than 60 minutes long. A valid value is an integer from 0 to 29. The default value is 5.
ForeignForestFQDN list<string> Description pending.
IsDehydrated boolean Description pending.
IsTenantInGracePeriod boolean Description pending.
EwsAllowEntourage boolean Specifies whether to enable or disable Entourage 2008 to access Exchange Web Services (EWS) for the entire organization.
BookingsNamingPolicySuffix string Available only in the cloud-based service. Description pending.
IPListBlocked list<string> Specifies the blocked IP addresses that aren't allowed to connect to Exchange Online organization. Valid values are: Single IP address. IP address range. Classless InterDomain Routing (CIDR) IP address range.
IsMixedMode boolean Description pending.
HierarchicalAddressBookRoot string Specifies the user, contact, or group to be used as the root organization for a hierarchical address book in the Exchange organization. You can use any value that uniquely identifies the recipient.
MatchSenderOrganizerProperties boolean Available only in the cloud-based service. Description pending.
FindTimeAttendeeAuthenticationEnabled boolean Controls whether attendees are required to verify their identity in meeting polls using the FindTime Outlook add-in.
PublicFoldersEnabled string Specifies how public folders are deployed in your organization. This parameter uses one of the following values. Local: The public folders are deployed locally in your organization. Remote: The public folders are deployed in the remote forest. None: No public folders are deployed for this organization.
BookingsSmsMicrosoftEnabled boolean Available only in the cloud-based service. Description pending.
AzurePremiumSubscriptionStatus boolean Description pending.
ReadTrackingEnabled boolean Specifies whether the tracking for read status for messages in an organization is enabled.
DistributionGroupNamingPolicy string Specifies the additional text that's applied to the Display Name value of distribution groups created by users. You can require a prefix, a suffix, or both. The prefix and suffix can be text strings, user attribute values from the person who created the group, or a combination of text strings and attributes.
ActivityBasedAuthenticationTimeoutInterval string Specifies the period of inactivity that causes an automatic logoff in Outlook on the web.
AdfsIssuer string Specifies URL of the AD FS server that's used for AD FS claims-based authentication. This is the URL where AD FS relying parties send users for authentication.
MaxConcurrentMigrations string Specifies the maximum number of concurrent migrations that your organization can configure at any specific time.
IsExcludedFromOffboardMigration boolean Specifies that no new moves from the cloud to your on-premises organization are permitted. When this flag is set, no offboarding move requests are allowed.
DisableMailboxForSubstrateOnlyFinished boolean Description pending.
IsUpgradingOrganization boolean Description pending.
HiddenMembershipGroupsCreationEnabled boolean Description pending.
AppsForOfficeCorpCatalogAppsCount number Description pending.
Name string Name of OrganizationConfig.
ACLableSyncedObjectEnabled boolean Specifies whether remote mailboxes in hybrid environments are stamped as ACLableSyncedMailboxUser.
ForwardSyncLiveIdBusinessInstance boolean Description pending.
MicrosoftExchangeRecipientReplyRecipient string Specifies the recipient that should receive messages sent to the Exchange recipient. Typically, you would configure a mailbox to receive the messages sent to the Exchange recipient.
WACDiscoveryEndpoint string Specifies the discovery endpoint for Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server) for all mailboxes in the organization.
AdfsAudienceUris list<string> Specifies one or more external URLs that are used for Active Directory Federation Services (AD FS) claims-based authentication. For example, the external Outlook on the web and external Exchange admin center (EAC) URLs.
ForeignForestViewOnlyAdminUSGSid string Description pending.
MicrosoftExchangeRecipientPrimarySmtpAddress string Specifies the primary return SMTP email address for the Exchange recipient. If the MicrosoftExchangeRecipientEmailAddressPolicyEnabled parameter is set to true, you can't use the MicrosoftExchangeRecipientPrimarySmtpAddress parameter.
MicrosoftExchangeRecipientEmailAddresses list<string> Specifies one or more email addresses for the recipient. All valid Microsoft Exchange email address types may be used. You can specify multiple values for this parameter as a comma-delimited list. If the MicrosoftExchangeRecipientEmailAddressPolicyEnabled parameter is set to true, the email addresses are automatically generated by the default email address policy. This means you can't use the MicrosoftExchangeRecipientEmailAddresses parameter.
DistributionGroupNameBlockedWordsList list<string> Specifies words that can't be included in the Display Name values of distribution groups that are created by users.
FocusedInboxOn boolean Enables or disables Focused Inbox for the organization.
PrivateCatalogAppsCount number Description pending.
OutlookGifPickerDisabled boolean Disables the GIF Search (powered by Bing) feature that's built into the Compose page in Outlook on the web.
RealTimeLogServiceEnabled boolean Description pending.
OutlookPayEnabled boolean Enables or disables Microsoft Pay in the Microsoft 365 organization.
MailboxDataEncryptionEnabled boolean Description pending.
UpgradeIBInProgress boolean Description pending.
EwsApplicationAccessPolicy string Specifies the client applications that have access to EWS and REST. Valid values are: EnforceAllowList: Only applications specified by the EwsAllowList parameter are allowed to access EWS and REST. Access by other applications is blocked. EnforceBlockList: All applications are allowed to access EWS and REST, except for the applications specified by the EwsBlockList parameter.
InformationBarriersEnforcementEnabled boolean Description pending.
IsGuidPrefixedLegacyDnDisabled boolean Description pending.
GroupsUsageGuidelinesLink string Description pending.
ReleaseTrack string Description pending.
PublicFoldersLockedForMigration boolean Specifies whether users are locked out from accessing down level public folder servers. When you set the PublicFoldersLockedForMigration parameter to true, users are locked out from accessing down level public folder servers. This is used for public folder migration during final stages. The default value is false, which means that the user is able to access public folder servers.
Identity string Specifies the name of the OrganizationConfig.
MaskClientIpInReceivedHeadersEnabled boolean Available only in the cloud-based service. Description pending.
SiteMailboxCreationURL string Specifies the URL that's used to create site mailboxes. Site mailboxes improve collaboration and user productivity by allowing access to both SharePoint documents and Exchange email in Outlook 2013 or later.
IsExcludedFromOnboardMigration boolean Specifies that no new moves from your on-premises organization to the cloud are permitted. When this flag is set, no onboarding move requests are allowed.
LinkPreviewEnabled boolean Specifies whether link preview of URLs in email messages is allowed for the organization.
InformationBarrierMode string Description pending.
DataInsightsFlag number Description pending.
BookingsPaymentsEnabled boolean Specifies whether to enable the online payment node inside Bookings.
PreviousAdminDisplayVersion string Description pending.
WorkspaceTenantEnabled boolean Enables or disables workspace booking in the organization.
DisplayName string Display name of OrganizationConfig.
EndUserDLUpgradeFlowsDisabled boolean Specifies whether to prevent users from upgrading their own distribution groups to Microsoft 365 Groups in an Exchange Online organization.
BookingsEnabledLastUpdateTime number Description pending.
GroupsCreationWhitelistedId string Description pending.
EnableOutlookEvents boolean Specifies whether Outlook or Outlook on the web (formerly known as Outlook Web App) automatically discovers events from email messages and adds them to user calendars.
ShortenEventScopeDefault string Specifies whether calendar events start late or end early in the organization. Valid values are: 0 or None: Calendar events in the organization don't automatically start late or end early. This is the default value. 1 or EndEarly: By default, the end time of all calendar events is reduced by the number of minutes as specified by the values of the DefaultMinutesToReduceLongEventsBy and DefaultMinutesToReduceShortEventsBy parameters. 2 or StartLate: By default, the start time of all calendar events is delayed by the number of minutes as specified by the values of the DefaultMinutesToReduceLongEventsBy and DefaultMinutesToReduceShortEventsBy parameters.
MailTipsLargeAudienceThreshold number This setting defines a "large audience" in your tenant. If an email is about to be sent to a large audience, a mail tip will be shown to alert the user.
LeanPopoutEnabled boolean Specifies whether to enable faster loading of pop-out messages in Outlook on the web for Internet Explorer and Microsoft Edge.
VisibleMeetingUpdateProperties string Specifies whether meeting message updates will be auto-processed on behalf of attendees. Auto-processed updates are applied to the attendee's calendar item, and then the meeting message is moved to the deleted items. The attendee never sees the update in their inbox, but their calendar is updated.
MimeTypes list<string> Description pending.
BookingsCreationOfCustomQuestionsRestricted boolean Specifies whether Bookings admins can add custom questions.
ConnectorsEnabledForTeams boolean Specifies whether to enable or disable connected apps on Teams.
AllowedMailboxRegions list<string> Description pending.
EwsAllowList list<string> Specifies the applications that are allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EwsAllowList. Other applications that aren't specified by this parameter aren't allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.
DefaultPublicFolderProhibitPostQuota string Specifies the size of a public folder at which users are notified that the public folder is full. Users can't post to a folder whose size is larger than the DefaultPublicFolderProhibitPostQuota parameter value.
EwsEnabled boolean specifies whether to globally enable or disable EWS access for the entire organization, regardless of what application is making the request. Valid values are: true: All EWS access is enabled. false: All EWS access is disabled. null (blank): The setting isn't configured. Access to EWS is controlled individually by the related EWS parameters (for example EwsAllowEntourage). This is the default value.
SmtpActionableMessagesEnabled boolean Specifies whether to enable or disable action buttons in email messages in Outlook on the web.
IsLicensingEnforced boolean Description pending.
ServicePlan string Description pending.
ResourceAddressLists list<string> Description pending.
MaxInformationBarrierSegments number Description pending.
ConnectorsEnabledForSharepoint boolean Specifies whether to enable or disable connected apps on SharePoint.
ExternalCloudAccessEnabled boolean Description pending.
HybridConfigurationStatus string Description pending.
ByteEncoderTypeFor7BitCharsets number Specifies the 7-bit transfer encoding method for MIME format for messages sent to this remote domain. The valid values for this parameter are: 0: Always use default 7-bit transfer encoding for HTML and plain text. 1: Always use QP (quoted-printable) encoding for HTML and plain text. 2: Always use Base64 encoding for HTML and plain text. 5: Use QP encoding for HTML and plain text unless line wrapping is enabled in plain text. If line wrapping is enabled, use 7-bit encoding for plain text. 6: Use Base64 encoding for HTML and plain text, unless line wrapping is enabled in plain text. If line wrapping is enabled in plain text, use Base64 encoding for HTML, and use 7-bit encoding for plain text. 13: Always use QP encoding for HTML. Always use 7-bit encoding for plain text. 14: Always use Base64 encoding for HTML. Always use 7-bit encoding for plain text.
RootPublicFolderMailbox object Description pending.
 IsValid boolean Specifies if RootPublicFolderMailbox is valid.
 CanUpdate boolean Description pending.
 HierarchyMailboxGuid string Description pending.
 LockedForMigration boolean Indicates if the public folder hierarchy is locked or not.
InformationBarriersRestrictPeopleSearch boolean Description pending.
OAuth2ClientProfileEnabled boolean Whether OAuth 2.0 is enabled.
DefaultMailboxRegion string The default mailbox region of the organization.
AllowToAddGuests boolean If true, group owners will be allowed to add people outside of the organization to Microsoft365 Groups as guests.
BookingsEnabled boolean If true, the entire origanization will be able to use Microsoft Bookings.
DirectReportsGroupAutoCreationEnabled boolean Specifies whether to enable or disable the automatic creation of direct report Microsoft 365 Groups.
MessageRecallEnabled boolean Available only in the cloud-based service. Description pending.
OfficeGraphActivitySharingOrgOptout boolean Description pending.
LegacyExchangeDN string Description pending.
IsUpdatingServicePlan boolean Description pending.
RmsoSubscriptionStatus string Description pending.
BlockMoveMessagesForGroupFolders boolean Available only in the cloud-based service. Description pending.
DefaultDataEncryptionPolicy string Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Identity string The id of this OrganizationRelationship.
Enabled boolean Whether this OrganizationRelationship is enabled or not.
DomainNames list<string> A list of domain names in that are part of this OrganizationRelationship.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Identity string The id of this OutboundConnector.
ConnectorType string The type of connector. Can be "Partner" or "OnPremises".
SmartHosts list<string> The SmartHosts parameter specifies the smart host that the Outbound connector uses to route mail.
TlsSettings string The TlsSettings parameter specifies the TLS authentication level that is used for outbound TLS connections established by this Outbound connector.
IsValidated boolean The IsValidated parameter specifies whether the Outbound connector has been validated.
Enabled boolean Whether this OutboundConnector is enabled or not.
RecipientDomains list<string> The RecipientDomains parameter specifies the domains that the Outbound connector routes mail to. You can specify multiple domains separated by commas.
TlsDomain string The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can not embed a wildcard character, as shown in the following example: domain.*.contoso.com
IsTransportRuleScoped boolean The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule).
AllAcceptedDomains boolean The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization.
IsValid boolean Whether or not this OutboundConnector is valid.
UseMXRecord boolean The UseMXRecord parameter enables or disables DNS routing for the connector.
RouteAllMessagesViaOnPremises boolean The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system in hybrid organizations.
CloudServicesMailEnabled boolean The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers.
SenderRewritingEnabled boolean The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for traffic to on-premises. This parameter is only effective for OnPremises connectors as Partner connectors already have SRS rewriting enabled.
TestMode boolean The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector.
ValidationRecipients list<string> The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
SearchFoldersEnabled boolean Specifies whether Search Folders are available in Outlook on the web.
AdditionalAccountsEnabled boolean Available only in the cloud-based service. Description pending.
TasksEnabled boolean Specifies whether Tasks folder is available in Outlook Web App.
ForceWacViewingFirstOnPublicComputers boolean Specifies whether public computers must first preview an Office file as a web page in Office Online Server before opening the file in the local application.
SetPhotoEnabled boolean Specifies whether users can add, change, and remove their sender photo in Outlook on the web.
FeedbackEnabled boolean Specifies whether to enable or disable inline feedback surveys in Outlook on the web.
IsDefault boolean Specifies whether the Outlook on the web policy is the default policy that's used to configure the Outlook on the web settings for new mailboxes.
DelegateAccessEnabled boolean Specifies whether delegates can use Outlook on the web or Outlook Web App to open folders that they have delegate access to.
AdditionalStorageProvidersAvailable boolean If False, additional storage providers (such as Box, DropBox, etc.) in Outlook on the Web will be restricted.
PersonalAccountCalendarsEnabled boolean Specifies whether to allow users to connect to their personal Outlook.com or Google Calendar in Outlook on the web.
InternalSPMySiteHostURL string Specifies the My Site Host URL for internal users (for example, https://sp01.contoso.com).
DisplayPhotosEnabled boolean Specifies whether users see sender photos in Outlook on the web.
ExternalSPMySiteHostURL string Specifies the My Site Host URL for external users (for example, https://sp01.contoso.com).
ExplicitLogonEnabled boolean Specifies whether to allow a user to open someone else's mailbox in Outlook on the web (provided that user has permissions to the mailbox).
PersonalAccountsEnabled boolean Available only in the cloud-based service. Description pending.
ForceSaveMimeTypes list<string> Specifies the MIME extensions in attachments that only allow the attachments to be saved locally (not opened).
ChangePasswordEnabled boolean Specifies whether users can change their passwords from inside Outlook on the web.
ExternalImageProxyEnabled boolean Specifies whether to load all external images through the Outlook external image proxy.
OrganizationEnabled boolean When the OrganizationEnabled parameter is set to false, the Automatic Reply option doesn't include external and internal options, the address book doesn't show the organization hierarchy, and the Resources tab in Calendar forms is disabled. The default value is true.
ForceSaveFileTypes list<string> Specifies the attachment file types (file extensions) that can only be saved from Outlook on the web (not opened).
AllAddressListsEnabled boolean Specifies which address lists are available in Outlook on the web.
ItemsToOtherAccountsEnabled boolean Available only in the cloud-based service. Description pending.
LocalEventsEnabled boolean Specifies whether local events calendars are available in Outlook on the web.
FacebookEnabled boolean If False, Facebook contact synchronization is disabled.
UseISO885915 boolean Specifies whether to use the character set ISO8859-15 instead of ISO8859-1 in Outlook on the web.
TextMessagingEnabled boolean Specifies whether users can send and receive text messages in Outlook on the web.
AllowedFileTypes list<string> Specifies the attachment file types (file extensions) that can be saved locally or viewed from Outlook on the web.
ThirdPartyFileProvidersEnabled boolean Description pending.
PlacesEnabled boolean Specifies whether to enable or disable Places in Outlook on the web. Places lets users search, share, and map location details by using Bing.
CalendarEnabled boolean Specifies whether to enable or disable the calendar in Outlook Web App.
BookingsMailboxDomain string Is available only in the cloud-based service. Description pending.
ProjectMocaEnabled boolean Enables or disables access to Project Moca in Outlook on the web.
WacExternalServicesEnabled boolean Specifies whether to enable or disable external services when viewing documents in Outlook on the web (for example, machine translation) by using Office Online Server.
SignaturesEnabled boolean Specifies whether to enable or disable the use of signatures in Outlook on the web.
NotesEnabled boolean Specifies whether the Notes folder is available in Outlook on the web.
Name string Name of the OwaMailboxPolicy
WacViewingOnPrivateComputersEnabled boolean Specifies whether to enable or disable web viewing of supported Office documents private computer sessions in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server).
SMimeEnabled boolean Specifies whether users can download the S/MIME control for Outlook Web App and use it to read and compose signed and encrypted messages.
WebReadyDocumentViewingOnPrivateComputersEnabled boolean Specifies whether WebReady Document Viewing is available in private computer sessions.
WebReadyDocumentViewingSupportedMimeTypes list<string> This is a read-only parameter that can't be modified; use the WebReadyMimeTypes parameter instead.
ActiveSyncIntegrationEnabled boolean Specifies whether to enable or disable Exchange ActiveSync settings in Outlook on the web.
PredictedActionsEnabled boolean Description pending.
ForceSaveAttachmentFilteringEnabled boolean Specifies whether files are filtered before they can be saved from Outlook on the web.
ConditionalAccessFeatures list<string> Description pending.
ClassicAttachmentsEnabled boolean Specifies whether users can attach local files as regular email attachments in Outlook on the web.
IsValid boolean The validity for the OwaMailboxPolicy.
GlobalAddressListEnabled boolean Specifies whether the global address list is available in Outlook on the web.
InstantMessagingEnabled boolean Specifies whether instant messaging is available in Outlook on the web. This does not affect chat capabilities provided by Skype for Business or Teams.
SpellCheckerEnabled boolean Specifies whether to enable or disable the built-in Outlook Web App spell checker in the full version of Outlook Web App.
SilverlightEnabled boolean Specifies whether a user can use Microsoft Silverlight features in Outlook Web App.
SaveAttachmentsToCloudEnabled boolean Specifies whether users can save regular email attachments to the cloud.
SatisfactionEnabled boolean Specifies whether to enable or disable the satisfaction survey.
OutlookBetaToggleEnabled boolean Specifies whether to enable or disable the Outlook on the web Preview toggle. The Preview toggle allows users to try the new Outlook on the web experience.
WacOMEXEnabled boolean Specifies whether to enable or disable apps for Outlook in Outlook on the web in Office Online Server.
Identity string Specifies the Outlook on the web mailbox policy that you want to modify.
ActionForUnknownFileAndMIMETypes string Specifies how to handle file types that aren't specified in the Allow, Block, and Force Save lists for file types and MIME types. Valid values are: Allow (This is the default value.) ForceSave. Block.
InterestingCalendarsEnabled boolean Specifies whether interesting calendars are available in Outlook on the web
TeamsnapCalendarsEnabled boolean Specifies whether to allow users to connect to their personal TeamSnap calendars in Outlook on the web.
ForceWacViewingFirstOnPrivateComputers boolean Specifies whether private computers must first preview an Office file as a web page in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server) before opening the file in the local application.
IRMEnabled boolean Specifies whether Information Rights Management (IRM) features are available in Outlook on the web.
WebReadyDocumentViewingOnPublicComputersEnabled boolean Specifies whether WebReady Document Viewing is in public computer sessions.
WebReadyDocumentViewingForAllSupportedTypes boolean Specifies whether to enable WebReady Document Viewing for all supported file and MIME types.
InstantMessagingType string Specifies the type of instant messaging provider in Outlook on the web. Valid values are: None: This is the default value in on-premises Exchange. Ocs: Lync or Skype (formerly known as Office Communication Server). This is the default value in Exchange Online.
ThemeSelectionEnabled boolean Specifies whether users can change the theme in Outlook on the web.
AllowedOrganizationAccountDomains list<string> Available only in the cloud-based service. Description pending.
JournalEnabled boolean Specifies whether the Journal folder is available in Outlook on the web.
ReferenceAttachmentsEnabled boolean Specifies whether users can attach files from the cloud as linked attachments in Outlook on the web.
LogonAndErrorLanguage number Specifies the language that used in Outlook on the web for forms-based authentication and for error messages when a user's current language setting can't be read.
SkipCreateUnifiedGroupCustomSharepointClassification boolean Specifies whether to skip a custom SharePoint page during the creation of Microsoft 365 Groups in Outlook on the web.
PremiumClientEnabled boolean Controls the availability of the full version of Outlook Web App.
ContactsEnabled boolean Specifies whether to enable or disable Contacts in Outlook Web App.
WacEditingEnabled boolean Specifies whether to enable or disable editing documents in Outlook on the web by using Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server).
ForceWebReadyDocumentViewingFirstOnPrivateComputers boolean Secifies whether private computers must first preview an Office file as a web page in WebReady Document Viewing before opening the file from Outlook Web App.
ForceWebReadyDocumentViewingFirstOnPublicComputers boolean Specifies whether Public computers must first preview an Office file as a web page in WebReady Document Viewing before opening the file from Outlook Web App.
WeatherEnabled boolean Specifies whether to enable or disable weather information in the calendar in Outlook on the web.
UserVoiceEnabled boolean Specifies whether to enable or disable Outlook UserVoice in Outlook on the web. Outlook UserVoice is a customer feedback area that's available in Microsoft 365.
PublicFoldersEnabled boolean Specifies whether a user can browse or read items in public folders in Outlook Web App.
UseGB18030 boolean Specifies whether to use the GB18030 character set instead of GB2312 in Outlook on the web.
SetPhotoURL string Controls where users go to select their photo. Note that you can't specify a URL that contains one or more picture files, as there is no mechanism to copy a URL photo to the properties of the users' Exchange Online mailboxes.
LinkedInEnabled boolean If False, LinkedIn contact synchronization is disabled.
JunkEmailEnabled boolean Specifies whether the Junk Email folder and junk email management are available in Outlook on the web.
AllowCopyContactsToDeviceAddressBook boolean Specifies whether users can copy the contents of their Contacts folder to a mobile device's native address book when using Outlook on the web for devices.
id string id of the OwaMailboxPolicy
BookingsMailboxCreationEnabled boolean Allows you disable Microsoft Bookings.
UMIntegrationEnabled boolean Specifies whether Unified Messaging (UM) integration is enabled in Outlook on the web.
GroupCreationEnabled boolean Specifies whether Microsoft 365 Group creation is available in Outlook and Outlook on the web.
WebReadyMimeTypes list<string> Specifies the MIME extensions of attachments that allow the attachments to be viewed by WebReady Document Viewing in Outlook on the web.
ConditionalAccessPolicy string Specifies the Outlook on the Web Policy for limited access. For this feature to work properly, you also need to configure a Conditional Access policy in the Azure Active Directory Portal. Valid values are: Off: No conditional access policy is applied to Outlook on the web. This is the default value. ReadOnly: Users can't download attachments to their local computer, and can't enable Offline Mode on non-compliant computers. They can still view attachments in the browser. ReadOnlyPlusAttachmentsBlocked: All restrictions from ReadOnly apply, but users can't view attachments in the browser.
ChangeSettingsAccountEnabled boolean Is functional only in the cloud-based service. Description pending.
PhoneticSupportEnabled boolean Specifies phonetically spelled entries in the address book. This parameter is available for use in Japan.
OWALightEnabled boolean Controls the availability of the light version of Outlook on the web.
BlockedFileTypes list<string> Specifies a list of attachment file types (file extensions) that can't be saved locally or viewed from Outlook on the web.
WebPartsFrameOptionsType string Specifies what sources can access web parts in IFRAME or FRAME elements in Outlook on the web. Valid values are: None: There are no restrictions on displaying Outlook on the web content in a frame. SameOrigin: This is the default value and the recommended value. Display Outlook on the web content only in a frame that has the same origin as the content. Deny: Blocks display of Outlook on the web content in a frame, regardless of the origin of the site attempting to access it.
UserDiagnosticEnabled boolean Description pending.
AllowedMimeTypes list<string> Specifies the MIME extensions of attachments that allow the attachments to be saved locally or viewed from Outlook on the web.
OneWinNativeOutlookEnabled boolean Controls the availability of the new Outlook for Windows App.
OutboundCharset string Specifies the character set that's used for outgoing messages in Outlook on the web. Valid values are: AutoDetect: Examine the first 2 kilobytes (KB) of text in the message to determine the character set that's used in outgoing messages. This is the default value. AlwaysUTF8: Always use UTF-8 encoded Unicode characters in outgoing messages, regardless of the detected text in the message, or the user's language choice in Outlook on the web. Use this value if replies to UTF-8 encoded messages aren't being encoded in UTF-8. UserLanguageChoice: Use the user's language choice in Outlook on the web to encode outgoing messages.
PrintWithoutDownloadEnabled boolean Specifies whether to allow printing of supported files without downloading the attachment in Outlook on the web.
SMimeSuppressNameChecksEnabled boolean Specifies whether to suppress name check in S/MIME messages. You don't need to specify a value with this switch.
DirectFileAccessOnPublicComputersEnabled boolean Specifies the left-click options for attachments in Outlook on the web for public computer sessions.
MessagePreviewsDisabled boolean Description pending.
WebReadyDocumentViewingSupportedFileTypes list<string> This is a read-only parameter that can't be modified; use the WebReadyFileTypes parameter instead.
DirectFileAccessOnPrivateComputersEnabled boolean Specifies the left-click options for attachments in Outlook on the web for private computer sessions.
BlockedMimeTypes list<string> Specifies MIME extensions in attachments that prevent the attachments from being saved locally or viewed from Outlook on the web.
RulesEnabled boolean Specifies whether a user can view, create, or modify server-side rules in Outlook on the web.
NpsSurveysEnabled boolean Specifies whether to enable or disable the Net Promoter Score (NPS) survey in Outlook on the web. The survey allows users to rate Outlook on the web on a scale of 1 to 5, and to provide feedback and suggested improvements in free text.
WacViewingOnPublicComputersEnabled boolean Specifies whether to enable or disable web viewing of supported Office documents in public computer sessions in Office Online Server.
WebReadyFileTypes list<string> Specifies the attachment file types (file extensions) that can be viewed by WebReady Document Viewing in Outlook on the web.
RemindersAndNotificationsEnabled boolean Specifies whether notifications and reminders are enabled in Outlook on the web.
OnSendAddinsEnabled boolean Specifies whether to enable or disable on send add-ins in Outlook on the web (add-ins that support events when a user clicks Send).
DefaultTheme string Specifies the default theme that's used in Outlook on the web when the user hasn't selected a theme.
RecoverDeletedItemsEnabled boolean Specifies whether a user can use Outlook Web App to view, recover, or delete permanently items that have been deleted from the Deleted Items folder.
AllowOfflineOn string Specifies when Outlook Web App in offline mode is available for supported web browsers. Valid values are: PrivateComputersOnly: Offline mode is available in private computer sessions. By default in Exchange 2013 or later and Exchange Online, all Outlook on the web sessions are considered to be on private computers. In Exchange 2013 or later, users can only specify public computer sessions if you've enabled the private/public selection on the sign in page (the LogonPagePublicPrivateSelectionEnabled parameter value is $true on the Set-OwaVirtualDirectory cmdlet). NoComputers: Offline mode is disabled. AllComputers: Offline mode is available for public and private computer sessions.
ShowOnlineArchiveEnabled boolean Available only in the cloud-based service. Description pending.
ReportJunkEmailEnabled boolean Specifies whether users can report messages as junk or not junk to Microsoft in Outlook on the web.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
QuarantineRetentionDays number Retention of quarantine policy in days.
Identity string Specifies the name, distinguished name (DN), or GUID of the quarantine policy.
IsValid boolean Whether this QuarantinePolicy is valid or not.
Name string Name of the Quarantine policy, e.g. "DefaultFullAccessPolicy".
ESNEnabled boolean The ESNEnabled parameter specifies whether to enable quarantine notifications (formerly known as end-user spam notifications) for the policy.
EndUserQuarantinePermissions list<object> List of end user quarantine permissions.
 name string Permission name.
 isEnabled boolean Is permission enabled.
QuarantinePolicyType string Type of quarantine policy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Name string The name of the Remote Domain asset. The default Remote Domain on an O365 account has name "Default", and domain "*".
DomainName string The remote domain that is being configured. "*" represents any remote domain. The default Remote Domain setting in an O365 account has the name "Default" and domain "*".
AutoForwardEnabled boolean If False, AutoForwarding of email to this remote domain will not be allowed.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Identity string Specifies the name, distinguished name (DN),or GUID of the retention policy.
RetentionId string The identity of the retention policy to ensure mailboxes moved from an on-premises Exchange deployment to the cloud continue to have the same retention policy applied to them.
IsDefault boolean Whether the retention policy is the default retention policy.
RetentionPolicyTagLinks list<string> RetentionPolicyTag The RetentionPolicyTags associated.
id string The unique identifier for this retention policy.
Name string Unique name for the retention policy.
IsValid boolean Whether the retention policy is valid.
IsDefaultArbitrationMailbox boolean Whether default retention policy for arbitration mailboxes in Exchange Online organization.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
MustDisplayCommentEnabled boolean Specifies whether the comment can be hidden..
TriggerForRetention string Specifies the date that's considered as the start date of the retention period. An item can reach its retention limit a specific number of days after the item was delivered or after it was moved into a specific folder. Valid values include: WhenDelivered The item expires based on when it was delivered. WhenMoved The item expires based on the date it was moved. If this parameter isn't present and the RetentionEnabled parameter is set to $true, an error is returned.
Comment string Specifies a comment for the tag.
Name string Specifies the name of the retention policy tag.
RetentionAction string Specifies the action for the retention policy.
AgeLimitForRetention number Specifies the age at which retention is enforced on an item. The age limit corresponds to the number of days from the date the item was delivered,or the date an item was created if it wasn't delivered.
Type string Specifies the type of retention tag being created.
RetentionId string Specifies an alternate tag ID to ensure the retention tag found on mailbox items tagged in one Exchangeorganization matches the tag when the mailbox is moved to another Exchange organization.
LocalizedComment list<string> Specifies localized comments and their languages.
LocalizedRetentionPolicyTagName list<string> Specifies localized tag names and their languages.
RawRetentionId string Specifies the raw RetentionId.
Identity string Specifies the name of the tag.
IsPrimary boolean Specifies whether its primary retention policy tag.
MessageClass string Specifies the message type to which the tag applies. If not specified, the default value is set to '*'.
IsValid boolean Specifies whether the retention policy tag is valid.
LegacyManagedFolder string Specifies the name of a managed folder. The retention tag is created by using retention settings from the managed folder and its managed content settings. You can use this parameter to create retention tags based on existing managed folders to migrate users from managed folder mailbox policies to retention policies.
MessageClassDisplayName string Specifies the message class display name.
MoveToDestinationFolder string Description pending.
id string The unique identifier for this retention policy tag.
RetentionEnabled boolean Specifies whether the tag is enabled. When set to False, the tag is disabled, and no retentionaction is taken on messages that have the tag applied.
SystemTag boolean Specifies that the tag is created for internal Exchange functionality.
Description string Specifies a Description for the tag.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AssignedRoles list<string> List of roles assigned to this policy. Some sample values are "My Custom Apps", "My Marketplace Apps", "My ReadWriteMailbox Apps".
Name string Name of the policy.
Description string Description of the role assignment policy.
IsDefault boolean True if this is the default role assignment policy.
IsValid boolean True if this is a valid role assignment policy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
IsDefault boolean Whether the SafeAttachmentPolicy is the default policy.
IsBuiltInProtection boolean Description pending.
EnableOrganizationBranding boolean Description pending.
Redirect boolean Specifies whether to deliver messages that were identified by Safe Attachments as containing malware attachments to another email address.
RedirectAddress string Specifies the email address to deliver messages that were identified by Safe Attachments as containing malware attachments when the Redirect parameter is set to the value true.
Enable boolean If true, the Action parameter specifies the action for the Safe Attachment policy. If false, Attachments are not scanned by Safe Attachments.
Name string Name of the SafeAttachmentPolicy
IsValid boolean The validity for the SafeAttachmentPolicy.
QuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as malware by Safe Attachments.
AdminDisplayName string Specifies a description for the policy.
Identity string The identifier for this policy.
Action string The Action parameter specifies the action for the safe attachment policy. Valid values are: Allow: Deliver the message if malware is detected in the attachment and track scanning results. This value corresponds to Monitor for the Safe Attachments unknown malware response property of the policy in the admin center. Block: Block the email message that contains the malware attachment. This is the default value. Replace: Deliver the email message, but remove the malware attachment and replace it with warning text. DynamicDelivery: Deliver the email message with a placeholder for each email attachment. The placeholder remains until a copy of the attachment is scanned and determined to be safe.
id string id of the SafeAttachmentPolicy
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowClickThrough boolean The AllowClickThrough parameter specifies whether to allow users to click through to the original URL on warning pages.
DoNotRewriteUrls list<string> Specifies the URLs that are not rewritten by Safe Links scanning.
EnableForInternalSenders boolean Specifies whether the Safe Links policy is applied to messages sent between internal senders and internal recipients within the same Exchange Online organization.
ScanUrls boolean Specifies whether to enable or disable real-time scanning of clicked links in email messages.
DisableUrlRewrite boolean Specifies whether to rewrite (wrap) URLs in email message.
EnableSafeLinksForEmail boolean The EnableSafeLinksForEmail parameter specifies whether to enable Safe Links protection for email messages.
EnableOrganizationBranding boolean Specifies whether your organization's logo is displayed on Safe Links warning and notification pages..
CustomNotificationText string Specifies the customized notification text to show to users.
id string Unique ID of the SafeLinksPolicy.
EnableSafeLinksForOffice boolean The EnableSafeLinksForOffice parameter specifies whether to enable Safe Links protection for Microsoft Office Apps.
IsValid boolean Whether SafeLinksPolicy is valid one.
RecommendedPolicyType string Used for Standard and Strict policy creation.
DeliverMessageAfterScan boolean Specifies whether to deliver email messages only after Safe Links scanning is complete.
EnableSafeLinksForTeams boolean Specifies whether Safe Links is enabled for Microsoft Teams.
TrackClicks boolean Specifies whether to track user clicks related to Safe Links protection of links.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
id string Combination of azureTenantId_createdDateTime.
azureTenantId string GUID string for tenant ID.
createdDateTime number The date when the entity is created.
maxScore number Tenant maximum possible score on specified date.
currentScore number Tenant current attained score on specified date.
controlScores list<object> Contains tenant scores for a set of controls.
 isEnforced boolean Whether this control score is enforced or not.
 count number Count of violated resources for this control
 on boolean Indicate whether the policy is turned on.
 lastSynced number The datetime when last synced in epoch time.
 scoreInPercentage number The current score as a percentage.
 controlName string Unique name for the control.
 controlCategory string Control action category (Identity, Data, Device, Apps, Infrastructure).
 score number Tenant achieved score for the control (it varies day by day depending on tenant operations on the control).
 description string Description of the control.
 IsApplicable boolean Whether this control score is applicable or not.
 implementationStatus string Description of current status, e.g. "You currently have 4 global admins".
 total number Number of applicable resources for this control
 reviewed number Unix timestamp.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
disabledModernListTemplateIds list<string> An array of modern List template ids that are disabled on the tenant.
socialBarOnSitePagesDisabled boolean The Social Bar will appear on all modern SharePoint pages with the exception of the home page of a site. It will give users the ability to like a page, see the number of views, likes, and comments on a page, and see the people who have liked a page.
coreRequestFilesLinkEnabled boolean Enable or disable the Request files link on the core partition for all SharePoint sites (not including OneDrive sites). If this value is not set, Request files will only show for OneDrives with Anyone links enabled.
coreRequestFilesLinkExpirationInDays number Specifies the number of days before a Request files link expires for all SharePoint sites (not including OneDrive sites).
enableAzureADB2BIntegration boolean Enables the preview for OneDrive and SharePoint integration with Azure AD B2B.
filePickerExternalImageSearchEnabled boolean For Webparts that support inserting images, like for example Image or Hero webpart, the Web search (Powered by Bing) option will be available if enabled.
iPAddressAllowList string Comma separated list of allowed IP addresses or IP address ranges.
informationBarriersSuspension boolean Specifies whether information barriers suspensed or not.
isCollabMeetingNotesFluidEnabled boolean Specifies whether CollabMeetingNotes Fluid Framework is enabled or not.
blockMacSync boolean If True, MacOS devices cannot sync files from OneDrive / SharePoint.
blockUserInfoVisibilityInSharePoint string Specifies block user info visibility in SharePoint.
blockSendLabelMismatchEmail boolean When a sensitivity label mismatch occurs between the label on the document uploaded and the label on the site, SharePoint Online captures an audit record, and sends an Incompatible sensitivity label detected email notification to the person who uploaded the document and the site owner. The notification contains details of the document which caused the problem and the label assigned to the document and to the site. The comparison happens between the priority of these two labels.
displayNamesOfFileViewers boolean If true, file owners can see the names of people who viewed their files in OneDrive.
disallowInfectedFileDownload boolean If True, files that ATP has detected as infected will not be allowed to be downloaded via SharePoint.
requireAnonymousLinksExpireInDays number The number of days before an anonymous sharing link for a file expires. A value of -1 indicates no expiry.
showPeoplePickerGroupSuggestionsForIB boolean The ShowPeoplePickerGroupSuggestionsForIB setting allows showing group suggestions for information barriers (IBs) in the People Picker.
useFindPeopleInPeoplePicker boolean This feature enables tenant admins to enable ODB and SPO to respect Exchange supports Address Book Policy (ABP) policies in the people picker.
isUnmanagedSyncClientForTenantRestricted boolean If True, file syncing for OneDrive / SharePoint will only be allowed on PCs joined to specific domains. (See property "allowedDomainListForSyncClient")
emailAttestationRequired boolean Sets email attestation to required.
conditionalAccessPolicy string Specifies conditional access policy for the tenant.
sharingCapability string Specifies what level of sharing is available for the site.
bccExternalSharingInvitationsList string Specifies a list of e-mail addresses to be BCC'd when the BCC for External Sharing feature is enabled. Multiple addresses can be specified by creating a comma separated list with no spaces.
compatibilityRange string Determines which compatibility range is available for new site collections
disablePersonalListCreation boolean Specifies whether personal list creation is disabled or not.
enableAIPIntegration boolean This parameter enables SharePoint to process the content of files stored in SharePoint and OneDrive with sensitivity labels that include encryption.
notificationsInOneDriveForBusinessEnabled boolean Enables or disables notifications in OneDrive for Business.
allowAnonymousMeetingParticipantsToAccessWhiteboards string Specifies whether to allow anonymous meeting participants to access whiteboards.
defaultLinkPermission string Lets administrators choose the default permission of the link in the sharing dialog box in OneDrive for Business and SharePoint Online. This applies to anonymous access, internal and direct links.
disableCustomAppAuthentication boolean Prevents apps using an Azure Access Control (ACS) app-only access token to access SharePoint.
publicCdnOrigins list<string> Specifies a list of the Public CDN origins.
searchResolveExactEmailOrUPN boolean Removes the search capability from People Picker. This also does not allow SharePoint users to search for security groups or SharePoint groups.
specialCharactersStateInFileFolderNames string Permits the use of special characters in file and folder names in SharePoint Online and OneDrive for Business document libraries.
allowedDomainListForSyncClient list<string> The list of allowed domains if "isUnManagedSyncClientForTenantRestricted" is set to True.
defaultSharingLinkType string Lets administrators choose what type of link appears is selected in the "Get a link" sharing dialog box in OneDrive for Business and SharePoint Online.
stopNew2013Workflows boolean Prevents creation of new SharePoint 2013 classic workflows.
oDBAccessRequests string Specifies if AccessRequests is On, Off or Unspecified for Onedrive for Business.
showEveryoneExceptExternalUsersClaim boolean Enables the administrator to hide the "Everyone except external users" claim in the People Picker.
oneDriveForGuestsEnabled boolean Lets OneDrive for Business creation for administrator managed guest users. Administrator managed Guest users use credentials in the resource tenant to access the resources.
disableSpacesActivation boolean Specifies whether activation of spaces are disabled or not.
oDBMembersCanShare string Specifies if MembersCanShare is On, Off or Unspecified for Onedrive for Business.
sharingAllowedDomainList list<string> List of domains that resources are allowed to be shared with, if "sharingDomainRestrictionMode" = "AllowList"
externalServicesEnabled boolean Enables external services(services that are not in the Office 365 datacenters) for a tenant.
resourceQuota number Resource quota that is available for all sites in the tenant.
startASiteFormUrl string Specifies URL of the form to load in the Start a Site dialog.
conditionalAccessPolicyErrorHelpLink string A Link for help when Conditional Access Policy blocks a user.
officeClientADALDisabled boolean When set to true this will disable the ability to use Modern Authentication that leverages ADAL across the tenant.
showOpenInDesktopOptionForSyncedFiles boolean The ShowOpenInDesktopOptionForSyncedFiles setting displays the "Open in desktop" option when users go to SharePoint or OneDrive on the web and open the shortcut menu for a file that they're syncing with the OneDrive sync app.
commentsOnListItemsDisabled boolean Disables or enables commenting functionality on list items.
showAllUsersClaim boolean Enables the administrator to hide the All Users claim groups in People Picker.
applyAppEnforcedRestrictionsToAdHocRecipients boolean When the feature is enabled, all guest users are subject to conditional access policy. By default guest users who are accessing SharePoint Online files with pass code are exempt from the conditional access policy.
emailAttestationReAuthDays number The number of days for email attestation re-authentication. Value can be from 1 to 365 days.
markNewFilesSensitiveByDefault string If external sharing is turned on, sensitive content could be shared and accessed by guests before the Office DLP rule finishes processing, you can address this issue by configuring this parameter.
disableOutlookPSTVersionTrimming boolean Specifies whether Outlook PST version trimming is disabled or not.
isFluidEnabled boolean Specifies whether Fluid Framework is enabled or not.
blockUserInfoVisibilityInOneDrive string Specifies block user info visibility in OneDrive.
sharingBlockedDomainList list<string> List of domains that resources will not be allowed to be shared with, if "sharingDomainRestrictionMode" = "BlockList"
allowGuestUserShareToUsersNotInSiteCollection boolean This setting will allow guests to share to users not in the site.
coreSharingCapability string Determines what level of sharing is available for SharePoint sites (not including OneDrive sites).
publicCdnAllowedFileTypes string Specifies public CDN allowed file types.
showEveryoneClaim boolean Enables the administrator to hide the Everyone claim in the People Picker.
storageQuotaAllocated number Storage quota that is allocated for all sites in the tenant.
viewInFileExplorerEnabled boolean Enables or disables the ability to use View in Explorer in Microsoft Edge (93) or above.
blockAccessOnUnmanagedDevices boolean If true, unmanaged devices will not be allowed access to SharePoint. Note only one of the allowLimitedAccessOnUnmanagedDevices and blockAccessOnUnmanagedDevices settings can be true at the same time. If both settings are false, then all devices, unmanaged or not, will have full access to SharePoint.
displayStartASiteOption boolean If false, the site creation command will be hidden in SharePoint.
resourceQuotaAllocated number Resource quota that is allocated for all sites in the tenant.
stopNew2010Workflows boolean Prevents creation of new SharePoint 2010 classic workflows.
bccExternalSharingInvitations boolean When the feature is enabled, all external sharing invitations that are sent will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.
fileAnonymousLinkType string Type of anonymous access link of files to allow recipients to only view or view and edit.
signInAccelerationDomain string Specifies the home realm discovery value to be sent to Azure Active Directory (AAD) during the user sign-in process.
allowCommentsTextOnEmailEnabled boolean When this parameter is true, the email notification that a user receives when is mentioned, includes the surrounding document context.
allowOverrideForBlockUserInfoVisibility boolean Specifies whether to override block user info visibility.
iPAddressEnforcement boolean Allows access from network locations that are defined by an administrator.
storageQuota number Storage quota that is available for all sites in the tenant.
customizedExternalSharingServiceUrl string Specifies a URL that will be appended to the error message that is surfaced when a user is blocked from sharing externally by policy. This URL can be used to direct users to internal portals to request help or to inform them about your organization's policies. An example value is "https://www.contoso.com/sharingpolicies".
enableAutoNewsDigest boolean Enable or disable auto news digest.
folderAnonymousLinkType string Type of anonymous access link of folders to allow recipients to only view or view and edit.
includeAtAGlanceInShareEmails boolean Enable or disable the At A Glance feature in sharing e-mails. This provides the key points and time to read for the shared item if available.
oneDriveRequestFilesLinkEnabled boolean Enable or disable the Request files link on the OneDrive partition for all OneDrive sites.
excludedFileExtensionsForSyncClient list<string> The list of excluded file extensions when syncing OneDrive files.
disableBackToClassic boolean Specifies whether back to classic link is disabled in Modern UX.
externalUserExpirationRequired boolean Specifies whether to enable the external user expiration policy.
externalUserExpireInDays number Specifies the number of days before an external user will expire and be removed from the site collection if the policy is enabled. Value can be from 30 to 730 days.
labelMismatchEmailHelpLink string This parameter allows tenant admins to customize the "Help Link" in email with the subject "Incompatible sensitivity label detected."
noAccessRedirectUrl string Specifies the URL of the redirected site for those site collections which have the locked state "NoAccess."
oneDriveRequestFilesLinkExpirationInDays number Specifies the number of days before a Request files link expires for all OneDrive sites. The value can be from 0 to 730 days.
requireAcceptingAccountMatchInvitedAccount boolean If true, external users must accept sharing invitations using the same account that the invitations were sent to.
notifyOwnersWhenInvitationsAccepted boolean If true, OneDrive owners will receive a notification when external users accept invitations to access files.
orphanedPersonalSitesRetentionPeriod number Specifies the number of days after a user's Active Directory account is deleted that their OneDrive for Business content will be deleted.
enableGuestSignInAcceleration boolean Accelerates guest-enabled site collections as well as member-only site collections when the SignInAccelerationDomain parameter is set.
iPAddressWACTokenLifetime number Allows to set the session timeout. If you are a tenant administrator and you begin IP address enforcement for OneDrive for Business in Office 365, this enforcement automatically activates a tenant parameter IPAddressWACTokenLifetime. The default value is 15 minutes, when IP Address Enforcement is True.
mediaTranscription string Defines the media transcription policy.
oneDriveStorageQuota number Specifies a default OneDrive for Business storage quota for the tenant. It will be used for new OneDrive for Business sites created.
displayNamesOfFileViewersInSpo boolean If true, file owners can see the names of people who viewed their files in SharePoint.
ownerAnonymousNotification boolean If true, OneDrive owners will receive a notification when an anonymous link is created or changed.
contentTypeSyncSiteTemplatesList list<string> When the feature is enabled, the Content Type Hub will push content types to OneDrive for Business sites.
reduceTempTokenLifetimeEnabled boolean Enables reduced session timeout for temporary URLs used by apps for document download scenarios.
showPeoplePickerSuggestionsForGuestUsers boolean Shows people picker suggestions for guest users.
viewersCanCommentOnMediaDisabled boolean Controls whether viewers commenting on media items is disabled or not.
allowEditing boolean Prevents users from editing Office files in the browser and copying and pasting Office file contents out of the browser window.
commentsOnFilesDisabled boolean Disables or enables commenting functionality on the files.
commentsOnSitePagesDisabled boolean Disables or enables commenting functionality on the site pages.
userVoiceForFeedbackEnabled boolean Enables or disables the User Voice Feedback button.
permissiveBrowserFileHandlingOverride boolean Enables the Permissive browser file handling. By default, the browser file handling is set to Strict.
anyoneLinkTrackUsers boolean Specifies whether anyone links should track link users.
oneDriveLoopSharingCapability string Specifies sharing capabilities of Onedrive loop.
blockDownloadLinksFileType string Specifies the type of files that can be displayed when the block download links feature is being used.
disabledWebPartIds list<string> Allows administrators to prevent certain web parts from being added to pages or rendering on pages on which they were previously added.
limitedAccessFileType string Allows users to preview only Office files in the browser. This option increases security, but may be a barrier to user productivity.
isWBFluidEnabled boolean Specifies whether Whiteboard is enabled or disabled for OneDrive for Business users. Whiteboard on OneDrive for Business is automatically enabled for applicable Microsoft 365 tenants but can be disabled.
provisionSharedWithEveryoneFolder boolean Creates a Shared with Everyone folder in every user's new OneDrive for Business document library.
publicCdnEnabled boolean Enables or disables the public CDN.
syncPrivacyProfileProperties boolean Specifies whether privacy profile properties synced or not.
sharingDomainRestrictionMode string The sharing domain restriction being used. Possible values are: "None", "AllowList", "BlockList".
notifyOwnersWhenItemsReshared boolean If true, OneDrive owners will receive a notification when other users invite additional external users to shared files.
allowLimitedAccessOnUnmanagedDevices boolean If true, unmanaged devices will only be allowed limited, web-only access to SharePoint. Note only one of the allowLimitedAccessOnUnmanagedDevices and blockAccessOnUnmanagedDevices settings can be true at the same time. If both settings are false, then all devices, unmanaged or not, will have full access to SharePoint.
reduceTempTokenLifetimeValue number Specifies the session timeout value for temporary URLs. The value can be in between 5 and 15 minutes and the default value is 15 minutes.
notificationsInSharePointEnabled boolean Enables or disables notifications in SharePoint.
workflow2010Disabled boolean Specifies whether workflow 2010 is disabled or not.
legacyAuthProtocolsEnabled boolean If False, basic authentication and other legacy authentication mechanisms are not allowed for this SharePoint tenant.
preventExternalUsersFromResharing boolean If True, external users will not be able to share files and folders unless they were the original owner of the resource.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
isDefault boolean True if this is the default sharing policy.
name string Name of the sharing policy.
sharingEnabled boolean The "enabled" setting from the PowerShell command. If "False", no calendar sharing is allowed with users outside of the O365 organization.
domains list<object> List of domains and what kind of calendar details can be shared with them.
 domain string Possible values are "*" (represents users outside of the o365 organization who have an o365 account), "Anonymous" (represents users outside of the o365 organization who do not have an o365 account).
 sharingAllowedDetails string Possible values are "CalendarSharingFreeBusySimple" (share free/busy hours only), "CalendarSharingFreeBusyDetail" (share free/busy hours, subject, and location), "CalendarSharingFreeBusyReviewer" (share free/busy hours, subject, location, and the body of the message or calendar item), "ContactsSharing" (share contacts only).
id string id of the SharingPolicy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Name string Unique name for the smime config.
OWAIncludeCertificateChainAndRootCertificate boolean Specifies whether the certificate chains and root certificates of the signing or encryption certificates are included in the message in Outlook on the web.
OWAUseKeyIdentifier boolean Specifies whether a certificate's key identifier is used to encode the asymmetrically encrypted token in Outlook on the web.
SMIMECertificateIssuingCA list<string> Specifies the serialized certificate store (SST) that contains the Certificate Authority (CA) signing and intermediate certificate information.
OWAAlwaysSign boolean Specifies whether all outgoing messages are automatically signed in Outlook on the web.
OWAEncryptTemporaryBuffers boolean Specifies whether the Outlook on the web client-side temporary message storage buffers are encrypted.
OWAIncludeCertificateChainWithoutRootCertificate boolean Specifies whether the certificate chains of the signing or encryption certificates are included in messages in Outlook on the web. Valid values are: true: Signed or encrypted messages include the full certificate chain, but not the root certificate. false: Signed or encrypted messages include only the signing and encrypting certificates, not their corresponding certificate chains. This is the default value.
OWACRLConnectionTimeout number Specifies the time in milliseconds that Outlook on the web waits while connecting to retrieve a single CRL as part of a certificate validation operation. A valid value is an integer between 0 and 4294967295 (UInt32). The default value is 60000 (60 seconds).
SMIMECertificatesExpiryDate number Description pending.
OWAIncludeSMIMECapabilitiesInMessage boolean Specifies whether signed and encrypted messages in Outlook on the web include attributes that describe the supported encryption and signing algorithms.
SMIMEExpiredCertificateThumbprint string Description pending.
OWAClearSign boolean Specifies how email messages are signed in Outlook on the web. Valid values are: true: Digitally signed messages are clear-signed. This is the default value. false: digitally signed messages are opaque-signed.
OWADisableCRLCheck boolean Enables or disables CRL checking in Outlook on the web. Valid values are: true: CRL checks are disabled when validating certificates. false: CRL checks are enabled when validating certificates.This is the default value.
OWADLExpansionTimeout number Specifies the time in milliseconds that Outlook on the web waits when sending encrypted messages to members of a distribution group that requires expansion. A valid value is an integer between 0 and 4294967295 (UInt32). The default value is 60000 (60 seconds). If the operation doesn't complete in the time specified by this parameter, the operation fails and the message is not sent.
OWAAllowUserChoiceOfSigningCertificate boolean Specifies whether to allow users to select the certificate to use when they digitally sign email messages in Outlook on the web.
OWAEncryptionAlgorithms string Specifies a list of symmetric encryption algorithms that are used by Outlook on the web to encrypt messages. Valid values are: 6601: DES (56-bit). 6602: RC2. Supported key lengths are 40, 56, 64, and 128. RC2 is the only supported algorithm that offers multiple key lengths. 6603: 3DES (168-bit). 660E: AES128. 660F: AES192. 6610: AES256 (This is the default value).
OWASignedEmailCertificateInclusion boolean Specifies whether the sender's encryption certificate is excluded from a signed email message in Outlook on the web. Valid values are: true: Outlook on the web and the S/MIME control include both signing and encrypting certificates with signed email messages. This is the default value. false: Outlook on the web and the S/MIME control do not include signing and encrypting certificates with signed email messages.
id string The unique identifier for this smime config.
OWABCCEncryptedEmailForking number Specifies how Bcc messages are encrypted in Outlook on the web. Valid values are: 0: One encrypted message per Bcc recipient. This is the default value. 1: One single encrypted message for all Bcc recipients. 2: One encrypted message without Bcc forking.
OWAForceSMIMEClientUpgrade boolean Specifies whether or not users are forced to upgrade an S/MIME control that's older than their current version in Outlook on the web. true: Users need to download and install the new control before they can use S/MIME. This is the default value. false: Users receive a warning if the S/MIME control on their computer is not current, but they can still use S/MIME without updating the control.
OWASigningAlgorithms string Specifies the list of symmetric encryption signing algorithms that are used by Outlook on the web to sign messages with the S/MIME control. Valid values are: 8003: CALG_MD5 or 128-bit MD5. 800E: CALG_SHA_512 or 512-bit Secure Hash Algorithm (SHA). 800D: CALG_SHA_384 or 384-bit SHA. 800C: CALG_SHA_256 or 256-bit SHA. 8004: SHA1 or 160-bit SHA-1 (This is the default value)
OWATripleWrapSignedEncryptedMail boolean Specifies whether signed and encrypted email messages in Outlook on the web are triple-wrapped. Valid values are: true: A signed message is encrypted, and then the encrypted message is signed (signed-encrypted-signed). false: A signed message is encrypted only (there is no additional signing of the encrypted message). This is the default value.
OWAUseSecondaryProxiesWhenFindingCertificates boolean Specifies whether alternative proxies are used during the certificate search in Outlook on the web.
OWACRLRetrievalTimeout boolean Specifies the time in milliseconds that Outlook on the web waits to retrieve all CRLs when validating a certificate. VA valid value is an integer between 0 and 4294967295 (UInt32). The default value is 10000 (10 seconds).
OWAOnlyUseSmartCard boolean Specifies whether smartcard-based certificates are required for Outlook on the web message signing and decryption.
OWASenderCertificateAttributesToDisplay string Controls which certificate attributes are displayed when signature verification proceeds despite a mismatch between the sender's email address and the email address in sender's certificate.
IsValid boolean Whether the smime config is valid.
OWAAlwaysEncrypt boolean Specifies whether all outgoing messages are automatically encrypted in Outlook on the web.
OWACheckCRLOnSend boolean Specifies how the certificate revocation list (CRL) check is enforced when an email message is sent in Outlook on the web. Valid values are: true: When the CRL distribution point is inaccessible, Outlook on the web displays a warning dialog box and prevents signed or encrypted messages from being sent. false: When the CRL distribution point is inaccessible, Outlook on the web allows signed or encrypted messages to be sent. This is the default value.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Enabled boolean Enables the browser idle sign-out policy.
SignOutAfter object Specifies a time interval of inactivity before the user gets signed out
 Nanoseconds number Nanoseconds
 Minutes number Minutes
 Ticks number Ticks
 Days number Days
 Hours number Hours
 Milliseconds number Milliseconds
 Microseconds number Microseconds
WarnAfter object Specifies a time interval of inactivity before the user gets a warning about being signed out.
 Milliseconds number Milliseconds
 Microseconds number Microseconds
 Nanoseconds number Nanoseconds
 Minutes number Minutes
 Ticks number Ticks
 Days number Days
 Hours number Hours
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowSelfServiceUpgrade boolean Gets or sets a value that indicates whether a site supports self-service upgrade.
DisableAppViews string DisableAppViews
ResourceUsageAverage number ResourceUsageAverage
WebsCount number Gets the number of [SPWeb] objects in the site.
DisableCompanyWideSharingLinks string DisableCompanyWideSharingLinks
GroupId string GroupId
ResourceQuota number ResourceQuota
ResourceUsageCurrent number ResourceUsageCurrent
SocialBarOnSitePagesDisabled boolean Disables or enables the Social Bar.
StorageQuotaWarningLevel number StorageQuotaWarningLevel
DefaultLinkToExistingAccess boolean DefaultLinkToExistingAccess
Description string Description of the Sharepoint Site
InformationSegment string InformationSegment
IsTeamsConnected boolean IsTeamsConnected
OwnerName string Name of Sharepoint Site owner
Title string Gets or sets the title of the site.
CompatibilityLevel number Gets the compatibility level of the site.
DisableSharingForNonOwnersStatus boolean DisableSharingForNonOwnersStatus
OverrideTenantAnonymousLinkExpirationPolicy boolean OverrideTenantAnonymousLinkExpirationPolicy
OwnerEmail string Email of Sharepoint Site owner
SensitivityLabel string SensitivityLabel
SharingBlockedDomainList list<string> SharingBlockedDomainList
HubSiteId string HubSiteId
StorageQuotaType string StorageQuotaType
RelatedGroupId string RelatedGroupId
SandboxedCodeActivationCapability string SandboxedCodeActivationCapability
SiteDefinedSharingCapability string SiteDefinedSharingCapability
Template string Gets or sets the web template name of the site.
IsTeamsChannelConnected boolean IsTeamsChannelConnected
LocaleId number LocaleId
LockIssue string Gets a description of the lock issue.
StorageUsageCurrent number StorageUsageCurrent
OverrideTenantExternalUserExpirationPolicy boolean OverrideTenantExternalUserExpirationPolicy
Owner string Gets or sets the login name of the site owner.
Url string Gets the URL of the site.
AllowEditing boolean Prevents users from editing Office files in the browser and copying and pasting Office file contents out of the browser window.
ShowPeoplePickerSuggestionsForGuestUsers boolean Shows people picker suggestions for guest users.
LockState string Gets or sets the lock state of the site.
RestrictedToGeo string RestrictedToGeo
SharingAllowedDomainList list<string> SharingAllowedDomainList
SharingCapability string Determines what level of sharing is available for the site.
ExternalUserExpirationInDays number ExternalUserExpirationInDays
IsHubSite boolean IsHubSite
PWAEnabled string PWAEnabled
StorageQuota number StorageQuota
DenyAddAndCustomizePages string Gets or sets a value of the DenyAddAndCustomizePagesStatus enumeration for the site.
DisableFlows string DisableFlows
ProtectionLevelName string ProtectionLevelName
ResourceQuotaWarningLevel number ResourceQuotaWarningLevel
TeamsChannelType string TeamsChannelType
AnonymousLinkExpirationInDays number AnonymousLinkExpirationInDays
CommentsOnSitePagesDisabled boolean Disables or enables commenting functionality on the site pages
DefaultSharingLinkType string Lets administrators choose what type of link appears is selected in the "Get a link" sharing dialog box in OneDrive for Business and SharePoint Online.
Status string Gets the status of the site.
AllowDownloadingNonWebViewableFiles boolean AllowDownloadingNonWebViewableFiles
BlockDownloadLinksFileType string ServerRendered (Office Only) and WebPreviewable (All supported files).
ConditionalAccessPolicy string ConditionalAccessPolicy
DefaultLinkPermission string Lets administrators choose the default permission of the link in the sharing dialog box in OneDrive for Business and SharePoint Online.
LimitedAccessFileType string Allows users to preview only Office files in the browser. This option increases security, but may be a barrier to user productivity.
OwnerLoginName string Login name of Sharepoint Site owner
SharingDomainRestrictionMode string SharingDomainRestrictionMode
ATTRIBUTE TYPE REFERS TO DESCRIPTION
DisableReportProblemDialog boolean DisableReportProblemDialog
TenantRestrictionEnabled boolean TenantRestrictionEnabled.
BlockMacSync boolean Block Mac sync clients-- the Beta version and the new sync client (OneDrive.exe).
AllowedDomainList list<string> Configure OneDrive to sync only on PCs that are joined to specific domains.
ExcludedFileExtensions list<string> Prevent users from uploading specific file types when they sync their OneDrive files.
OptOutOfGrooveBlock boolean Whether user is allowed to sync OneDrive for Business libraries with the old OneDrive for Business sync client.
OptOutOfGrooveSoftBlock boolean OptOutOfGrooveSoftBlock.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
SenderDomainIs list<string> The sender domain that is being checked in this Mail Transport Rule.
Priority number The priority level of the Transport Rule that determines the order of rule processing. 0 is the highest priority.
SentToScope string The "sent to scope" condition being checked in this Transport Rule. Possible values are "InOrganization", "NotInOrganization", "ExternalPartner" and "ExternalNonPartner". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more details.
MessageTypeMatches string Specifies a condition that looks for messages of a specified type. Possible values are "OOF", "AutoForward", "Encrypted", "Calendaring", "PermissionControlled", Voicemail", "Signed", "ApprovalRequest", and "ReadReceipt". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more information.
Identity string The id of the TransportRule
State string The state of the TransportRule. For example, "Enabled"
RedirectMessageTo string An email address that this MailTransportRule will auto-forward emails to.
SetScl number Spam Confidence Level. -1 = Bypass spam filters. 0-4 = perform normal spam filtering. 5-6 = mark as spam. 7-9 = mark as high confidence spam. See https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages?view=o365-worldwide for more info.
RejectMessageReasonText string Specifies the explanation text that's used when a TransportRule rejects a message.
Name string The name of the Mail Transport Rule.
FromScope string The "from scope" condition being checked in this Transport Rule. Possible values are "InOrganization" "NotInOrganization". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more details.
RejectMessageEnhancedStatusCode string Specifies the enhanced status code that's used when the rule rejects messages. See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more information.