Resource Type

ATTRIBUTE TYPE REFERS TO DESCRIPTION
id string The unique identifier for this domain. (e.g. "dev-o365.yourcompany.com" or "yourcompany.onmicrosoft.com")
DMARCRecordPublished boolean To get this value, use `nslookup -type=txt _dmarc.<domain>` and Ensure that a policy exists that starts with `v=DMARC1;`. Set this to "true" if the record is valid and existing.
IsCoexistenceDomain boolean Value that indicates whether the domain is a coexistence domain.
PendingRemoval boolean Value that indicates whether the domain is in the process of being removed.
spfRecordPublished boolean To get this value, use `nslookup -type=txt domain.com` and ensure that a value exists that contains `include:spf.protection.outlook.com.` Set this to "true" if the record is valid and existing.
MailFlowPartner string Specifies the mail flow partner of the domain.
CanHaveCloudCache boolean Specifies whether the domain can have cloud cache.
ObjectClass list<string> Specifies the object class of the resource.
OutboundOnly boolean Value that indicates whether the domain is used for outbound email only.
PendingFederatedAccountNamespace boolean Value that indicates whether the domain is pending a federation account request.
DMARCTxtRecords list<string> Specifies the DMARC TXT records of the domain.
PendingCompletion boolean Specifies whether the domain is pending completion.
FederatedOrganizationLink string Specifies the federated organization link of the domain.
InitialDomain boolean Value that indicates whether the domain is the initial domain for new accounts.
MatchSubDomains boolean Enables mail to be sent by and received from users on any subdomain of this accepted domain.
DomainType string Identifies the type of domain for which the Exchange server sends and receives email.
PendingFederatedDomain boolean Value that indicates whether the domain is pending a domain federation request.
DomainName string SMTP domain for which the server sends and receives email.
ExternallyManaged boolean Specifies whether the domain is externally managed.
IsValid boolean Specifies whether the domain is valid.
EmailOnly boolean Specifies whether the domain is email only.
SPFTxtRecords list<string> Specifies the SPF TXT records of the domain.
RawAuthenticationType string Specifies the raw authentication type of the domain.
SendingFromDomainDisabled boolean Specifies whether the domain has sending from disabled.
AddressBookEnabled boolean Value that indicates whether to enable recipient filtering for this accepted domain.
LiveIdInstanceType string Specifies the live id instance type of the domain.
AuthenticationType string Indicates how email addresses in the domain are authenticated.
Default boolean Value that indicates whether the domain is the default domain for the Exchange server.
EnableNego2Authentication boolean Value that indicates whether the domain will use Negotiated2 authentication.
IsDefaultFederatedDomain boolean Value that indicates whether the domain is the default domain for federation requests.
PerimeterDuplicateDetected boolean Value that indicates whether the domain is duplicated.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AdminAuditLogAgeLimit string Specifies how long each log entry should be kept before it's deleted. The default age limit is 90 days.
LogLevel string Specifies whether additional properties should be included in the log entries. Valid values are None and Verbose.
TestCmdletLoggingEnabled boolean Specifies whether the execution of test cmdlets should be logged. Test cmdlets begin with the verb Test. Valid values are true and false. The default value is false.
Name string Name of the AdminAuditLogConfig
AdminAuditLogExcludedCmdlets list<string> Specifies which cmdlets should be excluded from auditing. Use this parameter if you want to exclude specific cmdlets you don't want to audit even if they match a wildcard string specified in the AdminAuditLogCmdlets parameter.
AdminAuditLogCmdlets list<string> Specifies which cmdlets should be audited. You can specify one or more cmdlets, separated by commas. You can also use the wildcard character (*) to match multiple cmdlets in one or more of the entries in the cmdlet list. To audit all cmdlets, specify only the wildcard character (*).
Identity string Specifies the name of AdminAuditLog.
AdminAuditLogMailbox string Description pending.
id string ID of the AdminAuditLogConfig
IsValid boolean The validity for the AdminAuditLogConfig.
AdminAuditLogParameters list<string> Specifies which parameters should be audited on the cmdlets you specified using the AdminAuditLogCmdlets parameter. You can specify one or more parameters, separated by commas. You can also use the wildcard character (*) to match multiple parameters in one or more of the entries in the parameters list. To audit all parameters, specify only the wildcard character (*).
UnifiedAuditLogFirstOptInDate number Description pending.
AdminAuditLogEnabled boolean Indicate whether the audit log is enabled.
UnifiedAuditLogIngestionEnabled boolean Indicate whether the audit log search is turned on.
PartitionInfo list<string> Description pending.
RefreshInterval number Description pending.
LoadBalancerCount number Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
IsDefault boolean Whether the AntiPhishPolicy is the default policy.
Identity string Specifies the antiphish policy that you want to view.
id string id of the AntiPhishPolicy.
TargetedDomainProtectionAction string Specifies the action to take on detected domain impersonation messages. You specify the protected domains in the TargetedDomainsToProtect parameter. Valid values are: NoAction: This is the default value. BccMessage: Add the recipients specified by the TargetedDomainActionRecipients parameter to the Bcc field of the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. Quarantine: Move the message to quarantine. Quarantined high confidence phishing messages are only available to admins. As of April 2020, quarantined phishing messages are available to the intended recipients. Redirect: Redirect the message to the recipients specified by the TargetedDomainActionRecipients parameter.
EnableMailboxIntelligence boolean Specifies whether to enable or disable mailbox intelligence, which is artificial intelligence (AI) that determines user email patterns with their frequent contacts. Mailbox intelligence helps distinguish between messages from legitimate and impersonated senders based on a recipient's previous communication history.
EnableUnusualCharactersSafetyTips boolean Specifies whether to enable the safety tip that's shown to recipients for unusual characters in domain and user impersonation detections.
ExcludedSenders list<string> Specifies an exception for impersonation protection that looks for the specified message sender.
AuthenticationFailAction string When an incoming email message's sender fails authentication, this setting describes the possible default actions that will take place. Possible values are "MoveToJmf" (Moves the email to the junk folder), "Quarantine" (Moves the email to quarantine).
MailboxIntelligenceProtectionActionRecipients list<string> Specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage.
EnableMailboxIntelligenceProtection boolean Specifies whether to enable or disable taking action for impersonation detections from mailbox intelligence results. This parameter is meaningful only if the EnableMailboxIntelligence parameter is set to the value true.
ExcludedDomains list<string> Specifies an exception for impersonation protection that looks for the specified domains in the message sender.
PhishThresholdLevel number Specifies the tolerance level that's used by machine learning in the handling of phishing messages. Valid values are: 1: Standard: This is the default value. The severity of the action that's taken on the message depends on the degree of confidence that the message is phishing (low, medium, high, or very high confidence). For example, messages that are identified as phishing with a very high degree of confidence have the most severe actions applied, while messages that are identified as phishing with a low degree of confidence have less severe actions applied. 2: Aggressive: Messages that are identified as phishing with a high degree of confidence are treated as if they were identified with a very high degree of confidence. 3: More aggressive: Messages that are identified as phishing with a medium or high degree of confidence are treated as if they were identified with a very high degree of confidence. 4: Most aggressive: Messages that are identified as phishing with a low, medium, or high degree of confidence are treated as if they were identified with a very high degree of confidence.
TargetedUserQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by user impersonation protection (the TargetedUserProtectionAction parameter value is Quarantine).
EnableFirstContactSafetyTips boolean Specifies whether to enable or disable the safety tip that's shown when recipients first receive an email from a sender or do not often receive email from a sender.
TargetedDomainQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by domain impersonation protection (the TargetedDomainProtectionAction parameter value is Quarantine).
EnableUnauthenticatedSender boolean "True" if Unauthenticated Sender Identification is enabled. (https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#unauthenticated-sender)
EnableSimilarUsersSafetyTips boolean Specifies whether to enable the safety tip that's shown to recipients for user impersonation detections.
DmarcRejectAction string Description pending.
TargetedUserActionRecipients list<string> Specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage.
IsValid boolean The validity for the AntiPhishPolicy.
MailboxIntelligenceQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by mailbox intelligence (the MailboxIntelligenceProtectionAction parameter value is Quarantine).
EnableSpoofIntelligence boolean "True" if "Spoof Intelligence" is enabled.
TargetedDomainActionRecipients list<string> Specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage.
EnableTargetedUserProtection boolean Specifies whether to enable user impersonation protection for a list of specified users.
TargetedDomainsToProtect list<string> Specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to true.
DmarcQuarantineAction string Description pending.
MailboxIntelligenceProtectionAction string Specifies what to do with messages that fail mailbox intelligence protection. Valid values are: NoAction: This is the default value. Note that this value has the same result as setting the EnableMailboxIntelligenceProtection parameter to false when the EnableMailboxIntelligence parameter is true. BccMessage: Add the recipients specified by the MailboxIntelligenceProtectionActionRecipients parameter to the Bcc field of the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. Quarantine: Move the message to quarantine. Quarantined high confidence phishing messages are only available to admins. As of April 2020, quarantined phishing messages are available to the intended recipients. Redirect: Redirect the message to the recipients specified by the MailboxIntelligenceProtectionActionRecipients parameter.
TargetedUsersToProtect list<string> Specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to true.
EnableOrganizationDomainsProtection boolean Specifies whether to enable domain impersonation protection for all registered domains in the Microsoft 365 organization.
ImpersonationProtectionState string Specifies the configuration of impersonation protection. Valid values are: Automatic: This is the default value in the default policy named Office365 AntiPhish Policy. Manual: This is the default value in custom policies that you create. Off.
Name string Name of the AntiPhish policy, e.g. "Office365 AntiPhish Default".
EnableViaTag boolean If "True", the "Via Tag" will be applied to certain email messages. See https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#unauthenticated-sender for more details.
EnableTargetedDomainsProtection boolean Specifies whether to enable domain impersonation protection for a list of specified domains.
HonorDmarcPolicy boolean Description pending.
EnableSimilarDomainsSafetyTips boolean Specifies whether to enable the safety tip that's shown to recipients for domain impersonation detections.
SpoofQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined by spoof intelligence (the AuthenticationFailAction parameter value is Quarantine).
TargetedUserProtectionAction string Specifies the action to take on detected user impersonation messages. You specify the protected users in the TargetedUsersToProtect parameter. Valid values are: NoAction: This is the default value. BccMessage: Add the recipients specified by the TargetedDomainActionRecipients parameter to the Bcc field of the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. Quarantine: Move the message to quarantine. Quarantined high confidence phishing messages are only available to admins. As of April 2020, quarantined phishing messages are available to the intended recipients. Redirect: Redirect the message to the recipients specified by the TargetedDomainActionRecipients parameter.
AdminDisplayName string Specifies a description for the policy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
EnableSafeDocs boolean The EnableSafeDocs parameter enables or disables Safe Documents for the entire organization.
AllowSafeDocsOpen boolean The AllowSafeDocsOpen parameter allows or prevents users from leaving Protected View (that is, opening the document) if the document has been identified as malicious.
IsValid boolean Whether the Atp policy is valid.
EnableATPForSPOTeamsODB boolean The EnableATPForSPOTeamsODB parameter enables or disables Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowBasicAuthOfflineAddressBook boolean Whether to allow Basic authentication with Offline Address Books.
AllowBasicAuthRest boolean Whether to allow Basic authentication with REST API.
AllowBasicAuthWebServices boolean whether to allow Basic authentication with Exchange Web Services (EWS).
AllowBasicAuthImap boolean Whether to allow Basic authentication with IMAP.
Name string Name of the AuthenticationPolicy
IsValid boolean The validity for the AuthenticationPolicy.
Identity string Specifies the authentication policy you want to modify.
AllowBasicAuthSmtp boolean Whether to allow Basic authentication with SMTP.
id string ID of the AuthenticationPolicy
AllowBasicAuthActiveSync boolean Whether to allow Basic authentication with Exchange Active Sync.
AllowBasicAuthAutodiscover boolean Whether to allow Basic authentication with Autodiscover.
AllowBasicAuthMapi boolean Whether to allow Basic authentication with MAPI.
AllowBasicAuthOutlookService boolean Whether to allow Basic authentication with the Outlook service.
AllowBasicAuthPop boolean Whether to allow Basic authentication with POP.
AllowBasicAuthReportingWebServices boolean Whether to allow Basic authentication with reporting web services.
AllowBasicAuthPowershell boolean Whether to allow Basic authentication with PowerShell.
AllowBasicAuthRpc boolean Whether to allow Basic authentication with RPC.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
HeaderCanonicalization string Specifies the canonicalization algorithm that's used to create and verify the message header part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message headers in transit. Valid values are: Relaxed: Common modifications to the message header are tolerated (for example, Header field line rewrapping, changes in unnecessary whitespace or empty lines, and changes in case for header fields). This is the default value. Simple: No changes to the header fields are tolerated.
Status boolean Status of DkimSigningConfig.
SelectorAfterRotateOnDate string Description pending.
Selector1KeySize number Description pending.
Selector1PublicKey string Description pending.
Selector2CNAME string Description pending.
Selector2PublicKey string Description pending.
BodyCanonicalization string Specifies the canonicalization algorithm that's used to create and verify the message body part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message body in transit. Valid values are: Relaxed: Changes in whitespace and changes in empty lines at the end of the message body are tolerated. This is the default value. Simple: Only changes in empty lines at the end of the message body are tolerated.
IncludeKeyExpiration boolean Description pending.
Selector1CNAME string Description pending.
SelectorBeforeRotateOnDate string Description pending.
Domain string A domain under the current O365 tenant.
Enabled boolean "True" if DKIM signing is enabled for this tenant, "False" otherwise.
id string ID of the DkimSigningConfig
Name string Name of the DkimSigningConfig
IsValid boolean The validity for the DkimSigningConfig.
KeyCreationTime number Description pending.
RotateOnDate number Description pending.
Selector2KeySize number Description pending.
IsDefault boolean Whether the DkimSigningConfig is the default policy.
Identity string Specifies the DKIM signing policy that you want to view.
IncludeSignatureCreationTime boolean Description pending.
Algorithm string Description pending.
NumberOfBytesToSign string Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
passwordNotificationWindowInDays number Specifies the number of days before a user receives notification that their password will expire. If the property is not set, a default value of 14 days will be used
supportedServices list<string> List of supported services for this domain (e.g. "Intune")
passwordValidityPeriodInDays number Specifies the length of time that a password is valid before it must be changed. If the property is not set, a default value of 90 days will be used.
availabilityStatus string This property is always null except when the verify action is used. When the verify action is used, a domain entity is returned in the response. The availabilityStatus property of the domain entity in the response is either AvailableImmediately or EmailVerifiedDomainTakeoverScheduled
isDefault boolean true if this is the default domain that is used for user creation. There is only one default domain per company.
isRoot boolean true if the domain is a verified root domain. Otherwise, false if the domain is a subdomain or unverified
state string domainState
id string The unique identifier for this domain. (e.g. "dev-o365.yourcompany.com" or "yourcompany.onmicrosoft.com")
authenticationType string Indicates the configured authentication type for the domain. The value is either Managed or Federated. Managed indicates a cloud managed domain where Azure AD performs user authentication. Federated indicates authentication is federated with an identity provider such as the tenant's on-premises Active Directory via Active Directory Federation Services
isAdminManaged boolean The value of the property is false if the DNS record management of the domain has been delegated to Microsoft 365. Otherwise, the value is true.
isInitial boolean true if this is the initial domain created by Microsoft Online Services (companyname.onmicrosoft.com). There is only one initial domain per company
isVerified boolean true if the domain has completed domain ownership verification
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AnyMailTransportRuleRedirectMessageToExternalDomain boolean True if any of the mail transport rules is set up to redirect to any external domains.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
EnableOutsideAccess boolean Indicates whether the user is allowed to connect to Skype for Business Server over the Internet, without logging on to the organization's internal network. The default value is False.
EnablePublicCloudAudioVideoAccess boolean Indicates whether the user is allowed to conduct audio/video conversations with people who have SIP accounts with a public Internet connectivity provider such as MSN. When set to False, audio and video options in Skype for Business will be disabled any time a user is communicating with a public Internet connectivity contact. The default value is False.
RestrictTeamsConsumerAccessToExternalUserProfiles boolean Defines if a user is restricted to collaboration with Teams Consumer (TFL) user only in Extended Directory Possible Values: True, False.
EnableAcsFederationAccess boolean Indicates whether Teams meeting organized by the user can be joined by users of customer applications built using Azure Communication Services (ACS).
EnableFederationAccess boolean Indicates whether the user is allowed to communicate with people who have SIP accounts with a federated organization. The default value is True.
EnableTeamsConsumerAccess boolean Indicates whether the user is allowed to communicate with people who have who are using Teams with an account that's not managed by an organization. The default value is True.
EnableTeamsConsumerInbound boolean Indicates whether the user is allowed to be discoverable by people who are using Teams with an account that's not managed by an organization. It also controls if people who have who are using Teams with an account that's not managed by an organization can start the communication with the user. The default value is True.
EnableTeamsSmsAccess boolean Allows you to control whether users can have SMS text messaging capabilities within Teams. Possible Values: True, False.
EnableXmppAccess boolean Indicates whether the user is allowed to communicate with users who have SIP accounts with a federated XMPP (Extensible Messaging and Presence Protocol) partner. The default value is False.
Identity boolean Unique identifier for the external access policy to be modified. External access policies can be configured at the global, site, or per-user scopes. To modify the global policy, use this syntax: -Identity global. To modify a site policy, use syntax similar to this: -Identity site:Redmond. To modify a per-user policy, use syntax similar to this: -Identity SalesAccessPolicy. If this parameter is not specified then the global policy will be modified.
AllowedExternalDomains list<string> Indicates the domains that are allowed to communicate with the users of this policy. This is referenced only when CommunicationWithExternalOrgs is set to be AllowSpecificExternalDomains.
EnablePublicCloudAccess boolean Indicates whether the user is allowed to communicate with people who have SIP accounts with a public Internet connectivity provider such as MSN. The default value is False.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Enabled boolean True means the feature is enabled; False means the feature is disabled.
AllowList list<string> The list of exceptions. Messages received from the specified senders or senders in the specified domains don't receive the External icon in the area of subject line.
Identity string The identifier for ExternalInOutlook setting.
id string The id for the ExternalInOutlook setting.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
EnableSafeList boolean The EnableSafeList parameter enables or disables use of the safe list. The safe list is a dynamic allow list in the Microsoft datacenter that requires no customer configuration.
Identity string The Identity parameter specifies the connection filter policy that you want to modify. You can use any value that uniquely identifies the policy.
IPAllowList list<string> The IPAllowList parameter specifies IP addresses from which messages are always allowed. Messages from the IP addresses you specify won't be identified as spam, despite any other spam characteristics of the messages.
IPBlockList list<string> The IPBlockList parameter specifies IP addresses from which messages are never allowed. Messages from the IP addresses you specify are blocked without any further spam scanning.
AdminDisplayName string The AdminDisplayName parameter specifies a description for the policy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
HighConfidenceSpamQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as high confidence spam.
SpamQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as spam.
MarkAsSpamEmptyMessages string Marks a message as spam when the message contains no subject, no content in the message body, and no attachments.
AddXHeaderValue string Specifies the X-header name (not value) to add to spam messages when a spam filtering verdict parameter is set to the value AddXHeader.
PhishQuarantineTag string Parameter specifies the quarantine policy that's used on messages that are quarantined as phishing (the PhishSpamAction parameter value is Quarantine).
MarkAsSpamBulkMail string Allows spam filtering to act on bulk email messages.
TestModeBccToRecipients list<string> Specifies the blind carbon copy (Bcc) recipients to add to spam messages when the TestModeAction ASF parameter is set to the value BccMessage.
MarkAsSpamFromAddressAuthFail string Marks a message as spam when Sender ID filtering encounters a hard fail.
MarkAsSpamWebBugsInHtml string Marks a message as spam when the message contains web bugs (also known as web beacons).
MarkAsSpamEmbedTagsInHtml string Marks a message as spam when the message contains HTML embed tag.
MarkAsSpamJavaScriptInHtml string Marks a message as spam when the message contains JavaScript or VBScript.
Identity string The identifier for this policy.
MarkAsSpamNdrBackscatter string The MarkAsSpamNdrBackscatter parameter marks a message as spam when the message is a non-delivery report (also known as an NDR or bounce messages) sent to a forged sender (known as backscatter). Valid values are: Off: The setting is disabled. This is the default value. On: The setting is enabled. Backscatter is given the SCL 9 (high confidence spam), and the X-header X-CustomSpam: Backscatter NDR is added to the message.
MarkAsSpamFormTagsInHtml string Parameter marks a message as spam when the message contains HTML form tags.
IncreaseScoreWithNumericIps string Increases the spam score of messages that contain links to IP addresses.
LanguageBlockList string Parameter enables or disables marking messages that were written in specific languages as spam.
MarkAsSpamSpfRecordHardFail string Parameter marks a message as spam when SPF record checking encounters a hard fail.
IncreaseScoreWithBizOrInfoUrls string Increases the spam score of messages that contain links to .biz or .info domains.
PhishSpamAction string The PhishSpamAction parameter specifies the action to take on messages that are marked as phishing (not high confidence phishing). Phishing messages use fraudulent links or spoofed domains to get personal information. Valid values are: AddXHeader: Add the AddXHeaderValue parameter value to the message header and deliver the message. Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the deleted message. ModifySubject: Add the ModifySubject parameter value to the beginning of the subject line, deliver the message, and move the message to the Junk Email folder (same caveats as MoveToJmf). MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. The message is moved only if the junk email rule is enabled on the mailbox (it's enabled by default). Quarantine: Move the message to the quarantine. This is the default value. The quarantined message is available to the intended recipients (as of April, 2020) and admins. Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter.
SpamAction string Specifies the action to take on messages that are marked as spam
MarkAsSpamSensitiveWordList string Marks a message as spam when the message contains words from the sensitive words list.
BlockedSenderDomains list<string> Specifies domains that are always marked as spam sources.
QuarantineRetentionPeriod number Specifies the number of days that spam messages remain in quarantine when a spam filtering verdict parameter is set to the value Quarantine.
AllowedSenderDomains list<string> Specifies trusted domains that aren't processed by the spam filter. Messages from senders in these domains are stamped with SFV:SKA in the X-Forefront-Antispam-Report header and receive a spam confidence level (SCL) of -1, so the messages are delivered to the recipient's inbox.
BlockedSenders list<string> Specifies senders that are always marked as spam sources.
ZapEnabled boolean If true, zero-hour auto purge (ZAP) is enabled for this HostedContentFilterPolicy.
IsValid boolean The validity for the HostedContentFilterPolicy.
BulkSpamAction string Specifies the action to take on messages that are marked as bulk email.
RegionBlockList list<string> Parameter specifies the source countries or regions that are marked as spam when the EnableRegionBlockList parameter value is true.
ModifySubjectValue string Specifies the text to prepend to the existing subject of messages when a spam filtering verdict parameter is set to the value ModifySubject.
AllowedSenders list<string> Specifies a list of trusted senders that skip spam filtering.
MarkAsSpamFramesInHtml string Marks a message as spam when the message contains HTML frame or iframe tags.
HighConfidencePhishQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as high confidence phishing.
HighConfidencePhishAction string The HighConfidencePhishAction parameter specifies the action to take on messages that are marked as high confidence phishing (not phishing). Phishing messages use fraudulent links or spoofed domains to get personal information. Valid values are: MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder. The message is moved only if the junk email rule is enabled on the mailbox (it's enabled by default). Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter. Quarantine: Move the message to quarantine. By default, messages that are quarantined as high confidence phishing are available only to admins. Or, you can use the HighConfidencePhishQuarantineTag parameter to specify what end-users are allowed to do on quarantined messages.
PhishZapEnabled boolean The PhishZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect phishing in already delivered messages in Exchange Online mailboxes.
MarkAsSpamObjectTagsInHtml string Parameter marks a message as spam when the message contains HTML <object> tags.
BulkQuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as bulk email.
RedirectToRecipients list<string> Specifies the email addresses of replacement recipients when a spam filtering verdict parameter is set to the value Redirect.
EnableLanguageBlockList boolean Enables or disables marking messages that were written in specific languages as spam.
BulkThreshold number The BulkThreshold parameter specifies the BCL on messages that triggers the action specified by the BulkSpamAction parameter (greater than the specified BCL value, not greater than or equal to). A valid value is an integer from 1 to 9. The default value is 7, which means a BCL of 8 or 9 on messages will trigger the action that's specified by the BulkSpamAction parameter. A higher BCL indicates the message is more likely to generate complaints (and is therefore more likely to be spam).
DownloadLink boolean Shows or hides a link in end-user spam quarantine notifications to download the Junk Email Reporting Tool for Outlook.
EnableRegionBlockList boolean Enables or disables marking messages that are sent from specific countries or regions as spam.
TestModeAction string Specifies the additional action to take on messages when one or more IncreaseScoreWith* or MarkAsSpam*.
IncreaseScoreWithImageLinks string Increases the spam score of messages that contain image links to remote websites.
IncreaseScoreWithRedirectToOtherPort string Increases the spam score of messages that contain links that redirect to TCP ports other than 80 (HTTP), 8080 (alternate HTTP), or 443 (HTTPS).
InlineSafetyTipsEnabled boolean The InlineSafetyTipsEnabled parameter specifies whether to enable or disable safety tips that are shown to recipients in messages.
SpamZapEnabled boolean The SpamZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect spam in already delivered messages in Exchange Online mailboxes.
HighConfidenceSpamAction string Specifies the action to take on messages that are marked as high confidence spam (not spam, bulk email, phishing, or high confidence phishing).
ATTRIBUTE TYPE REFERS TO DESCRIPTION
SentTo list<string> Specifies a condition for the rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient.
ExceptIfSentTo list<string> Specifies an exception for the rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient.
Identity string Specifies the spam filter rule that you want to view.
Conditions list<string> Description pending.
Priority number Specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.
Comments string Specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.
ExceptIfSentToMemberOf list<string> Specifies an exception for the rule that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups. You can use any value that uniquely identifies the group.
Exceptions list<string> Description pending.
ImmutableId string Description pending.
id string ID of the HostedContentFilterRule
IsValid boolean The validity for the HostedContentFilterRule.
Description string Specifies a Description for the HostedContentFilterRule.
RecipientDomainIs list<string> Specifies a condition for the rule that looks for recipients with email address in the specified domains.
ExceptIfRecipientDomainIs list<string> Specifies an exception for the rule that looks for recipients with email address in the specified domains.
Name string Name of the HostedContentFilterRule
State string If Enabled, the HostedContentFilterRule is in use.
HostedContentFilterPolicy string HostedContentFilterPolicy The HostedContentFilterPolicy associated with this HostedContentFilterRule.
SentToMemberOf list<string> Specifies a condition that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups. You can use any value that uniquely identifies the group.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Enabled boolean Whether this policy is enabled or not.
Identity string Unique Identifier for the policy.
Name string Name of the HostedOutboundSpamFilterPolicy
ActionWhenThresholdReached string Specifies the action to take when any of the limits specified in the policy are reached. Valid values are: Alert: No action, alert only. BlockUser: Prevent the user from sending email messages. BlockUserForToday: Prevent the user from sending email messages until the following day. This is the default value.
NotifyOutboundSpamRecipients list<string> Specifies the email addresses of admins to notify when an outgoing spam is detected.
AdminDisplayName string Specifies a description for the policy.
BccSuspiciousOutboundMail boolean Send copies of suspicious messages to specific people.
NotifyOutboundSpam boolean Notify specific people if senders are blocked.
id string id of the HostedOutboundSpamFilterPolicy
RecipientLimitInternalPerHour number Specifies the maximum number of internal recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.
IsValid boolean The validity for the HostedOutboundSpamFilterPolicy.
IsDefault boolean Whether the HostedOutboundSpamFilterPolicy is the default policy.
ConfigurationType string Description pending
AutoForwardingMode string Specifies how the policy controls automatic email forwarding to external recipients. Valid values are: Automatic: This is the default value. This setting is now the same as Off. When this setting was originally introduced, this value was equivalent to On. On: Automatic external email forwarding is not restricted. Off: Automatic external email forwarding is disabled and will result in a non-delivery report (also known as an NDR or bounce message) to the sender.
BccSuspiciousOutboundAdditionalRecipients list<string> Specifies an email address to add to the Bcc field of outgoing spam messages.
RecipientLimitPerDay number Specifies the maximum number of recipients that a user can send to within a day. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.
RecipientLimitExternalPerHour number Specifies the maximum number of external recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
RestrictDomainsToCertificate boolean The RestrictDomainsToCertificate parameter specifies whether the Subject value of the TLS certificate is checked before messages can use the connector.
CloudServicesMailEnabled boolean The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft 365.
TlsSenderCertificateName string The TlsSenderCertificateName parameter specifies the TLS certificate that is used when the value of the RequireTls parameter is $true.
EFUsers list<string> The EFUsers parameter specifies the recipients that Enhanced Filtering for Connectors applies to. The default value is blank ($null), which means Enhanced Filtering for Connectors is applied to all recipients. You can specify multiple recipient email addresses separated by commas.
IsValid boolean Whether this InboundConnector is valid or not.
ConnectorType string The type of connector. Can be "Partner" or "OnPremises".
RequireTls boolean Whether or not TLS is required.
TreatMessagesAsInternal boolean The TreatMessagesAsInternal parameter specifies an alternative method to identify messages sent from an on-premises organization as internal messages. You should only consider using this parameter when your on-premises organization does not use Exchange.
EFSkipLastIP boolean The EFSkipIPs parameter specifies the behavior of Enhanced Filtering for Connectors.
Name string Name of the inbound connector
Enabled boolean Whether this InboundConnector is enabled or not.
AssociatedAcceptedDomains list<string> The AssociatedAcceptedDomains parameter restricts the source domains that use the connector to the specified accepted domains. A valid value is an SMTP domain that is configured as an accepted domain in your Microsoft 365 organization.
RestrictDomainsToIPAddresses boolean The RestrictDomainsToIPAddresses parameter specifies whether to reject mail that comes from unknown source IP addresses.
EFSkipIPs list<string> The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false.
Identity string The id of this InboundConnector.
SenderIPAddresses list<string> The SenderIPAddresses parameter specifies the source IPV4 IP addresses that the connector accepts messages from.
SenderDomains list<string> The SenderDomains parameter specifies the source domains that the connector accepts messages for.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
IsValid boolean The validity for the MalwareFilterPolicy.
EnableExternalSenderAdminNotifications boolean Enables or disables sending malware detection notification messages to an administrator for messages from external senders.
QuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as malware.
EnableInternalSenderAdminNotifications boolean If true, an admin will receive an email notification if an internal user is detected sending malware.
InternalSenderAdminAddress string The email address of the admin who will receive notifications when an internal user is detected sending malware.
EnableFileFilter boolean The Common Attachment Types Filter lets a user block known and custom malicious file types from being attached to emails. This setting is set to "True" if the "Common Attachment Types" filter is enabled.
AdminDisplayName string Specifies a description for the policy.
CustomExternalBody string Specifies the body of the custom notification message for malware detections in messages from external senders.
FileTypes list<string> Specifies the file types that are automatically blocked by common attachment blocking (also known as the Common Attachment Types Filter), regardless of content.
FileTypeAction string Specifies what's done to messages that contain one or more attachments where the file extension is included in the FileTypes parameter (common attachment blocking).
id string ID of the MalwareFilterPolicy
ZapEnabled boolean If true, zero-hour auto purge (ZAP) is enabled for this anti-malware policy. ZAP will quarantine messages that contain malware attachments.
IsDefault boolean Whether the MalwareFilterPolicy is the default policy.
CustomFromName string Specifies the From name of the custom notification message for malware detections in messages from internal or external senders.
CustomInternalBody string Specifies the body of the custom notification message for malware detections in messages from internal senders.
Action string This parameter describes what actions to take if a message contains malwares. Available options are DeleteMessage, DeleteAttachmentAndUseDefaultAlert, and DeleteAttachmentAndUseCustomAlert.
Name string Name of the MalwareFilterPolicy
ExternalSenderAdminAddress string Specifies the email address of the administrator who will receive notification messages for malware detections in messages from external senders.
CustomExternalSubject string Specifies the subject of the custom notification message for malware detections in messages from external senders.
CustomInternalSubject string Specifies the subject of the custom notification message for malware detections in messages from internal senders.
CustomNotifications boolean Enables or disables custom notification messages for malware detections in messages from internal or external senders.
CustomFromAddress string Specifies the From address of the custom notification message for malware detections in messages from internal or external senders.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ExceptIfSentTo string Specifies an exception that looks for recipients in messages.
MalwareFilterPolicy string MalwareFilterPolicy The MalwareFilterPolicy associated.
Exceptions list<string> Description pending.
id string ID of the MalwareFilterRule
SentTo string Specifies a condition that looks for recipients in messages.
ExceptIfRecipientDomainIs string Specifies an exception that looks for recipients with email address in the specified domains.
Conditions list<string> Description pending.
ImmutableId string Description pending.
IsValid boolean The validity for the MalwareFilterRule.
SentToMemberOf list<string> Specifies a condition that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups.
State string If Enabled, the MalwareFilterRule is in use.
Identity string Specifies the malware filter rule that you want to view. You can use any value that uniquely identifies the rule.
Comments string Specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.
Name string Name of the MalwareFilterRule
ExceptIfSentToMemberOf string Specifies an exception that looks for messages sent to members of distribution groups, mail-enabled security groups, or sent to Microsoft 365 Groups.
Description string Specifies a Description for the MalwareFilterRule.
Priority number Specifies a priority value for the rule that determines the order of rule processing.
RecipientDomainIs string Specifies a condition that looks for recipients with email address in the specified domains.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowExternalDeviceManagement boolean Specifies whether an external device management program is allowed to manage the mobile device.
PasswordExpiration string Specifies how long a password can be used on a mobile device before the user is forced to change the password.
AllowRemoteDesktop boolean Specifies whether the mobile device can initiate a remote desktop connection.
MaxEmailAgeFilter string Specifies the maximum number of days of email items to synchronize to the mobile device.
RequireEncryptedSMIMEMessages boolean Specifies whether the mobile device must send encrypted S/MIME messages.
AllowIrDA boolean Specifies whether infrared connections are allowed to the mobile device.
AttachmentsEnabled boolean Specifies whether attachments can be downloaded on the mobile device.
AllowSimplePassword boolean Specifies whether a simple password is allowed on the mobile device.
MaxPasswordFailedAttempts string Specifies the number of attempts a user can make to enter the correct password for the mobile device.
AllowStorageCard boolean Specifies whether the mobile device can access information stored on a storage card.
id string The unique identifier for this mobile device mailbox policy.
AllowMobileOTAUpdate boolean Specifies whether the policy can be sent to the mobile device over a cellular data connection.
AllowUnsignedApplications boolean Specifies whether unsigned applications can be installed on the mobile device.
DeviceEncryptionEnabled boolean Whether the mobile device mailbox policy has password enabled.
MinPasswordComplexCharacters number Parameter specifies the character sets that are required in the password of the mobile device.
AllowHTMLEmail boolean Specifies whether HTML-formatted email is enabled on the mobile device.
MinPasswordLength number Specifies the minimum number of characters in the mobile device password.
RequireDeviceEncryption boolean Specifies whether encryption is required on the mobile device..
IrmEnabled boolean Specifies whether Information Rights Management (IRM) is enabled for the mobile device.
MaxInactivityTimeLock string Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked.
AllowMicrosoftPushNotifications boolean Specifies whether push notifications are enabled on the mobile device..
MaxAttachmentSize string Specifies the maximum size of attachments that can be downloaded to the mobile device.
RequireSignedSMIMEAlgorithm string Specifies the algorithm that's used to sign S/MIME messages on the mobile device.
AllowCamera boolean Specifies whether the mobile device's camera is allowed.
Identity string Specifies the name, distinguished name (DN),or GUID of the mobile device mailbox policy.
UNCAccessEnabled boolean Specifies whether access to Microsoft Windows file shares is enabled from the mobile device.
MaxCalendarAgeFilter string Specifies the maximum range of calendar days that can be synchronized to the mobile device.
DevicePolicyRefreshInterval string Specifies how often the policy is sent to the mobile device..
AllowBrowser boolean Specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile device.
WSSAccessEnabled boolean Specifies whether access to Microsoft Windows SharePoint Services is enabled from the mobile device.
MaxEmailHTMLBodyTruncationSize string Specifies the maximum size at which HTML-formatted email messages are truncated when synchronized to the mobile device..
MaxEmailBodyTruncationSize string Specifies the maximum size at which email messages are truncated when synchronized to the mobile device.
AllowUnsignedInstallationPackages boolean Specifies whether unsigned installation packages are allowed to run on the mobile device.
PasswordEnabled boolean Whether the mobile device mailbox policy has password enabled.
PasswordHistory number Specifies the number of unique new passwords that need to be created on the mobile device before an old password can be reused.
AllowInternetSharing boolean Specifies whether the mobile device can be used as a modem to connect a computer to the Internet.
AllowPOPIMAPEmail boolean Specifies whether the user can configure a POP3 or IMAP4 email account on the mobile device.
Name string Unique name for the mobile device mailbox policy
IsDefault boolean Whether this is the default mobile device mailbox policy.
AllowNonProvisionableDevices boolean Whether mobile device mailbox policy allows non provisionable devices.
AlphanumericPasswordRequired boolean Whether mobile device mailbox policy requires alphanumeric password.
RequireStorageCardEncryption boolean Specifies whether storage card encryption is required on the mobile device.
AllowDesktopSync boolean Specifies whether the mobile device can synchronize with a desktop computer through a cable..
AllowGooglePushNotifications boolean Controls whether the user can receive push notifications from Google for Outlook on the web for devices.
AllowSMIMEEncryptionAlgorithmNegotiation string Specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified encryption algorithm.
AllowSMIMESoftCerts boolean Specifies whether S/MIME software certificates are allowed on the mobile device.
AllowConsumerEmail boolean Whether the user can configure a personal email account on the mobile device.
ApprovedApplicationList list<string> Specifies a configured list of approved applications for the device.
AllowWiFi boolean Specifies whether wireless Internet access is allowed on the mobile device.
UnapprovedInROMApplicationList list<string> Specifies a list of applications that can't be run in ROM on the mobile device.
PasswordRecoveryEnabled boolean Whether the mobile device mailbox policy has password recovery enabled.
RequireEncryptionSMIMEAlgorithm string Specifies the algorithm that's required to encrypt S/MIME messages on a mobile device..
RequireManualSyncWhenRoaming boolean Specifies whether the mobile device must synchronize manually while roaming.
AllowTextMessaging boolean Specifies whether text messaging is allowed from the mobile device.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
SendEmailFromDisplayName string Specifies the display name to use in the "From" contact information on emails that are sent to users to notify them of their dial-in conferencing settings, or when their settings change.
SendEmailFromOverride boolean Specifies if the contact information on dial-in conferencing notifications will be the default generated by Office 365, or administrator defined values.
AllowPSTNOnlyMeetingsByDefault boolean Specifies the default value that gets assigned to the "AllowPSTNOnlyMeetings" setting of users when they are enabled for dial-in conferencing, or when a user's dial-in conferencing provider is set to Microsoft.
AutomaticallyReplaceAcpProvider boolean Specifies whether ACP Provider can be Replaced automatically.
SendEmailFromAddress string Specifies the email address to use in the "From" contact information on emails that are sent to users to notify them of their dial-in conferencing settings, or when their settings change.
UseUniqueConferenceIds boolean Specifies whether to use unique conference ids.
Identity string Name of the Online Dial Conferencing Setting instance.
IncludeTollFreeNumberInMeetingInvites boolean Specifies whether to include toll free number in meeting invites.
MaskPstnNumbersType string This parameter allows tenant administrators to configure masking of PSTN participant phone numbers in the roster view for Microsoft Teams meetings enabled for Audio Conferencing, scheduled within the organization.
PinLength number Specifies the number of digits in the automatically generated PINs.
EnableEntryExitNotifications boolean Specifies if, by default, announcements are made as users enter and exit a conference call.
EntryExitAnnouncementsType string Announcements type of entry and exit.
EnableNameRecording boolean Specifies whether the name of a user is recorded on entry to the conference. This recording is used during entry and exit notifications.
MigrateServiceNumbersOnCrossForestMove boolean Specifies does option to Migrate phone number or telephony configurations when moving users or services between different active directory forests.
AutomaticallyMigrateUserMeetings boolean Specifies whether user meetings can be Migrated automatically.
AutomaticallySendEmailsToUsers boolean Specifies whether advisory emails will be sent to users when the events listed occur.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Description string Description about the dial-in conference policy.
Identity string Specifies identity of the dial-in conference policy.
DataSource string Specifies where the policy information are stored.
AllowService boolean Specifies whether to allow dail-in conferencing.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
EwsAllowEntourage boolean Specifies whether to enable or disable Entourage 2008 to access Exchange Web Services (EWS) for the entire organization.
EnableOutlookEvents boolean Specifies whether Outlook or Outlook on the web (formerly known as Outlook Web App) automatically discovers events from email messages and adds them to user calendars.
IsTenantInGracePeriod boolean Description pending.
IntuneManagedStatus boolean Description pending.
DefaultAuthenticationPolicy string Specifies the authentication policy that's used for the whole organization. You can use any value that uniquely identifies the policy.
CompassEnabled boolean Description pending.
MapiHttpEnabled boolean Enables or disables access to mailboxes in Outlook by using MAPI over HTTP.
ACLableSyncedObjectEnabled boolean Specifies whether remote mailboxes in hybrid environments are stamped as ACLableSyncedMailboxUser.
MicrosoftExchangeRecipientReplyRecipient string Specifies the recipient that should receive messages sent to the Exchange recipient. Typically, you would configure a mailbox to receive the messages sent to the Exchange recipient.
IsAddressListPagingEnabled boolean Description pending.
ManagedFolderHomepage string Specifies the URL of the web page that's displayed when users click the Managed Folders folder in Outlook. If a URL isn't specified, Outlook doesn't display a managed folders home page.
HierarchicalAddressBookRoot string Specifies the user, contact, or group to be used as the root organization for a hierarchical address book in the Exchange organization. You can use any value that uniquely identifies the recipient.
IsGuidPrefixedLegacyDnDisabled boolean Description pending.
ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled boolean Enables or disables the inactivity interval for automatic logoff for single sign-on in Outlook on the Web.
ForwardSyncLiveIdBusinessInstance boolean Description pending.
AppsForOfficeEnabled boolean Specifies whether to enable apps for Outlook features. By default, the parameter is set to true. If the flag is set to false, no new apps can be activated for any user in the organization.
PublicFoldersEnabled string Specifies how public folders are deployed in your organization. This parameter uses one of the following values. Local: The public folders are deployed locally in your organization. Remote: The public folders are deployed in the remote forest. None: No public folders are deployed for this organization.
Identity string Specifies the name of the OrganizationConfig.
DataInsightsFlag number Description pending.
ConnectorsActionableMessagesEnabled boolean Specifies whether to enable or disable actionable buttons in messages (connector cards) from connected apps on Outlook on the web.
MailboxDataEncryptionEnabled boolean Description pending.
GroupsCreationEnabled boolean Description pending.
PublicFolderMailboxesMigrationComplete boolean Is used during public folder migration. true: Queued messages are rerouted to the new destination. false (This is the default value).
DefaultPublicFolderMovedItemRetention string Specifies how long items that have been moved between mailboxes are kept in the source mailbox for recovery purposes before being removed by the Public Folder Assistant.
DistributionGroupDefaultOU string Specifies the container where distribution groups are created by default.
EndUserDLUpgradeFlowsDisabled boolean Specifies whether to prevent users from upgrading their own distribution groups to Microsoft 365 Groups in an Exchange Online organization.
MailTipsMailboxSourcedTipsEnabled boolean Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled.
MatchSenderOrganizerProperties boolean Available only in the cloud-based service. Description pending.
WebSuggestedRepliesDisabled boolean Specifies whether to enable or disable Suggested Replies in Outlook on the web. This feature provides suggested replies to emails so users can easily and quickly respond to messages.
DefaultGroupAccessType string Specifies the default access type for Microsoft 365 Groups. Valid values are: Public. Private (this is the default value).
SCLJunkThreshold number Specifies the spam confidence level (SCL) threshold. Messages with an SCL greater than the value that you specify for the SCLJunkThreshold parameter are moved to the Junk Email folder. Valid values are integers from 0 through 9, inclusive.
ExternalCloudAccessEnabled boolean Description pending.
DefaultPublicFolderProhibitPostQuota string Specifies the size of a public folder at which users are notified that the public folder is full. Users can't post to a folder whose size is larger than the DefaultPublicFolderProhibitPostQuota parameter value.
MaxInformationBarrierBridges number Description pending.
EwsAllowMacOutlook boolean Enables or disables access to mailboxes by Outlook for Mac clients that use Exchange Web Services
PublicComputersDetectionEnabled boolean Specifies whether Outlook on the web will detect when a user signs from a public or private computer or network, and then enforces the attachment handling settings from public networks.
AppsForOfficeCorpCatalogAppsCount number Description pending.
BookingsAuthEnabled boolean Specifies whether to enforce authentication to access all published Bookings pages.
BookingsPhoneNumberEntryRestricted boolean Specifies whether phone numbers can be collected from Bookings customers.
ConnectorsEnabledForYammer boolean Specifies whether to enable or disable connected apps on Yammer.
DisableMailboxForSubstrateOnlyFinished boolean Description pending.
ReadTrackingEnabled boolean Specifies whether the tracking for read status for messages in an organization is enabled.
BookingsNamingPolicyPrefix string Available only in the cloud-based service. Description pending.
DisplayName string Display name of OrganizationConfig.
FindTimeLockPollForAttendeesEnabled boolean Controls whether the Lock poll for attendees setting is managed by the organization.
RmsoSubscriptionStatus string Description pending.
IsGroupFoldersAndRulesEnabled boolean Available only in the cloud-based service. Description pending.
IPListBlocked list<string> Specifies the blocked IP addresses that aren't allowed to connect to Exchange Online organization. Valid values are: Single IP address. IP address range. Classless InterDomain Routing (CIDR) IP address range.
ConnectorsEnabledForTeams boolean Specifies whether to enable or disable connected apps on Teams.
GuestsEnabled boolean If true, guest group members will be able to access group content.
UpgradeIBInProgress boolean Description pending.
SharePointUrl string Description pending.
PublicFolderMigrationComplete boolean Is used during public folder migration. When you set the PublicFolderMigrationComplete parameter to true, transport starts rerouting the queued messages to a new destination. The default value is false.
ForeignForestRecipientAdminUSGSid string Description pending.
ResourceAddressLists list<string> Description pending.
IsJitEnabled boolean Description pending.
IsDualWriteEnabled boolean Description pending.
InformationBarriersRestrictPeopleSearch boolean Description pending.
HybridConfigurationStatus string Description pending.
RootPublicFolderMailbox object Description pending.
 CanUpdate boolean Description pending.
 HierarchyMailboxGuid string Description pending.
 LockedForMigration boolean Indicates if the public folder hierarchy is locked or not.
 IsValid boolean Specifies if RootPublicFolderMailbox is valid.
ForeignForestViewOnlyAdminUSGSid string Description pending.
TenantRelocationsAllowed boolean Description pending.
GroupsNamingPolicy string Description pending.
IsValid boolean The validity for the OrganizationConfig.
BookingsNamingPolicySuffix string Available only in the cloud-based service. Description pending.
MicrosoftExchangeRecipientPrimarySmtpAddress string Specifies the primary return SMTP email address for the Exchange recipient. If the MicrosoftExchangeRecipientEmailAddressPolicyEnabled parameter is set to true, you can't use the MicrosoftExchangeRecipientPrimarySmtpAddress parameter.
MessageRemindersEnabled boolean Enables or disables the message reminders feature in the organization.
FocusedInboxOn boolean Enables or disables Focused Inbox for the organization.
DefaultMinutesToReduceShortEventsBy number Specifies the number of minutes to reduce calendar events by if the events are less than 60 minutes long. A valid value is an integer from 0 to 29. The default value is 5.
ForeignForestOrgAdminUSGSid string Description pending.
InformationBarrierMode string Description pending.
IsDehydrated boolean Description pending.
OutlookGifPickerDisabled boolean Disables the GIF Search (powered by Bing) feature that's built into the Compose page in Outlook on the web.
MailTipsAllTipsEnabled boolean True if mail tips are enabled.
userMailboxAuditEnabled boolean If true, mailbox auditing is enabled for all user mailboxes.
InformationBarriersEnforcementEnabled boolean Description pending.
DefaultMinutesToReduceLongEventsBy number Specifies the number of minutes to reduce calendar events by if the events are 60 minutes or longer. A valid value is an integer from 0 to 29. The default value is 10.
DistributionGroupNameBlockedWordsList list<string> Specifies words that can't be included in the Display Name values of distribution groups that are created by users.
MaxConcurrentMigrations string Specifies the maximum number of concurrent migrations that your organization can configure at any specific time.
OrganizationPrivacyStatementLink string Description pending.
GuestsUsageGuidelinesLink string Description pending.
MobileAppEducationEnabled boolean Specifies whether to show or hide the Outlook for iOS and Android education reminder in Outlook on the web (formerly known as Outlook Web App).
AdfsSignCertificateThumbprints list<string> Specifies one or more X.509 token-signing certificates that are used for AD FS claims-based authentication. This parameter uses certificate thumbprint values (GUIDs) to identify the certificates.
HiddenMembershipGroupsCreationEnabled boolean Description pending.
AdfsAudienceUris list<string> Specifies one or more external URLs that are used for Active Directory Federation Services (AD FS) claims-based authentication. For example, the external Outlook on the web and external Exchange admin center (EAC) URLs.
RecallReadMessagesEnabled boolean Available only in the cloud-based service. Description pending.
OfficeGraphActivitySharingOrgOptout boolean Description pending.
ConnectorsEnabledForOutlook boolean Specifies whether to enable or disable connected apps in Outlook on the web.
AutoExpandingArchiveEnabled boolean Description pending.
BookingsSearchEngineIndexDisabled boolean Available only in the cloud-based service. Description pending.
RealTimeLogServiceEnabled boolean Description pending.
ForeignForestFQDN list<string> Description pending.
OutlookPayEnabled boolean Enables or disables Microsoft Pay in the Microsoft 365 organization.
AllowedMailboxRegions list<string> Description pending.
AutodiscoverPartialDirSync boolean Is for scenarios where tenants have Directory Synced some of their Active Directory users into the cloud, but still have on-premises Exchange users that are not Directory Synced. Setting this parameter to true will cause unknown users to be redirected to the on-premises endpoint and will allow on-premises users to discover their mailbox automatically. Online email addresses will be susceptible to enumeration. We recommend full Directory Sync for all Active Directory users and leaving this parameter with the default false.
IsProcessEhaMigratedMessagesEnabled boolean Description pending.
SendFromAliasEnabled boolean Allows mailbox users to send messages using aliases (proxy addresses). It does this by disabling the rewriting of aliases to their primary SMTP address. This change is implemented in the Exchange Online service. At the same time, Outlook clients are making changes to natively support aliases for sending and receiving messages. Even without an updated client, changes in behavior may be seen for users using any email client as the setting affects all messages sent and received by a mailbox.
EwsBlockList list<string> Specifies the applications that aren't allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EnforceBlockList. All other applications that aren't specified by this parameter are allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.
SmtpActionableMessagesEnabled boolean Specifies whether to enable or disable action buttons in email messages in Outlook on the web.
IsEopTrialEnabled boolean Description pending.
DistributionGroupNamingPolicy string Specifies the additional text that's applied to the Display Name value of distribution groups created by users. You can require a prefix, a suffix, or both. The prefix and suffix can be text strings, user attribute values from the person who created the group, or a combination of text strings and attributes.
WebPushNotificationsDisabled boolean Specifies whether to enable or disable Web Push Notifications in Outlook on the Web. This feature provides web push notifications which appear on a user's desktop while the user is not using Outlook on the Web. This brings awareness of incoming messages while they are working elsewhere on their computer.
DefaultPublicFolderAgeLimit string Specifies the default age limit for the contents of public folders across the entire organization. Content in a public folder is automatically deleted when this age limit is exceeded. This attribute applies to all public folders in the organization that don't have their own AgeLimit setting.
ActivityBasedAuthenticationTimeoutEnabled boolean Enables or disables the inactivity interval for automatic logoff in Outlook on the web (formerly known as Outlook Web App).
MessageRecallEnabled boolean Available only in the cloud-based service. Description pending.
LeanPopoutEnabled boolean Specifies whether to enable faster loading of pop-out messages in Outlook on the web for Internet Explorer and Microsoft Edge.
MicrosoftExchangeRecipientEmailAddresses list<string> Specifies one or more email addresses for the recipient. All valid Microsoft Exchange email address types may be used. You can specify multiple values for this parameter as a comma-delimited list. If the MicrosoftExchangeRecipientEmailAddressPolicyEnabled parameter is set to true, the email addresses are automatically generated by the default email address policy. This means you can't use the MicrosoftExchangeRecipientEmailAddresses parameter.
ConnectorsEnabledForSharepoint boolean Specifies whether to enable or disable connected apps on SharePoint.
PreviousAdminDisplayVersion string Description pending.
AzurePremiumSubscriptionStatus boolean Description pending.
BasicAuthBlockedApps string Description pending.
AllowedMailboxRegionsLastUpdateTime number Description pending.
BookingsEnabledLastUpdateTime number Description pending.
GroupsCreationWhitelistedId string Description pending.
SiteMailboxCreationURL string Specifies the URL that's used to create site mailboxes. Site mailboxes improve collaboration and user productivity by allowing access to both SharePoint documents and Exchange email in Outlook 2013 or later.
IsExcludedFromOnboardMigration boolean Specifies that no new moves from your on-premises organization to the cloud are permitted. When this flag is set, no onboarding move requests are allowed.
GroupsUsageGuidelinesLink string Description pending.
ComplianceMLBgdCrawlEnabled boolean Available only in the cloud-based service. Description pending.
BookingsNamingPolicyPrefixEnabled boolean Available only in the cloud-based service. Description pending.
BookingsEnabled boolean If true, the entire origanization will be able to use Microsoft Bookings.
BookingsNamingPolicySuffixEnabled boolean Available only in the cloud-based service. Description pending.
Name string Name of OrganizationConfig.
BookingsSmsMicrosoftEnabled boolean Available only in the cloud-based service. Description pending.
LinkPreviewEnabled boolean Specifies whether link preview of URLs in email messages is allowed for the organization.
IsMixedMode boolean Description pending.
AllowToAddGuests boolean If true, group owners will be allowed to add people outside of the organization to Microsoft365 Groups as guests.
ConnectorsEnabled boolean Specifies whether to enable or disable all connected apps in organization.
DefaultMailboxRegionLastUpdateTime number Description pending.
OrganizationId string The identifier for the Exchange organization.
InPlaceHolds list<string> Description pending.
IsUpdatingServicePlan boolean Description pending.
PublicFolderShowClientControl boolean Enables or disables access to public folders in Microsoft Outlook.
BookingsAddressEntryRestricted boolean Specifies whether addresses can be collected from Bookings customers.
BookingsBlockedWordsEnabled boolean Available only in the cloud-based service. Description pending.
IsGroupMemberAllowedToEditContent boolean Available only in the cloud-based service. Description pending.
WorkspaceTenantEnabled boolean Enables or disables workspace booking in the organization.
CustomerFeedbackEnabled boolean Specifies whether the Exchange server is enrolled in the Microsoft Customer Experience Improvement Program.
BlockMoveMessagesForGroupFolders boolean Available only in the cloud-based service. Description pending.
EwsApplicationAccessPolicy string Specifies the client applications that have access to EWS and REST. Valid values are: EnforceAllowList: Only applications specified by the EwsAllowList parameter are allowed to access EWS and REST. Access by other applications is blocked. EnforceBlockList: All applications are allowed to access EWS and REST, except for the applications specified by the EwsBlockList parameter.
MaxInformationBarrierSegments number Description pending.
ShortenEventScopeDefault string Specifies whether calendar events start late or end early in the organization. Valid values are: 0 or None: Calendar events in the organization don't automatically start late or end early. This is the default value. 1 or EndEarly: By default, the end time of all calendar events is reduced by the number of minutes as specified by the values of the DefaultMinutesToReduceLongEventsBy and DefaultMinutesToReduceShortEventsBy parameters. 2 or StartLate: By default, the start time of all calendar events is delayed by the number of minutes as specified by the values of the DefaultMinutesToReduceLongEventsBy and DefaultMinutesToReduceShortEventsBy parameters.
OutlookTextPredictionDisabled boolean Available only in the cloud-based service. Description pending.
DefaultDataEncryptionPolicy string Description pending.
ElcProcessingDisabled boolean Specifies whether to enable or disable the processing of mailboxes by the Managed Folder Assistant.
id string id of the OrganizationConfig.
ServicePlan string Description pending.
IsExcludedFromOffboardMigration boolean Specifies that no new moves from the cloud to your on-premises organization are permitted. When this flag is set, no offboarding move requests are allowed.
IsMIPLabelForGroupsEnabled boolean Description pending.
PublicFolderMailboxesLockedForNewConnections boolean Specifies whether users are allowed to make new connections to public folder mailboxes.
DefaultMailboxRegion string The default mailbox region of the organization.
BookingsPaymentsEnabled boolean Specifies whether to enable the online payment node inside Bookings.
DefaultPublicFolderDeletedItemRetention string Specifies the default value of the length of time to retain deleted items for public folders across the entire organization. This attribute applies to all public folders in the organization that don't have their own RetainDeletedItemsFor attribute set.
BookingsCreationOfCustomQuestionsRestricted boolean Specifies whether Bookings admins can add custom questions.
Heuristics string Description pending.
RemotePublicFolderMailboxes list<string> Specifies the identities of the public folder objects (represented as mail user objects locally) corresponding to the public folder mailboxes created in the remote forest. The public folder values set here are used only if the public folder deployment is a remote deployment.
MaskClientIpInReceivedHeadersEnabled boolean Available only in the cloud-based service. Description pending.
ExchangeNotificationRecipients list<string> Specifies the recipients for Exchange notifications sent to administrators regarding their organizations. If the ExchangeNotificationEnabled parameter is set to false, no notification messages are sent. Be sure to enclose values that contain spaces in quotation marks (") and separate multiple values with commas.
ActivityBasedAuthenticationTimeoutInterval string Specifies the period of inactivity that causes an automatic logoff in Outlook on the web.
FindTimeAttendeeAuthenticationEnabled boolean Controls whether attendees are required to verify their identity in meeting polls using the FindTime Outlook add-in.
ForestConfigVersion string Description pending.
DefaultPublicFolderIssueWarningQuota string Specifies the default value across the entire organization for the public folder size at which a warning message is sent to this folder's owners, warning that the public folder is almost full. This attribute applies to all public folders within the organization that don't have their own warning quota attribute set. The default value of this attribute is unlimited.
IsComplianceTrialEnabled boolean Description pending.
DisablePlusAddressInRecipients boolean Specifies whether to enable or disable plus addressing (also known as subaddressing) for Exchange Online mailboxes.
OnlineMeetingsByDefaultEnabled boolean Specifies whether to set all meetings as Teams or Skype for Business by default during meeting creation. Valid values are: true: All meetings are online by default. false: All meetings are not online by default. null: If the organization value has not been specified, the default behavior is for meetings to be online.
DirectReportsGroupAutoCreationEnabled boolean Specifies whether to enable or disable the automatic creation of direct report Microsoft 365 Groups.
Industry string Specifies the industry that best represents your organization.
BookingsSocialSharingRestricted boolean Specifies whether users can see the social sharing options inside Bookings.
BookingsExposureOfStaffDetailsRestricted boolean Specifies whether the attributes of internal Bookings staff members (for example, email addresses) are visible to external Bookings customers.
EwsAllowList list<string> Specifies the applications that are allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EwsAllowList. Other applications that aren't specified by this parameter aren't allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.
MimeTypes list<string> Description pending.
SharedDomainEmailAddressFlowEnabled boolean Available only in the cloud-based service. Description pending.
MessageHighlightsEnabled boolean Available only in the cloud-based service. Description pending.
ExchangeNotificationEnabled boolean Enables or disables Exchange notifications sent to administrators regarding their organizations.
IsMailboxForcedReplicationDisabled boolean Description pending.
MailTipsExternalRecipientsTipsEnabled boolean True if external recipient mail tips are enabled.
MailTipsGroupMetricsEnabled boolean True if mail tips group metrics are enabled.
RPSEnabled boolean Description pending.
VisibleMeetingUpdateProperties string Specifies whether meeting message updates will be auto-processed on behalf of attendees. Auto-processed updates are applied to the attendee's calendar item, and then the meeting message is moved to the deleted items. The attendee never sees the update in their inbox, but their calendar is updated.
FindTimeAutoScheduleDisabled boolean Controls automatically scheduling the meeting once a consensus is reached in meeting polls using the FindTime Outlook add-in. Valid values are: true: Reaching a consensus for the meeting time doesn't automatically schedule the meeting, and the meeting organizer can't change this setting (Off). false: By default, reaching a consensus for the meeting time doesn't automatically schedule the meeting, but meeting organizer is allowed to turn on this setting.
EwsEnabled boolean specifies whether to globally enable or disable EWS access for the entire organization, regardless of what application is making the request. Valid values are: true: All EWS access is enabled. false: All EWS access is disabled. null (blank): The setting isn't configured. Access to EWS is controlled individually by the related EWS parameters (for example EwsAllowEntourage). This is the default value.
ReleaseTrack string Description pending.
IsUpgradingOrganization boolean Description pending.
AuditDisabled boolean Specifies whether to disable or enable mailbox auditing for the organization.
InformationBarriersManagementEnabled boolean Description pending.
IsLicensingEnforced boolean Description pending.
BookingsMembershipApprovalRequired boolean Enables a membership approval requirement when new staff members are added to Bookings calendars.
DefaultPublicFolderMaxItemSize string Specifies the default maximum size for posted items within public folders across the entire organization. Items larger than the value of the DefaultPublicFolderMaxItemSize parameter are rejected. This attribute applies to all public folders within the organization that don't have their own MaxItemSize attribute set. The default value of this attribute is unlimited.
AdfsIssuer string Specifies URL of the AD FS server that's used for AD FS claims-based authentication. This is the URL where AD FS relying parties send users for authentication.
PrivateCatalogAppsCount number Description pending.
WACDiscoveryEndpoint string Specifies the discovery endpoint for Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server) for all mailboxes in the organization.
TargetServicePlan string Description pending.
AsyncSendEnabled boolean Specifies whether to enable or disable async send in Outlook on the web.
BookingsNotesEntryRestricted boolean Specifies whether appointment notes can be collected from Bookings customers.
LegacyExchangeDN string Description pending.
BookingsNamingPolicyEnabled boolean Available only in the cloud-based service. Description pending.
PublicFoldersLockedForMigration boolean Specifies whether users are locked out from accessing down level public folder servers. When you set the PublicFoldersLockedForMigration parameter to true, users are locked out from accessing down level public folder servers. This is used for public folder migration during final stages. The default value is false, which means that the user is able to access public folder servers.
OrganizationSummary list<string> Specifies a summarized description that best represents your organization.
ByteEncoderTypeFor7BitCharsets number Specifies the 7-bit transfer encoding method for MIME format for messages sent to this remote domain. The valid values for this parameter are: 0: Always use default 7-bit transfer encoding for HTML and plain text. 1: Always use QP (quoted-printable) encoding for HTML and plain text. 2: Always use Base64 encoding for HTML and plain text. 5: Use QP encoding for HTML and plain text unless line wrapping is enabled in plain text. If line wrapping is enabled, use 7-bit encoding for plain text. 6: Use Base64 encoding for HTML and plain text, unless line wrapping is enabled in plain text. If line wrapping is enabled in plain text, use Base64 encoding for HTML, and use 7-bit encoding for plain text. 13: Always use QP encoding for HTML. Always use 7-bit encoding for plain text. 14: Always use Base64 encoding for HTML. Always use 7-bit encoding for plain text.
MailTipsLargeAudienceThreshold number This setting defines a "large audience" in your tenant. If an email is about to be sent to a large audience, a mail tip will be shown to alert the user.
OAuth2ClientProfileEnabled boolean Whether OAuth 2.0 is enabled.
nonUserMailboxAuditEnabled boolean If true, all non-user mailboxes have audit enabled. Otherwise, at least 1 non-user mailbox has auditing disabled. You can get this information from PowerShell using the command `Get-Mailbox -Filter 'AuditEnabled -eq $false -and RecipientTypeDetails -ne "UserMailbox" -and RecipientTypeDetails -ne "SharedMailbox"' -ResultSize 1 | Select-Object Id, Name, AuditEnabled`
FindTimeOnlineMeetingOptionDisabled boolean Controls the availability of the Online meeting checkbox for Teams or Skype in meeting polls using the FindTime Outlook add-in.
OutlookMobileGCCRestrictionsEnabled boolean Specifies whether to enable or disable features within Outlook for iOS and Android that are not FedRAMP compliant for Microsoft 365 US Government Community Cloud (GCC) customers.
MicrosoftExchangeRecipientEmailAddressPolicyEnabled boolean Specifies whether the default email address policy is automatically applied to the Exchange recipient. The default value is true. If this parameter is set to true, Exchange automatically adds new email addresses to the Exchange recipient when email address policies are added or modified in the Exchange organization. If this parameter is set to false, you must manually add new email addresses to the Exchange recipient when email address policies are added or modified.
OcmGroupId string Description pending.
EwsAllowOutlook boolean Enables or disables access to mailboxes by Outlook clients that use Exchange Web Services. Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing.
IsTenantAccessBlocked boolean Description pending.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Enabled boolean Whether this OrganizationRelationship is enabled or not.
DomainNames list<string> A list of domain names in that are part of this OrganizationRelationship.
Identity string The id of this OrganizationRelationship.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ConnectorType string The type of connector. Can be "Partner" or "OnPremises".
IsValid boolean Whether or not this OutboundConnector is valid.
SmartHosts list<string> The SmartHosts parameter specifies the smart host that the Outbound connector uses to route mail.
RouteAllMessagesViaOnPremises boolean The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system in hybrid organizations.
ValidationRecipients list<string> The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector.
Enabled boolean Whether this OutboundConnector is enabled or not.
UseMXRecord boolean The UseMXRecord parameter enables or disables DNS routing for the connector.
RecipientDomains list<string> The RecipientDomains parameter specifies the domains that the Outbound connector routes mail to. You can specify multiple domains separated by commas.
TlsDomain string The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can not embed a wildcard character, as shown in the following example: domain.*.contoso.com
CloudServicesMailEnabled boolean The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers.
AllAcceptedDomains boolean The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization.
TestMode boolean The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector.
IsValidated boolean The IsValidated parameter specifies whether the Outbound connector has been validated.
Identity string The id of this OutboundConnector.
TlsSettings string The TlsSettings parameter specifies the TLS authentication level that is used for outbound TLS connections established by this Outbound connector.
IsTransportRuleScoped boolean The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule).
SenderRewritingEnabled boolean The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for traffic to on-premises. This parameter is only effective for OnPremises connectors as Partner connectors already have SRS rewriting enabled.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
RulesEnabled boolean Specifies whether a user can view, create, or modify server-side rules in Outlook on the web.
ForceWacViewingFirstOnPrivateComputers boolean Specifies whether private computers must first preview an Office file as a web page in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server) before opening the file in the local application.
MessagePreviewsDisabled boolean Description pending.
UserVoiceEnabled boolean Specifies whether to enable or disable Outlook UserVoice in Outlook on the web. Outlook UserVoice is a customer feedback area that's available in Microsoft 365.
UseISO885915 boolean Specifies whether to use the character set ISO8859-15 instead of ISO8859-1 in Outlook on the web.
OneWinNativeOutlookEnabled boolean Controls the availability of the new Outlook for Windows App.
ForceSaveAttachmentFilteringEnabled boolean Specifies whether files are filtered before they can be saved from Outlook on the web.
AdditionalStorageProvidersAvailable boolean If False, additional storage providers (such as Box, DropBox, etc.) in Outlook on the Web will be restricted.
JunkEmailEnabled boolean Specifies whether the Junk Email folder and junk email management are available in Outlook on the web.
WebReadyDocumentViewingSupportedMimeTypes list<string> This is a read-only parameter that can't be modified; use the WebReadyMimeTypes parameter instead.
AllowedFileTypes list<string> Specifies the attachment file types (file extensions) that can be saved locally or viewed from Outlook on the web.
LocalEventsEnabled boolean Specifies whether local events calendars are available in Outlook on the web.
OutlookBetaToggleEnabled boolean Specifies whether to enable or disable the Outlook on the web Preview toggle. The Preview toggle allows users to try the new Outlook on the web experience.
WeatherEnabled boolean Specifies whether to enable or disable weather information in the calendar in Outlook on the web.
ForceWacViewingFirstOnPublicComputers boolean Specifies whether public computers must first preview an Office file as a web page in Office Online Server before opening the file in the local application.
WacViewingOnPublicComputersEnabled boolean Specifies whether to enable or disable web viewing of supported Office documents in public computer sessions in Office Online Server.
WebReadyFileTypes list<string> Specifies the attachment file types (file extensions) that can be viewed by WebReady Document Viewing in Outlook on the web.
AllowedMimeTypes list<string> Specifies the MIME extensions of attachments that allow the attachments to be saved locally or viewed from Outlook on the web.
AllowCopyContactsToDeviceAddressBook boolean Specifies whether users can copy the contents of their Contacts folder to a mobile device's native address book when using Outlook on the web for devices.
GroupCreationEnabled boolean Specifies whether Microsoft 365 Group creation is available in Outlook and Outlook on the web.
InstantMessagingType string Specifies the type of instant messaging provider in Outlook on the web. Valid values are: None: This is the default value in on-premises Exchange. Ocs: Lync or Skype (formerly known as Office Communication Server). This is the default value in Exchange Online.
SMimeEnabled boolean Specifies whether users can download the S/MIME control for Outlook Web App and use it to read and compose signed and encrypted messages.
NotesEnabled boolean Specifies whether the Notes folder is available in Outlook on the web.
RemindersAndNotificationsEnabled boolean Specifies whether notifications and reminders are enabled in Outlook on the web.
GlobalAddressListEnabled boolean Specifies whether the global address list is available in Outlook on the web.
id string id of the OwaMailboxPolicy
PublicFoldersEnabled boolean Specifies whether a user can browse or read items in public folders in Outlook Web App.
SignaturesEnabled boolean Specifies whether to enable or disable the use of signatures in Outlook on the web.
PredictedActionsEnabled boolean Description pending.
AllowedOrganizationAccountDomains list<string> Available only in the cloud-based service. Description pending.
SetPhotoURL string Controls where users go to select their photo. Note that you can't specify a URL that contains one or more picture files, as there is no mechanism to copy a URL photo to the properties of the users' Exchange Online mailboxes.
WebPartsFrameOptionsType string Specifies what sources can access web parts in IFRAME or FRAME elements in Outlook on the web. Valid values are: None: There are no restrictions on displaying Outlook on the web content in a frame. SameOrigin: This is the default value and the recommended value. Display Outlook on the web content only in a frame that has the same origin as the content. Deny: Blocks display of Outlook on the web content in a frame, regardless of the origin of the site attempting to access it.
SkipCreateUnifiedGroupCustomSharepointClassification boolean Specifies whether to skip a custom SharePoint page during the creation of Microsoft 365 Groups in Outlook on the web.
ReportJunkEmailEnabled boolean Specifies whether users can report messages as junk or not junk to Microsoft in Outlook on the web.
PrintWithoutDownloadEnabled boolean Specifies whether to allow printing of supported files without downloading the attachment in Outlook on the web.
TeamsnapCalendarsEnabled boolean Specifies whether to allow users to connect to their personal TeamSnap calendars in Outlook on the web.
RecoverDeletedItemsEnabled boolean Specifies whether a user can use Outlook Web App to view, recover, or delete permanently items that have been deleted from the Deleted Items folder.
ForceWebReadyDocumentViewingFirstOnPublicComputers boolean Specifies whether Public computers must first preview an Office file as a web page in WebReady Document Viewing before opening the file from Outlook Web App.
UserDiagnosticEnabled boolean Description pending.
ItemsToOtherAccountsEnabled boolean Available only in the cloud-based service. Description pending.
TextMessagingEnabled boolean Specifies whether users can send and receive text messages in Outlook on the web.
ExternalImageProxyEnabled boolean Specifies whether to load all external images through the Outlook external image proxy.
FacebookEnabled boolean If False, Facebook contact synchronization is disabled.
OrganizationEnabled boolean When the OrganizationEnabled parameter is set to false, the Automatic Reply option doesn't include external and internal options, the address book doesn't show the organization hierarchy, and the Resources tab in Calendar forms is disabled. The default value is true.
ForceWebReadyDocumentViewingFirstOnPrivateComputers boolean Secifies whether private computers must first preview an Office file as a web page in WebReady Document Viewing before opening the file from Outlook Web App.
WacEditingEnabled boolean Specifies whether to enable or disable editing documents in Outlook on the web by using Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server).
UMIntegrationEnabled boolean Specifies whether Unified Messaging (UM) integration is enabled in Outlook on the web.
UseGB18030 boolean Specifies whether to use the GB18030 character set instead of GB2312 in Outlook on the web.
OWALightEnabled boolean Controls the availability of the light version of Outlook on the web.
DirectFileAccessOnPublicComputersEnabled boolean Specifies the left-click options for attachments in Outlook on the web for public computer sessions.
ThemeSelectionEnabled boolean Specifies whether users can change the theme in Outlook on the web.
PersonalAccountsEnabled boolean Available only in the cloud-based service. Description pending.
BlockedFileTypes list<string> Specifies a list of attachment file types (file extensions) that can't be saved locally or viewed from Outlook on the web.
ConditionalAccessFeatures list<string> Description pending.
InternalSPMySiteHostURL string Specifies the My Site Host URL for internal users (for example, https://sp01.contoso.com).
OnSendAddinsEnabled boolean Specifies whether to enable or disable on send add-ins in Outlook on the web (add-ins that support events when a user clicks Send).
ReferenceAttachmentsEnabled boolean Specifies whether users can attach files from the cloud as linked attachments in Outlook on the web.
SaveAttachmentsToCloudEnabled boolean Specifies whether users can save regular email attachments to the cloud.
DirectFileAccessOnPrivateComputersEnabled boolean Specifies the left-click options for attachments in Outlook on the web for private computer sessions.
ForceSaveFileTypes list<string> Specifies the attachment file types (file extensions) that can only be saved from Outlook on the web (not opened).
IsValid boolean The validity for the OwaMailboxPolicy.
SearchFoldersEnabled boolean Specifies whether Search Folders are available in Outlook on the web.
OutboundCharset string Specifies the character set that's used for outgoing messages in Outlook on the web. Valid values are: AutoDetect: Examine the first 2 kilobytes (KB) of text in the message to determine the character set that's used in outgoing messages. This is the default value. AlwaysUTF8: Always use UTF-8 encoded Unicode characters in outgoing messages, regardless of the detected text in the message, or the user's language choice in Outlook on the web. Use this value if replies to UTF-8 encoded messages aren't being encoded in UTF-8. UserLanguageChoice: Use the user's language choice in Outlook on the web to encode outgoing messages.
WebReadyDocumentViewingOnPrivateComputersEnabled boolean Specifies whether WebReady Document Viewing is available in private computer sessions.
ChangeSettingsAccountEnabled boolean Is functional only in the cloud-based service. Description pending.
FeedbackEnabled boolean Specifies whether to enable or disable inline feedback surveys in Outlook on the web.
ExplicitLogonEnabled boolean Specifies whether to allow a user to open someone else's mailbox in Outlook on the web (provided that user has permissions to the mailbox).
CalendarEnabled boolean Specifies whether to enable or disable the calendar in Outlook Web App.
PhoneticSupportEnabled boolean Specifies phonetically spelled entries in the address book. This parameter is available for use in Japan.
DisplayPhotosEnabled boolean Specifies whether users see sender photos in Outlook on the web.
WebReadyMimeTypes list<string> Specifies the MIME extensions of attachments that allow the attachments to be viewed by WebReady Document Viewing in Outlook on the web.
AdditionalAccountsEnabled boolean Available only in the cloud-based service. Description pending.
WacViewingOnPrivateComputersEnabled boolean Specifies whether to enable or disable web viewing of supported Office documents private computer sessions in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server).
Identity string Specifies the Outlook on the web mailbox policy that you want to modify.
SilverlightEnabled boolean Specifies whether a user can use Microsoft Silverlight features in Outlook Web App.
BookingsMailboxCreationEnabled boolean Allows you disable Microsoft Bookings.
ConditionalAccessPolicy string Specifies the Outlook on the Web Policy for limited access. For this feature to work properly, you also need to configure a Conditional Access policy in the Azure Active Directory Portal. Valid values are: Off: No conditional access policy is applied to Outlook on the web. This is the default value. ReadOnly: Users can't download attachments to their local computer, and can't enable Offline Mode on non-compliant computers. They can still view attachments in the browser. ReadOnlyPlusAttachmentsBlocked: All restrictions from ReadOnly apply, but users can't view attachments in the browser.
WacExternalServicesEnabled boolean Specifies whether to enable or disable external services when viewing documents in Outlook on the web (for example, machine translation) by using Office Online Server.
BookingsMailboxDomain string Is available only in the cloud-based service. Description pending.
InstantMessagingEnabled boolean Specifies whether instant messaging is available in Outlook on the web. This does not affect chat capabilities provided by Skype for Business or Teams.
DelegateAccessEnabled boolean Specifies whether delegates can use Outlook on the web or Outlook Web App to open folders that they have delegate access to.
JournalEnabled boolean Specifies whether the Journal folder is available in Outlook on the web.
WebReadyDocumentViewingOnPublicComputersEnabled boolean Specifies whether WebReady Document Viewing is in public computer sessions.
ActionForUnknownFileAndMIMETypes string Specifies how to handle file types that aren't specified in the Allow, Block, and Force Save lists for file types and MIME types. Valid values are: Allow (This is the default value.) ForceSave. Block.
SpellCheckerEnabled boolean Specifies whether to enable or disable the built-in Outlook Web App spell checker in the full version of Outlook Web App.
ActiveSyncIntegrationEnabled boolean Specifies whether to enable or disable Exchange ActiveSync settings in Outlook on the web.
ProjectMocaEnabled boolean Enables or disables access to Project Moca in Outlook on the web.
PlacesEnabled boolean Specifies whether to enable or disable Places in Outlook on the web. Places lets users search, share, and map location details by using Bing.
BlockedMimeTypes list<string> Specifies MIME extensions in attachments that prevent the attachments from being saved locally or viewed from Outlook on the web.
ContactsEnabled boolean Specifies whether to enable or disable Contacts in Outlook Web App.
LogonAndErrorLanguage number Specifies the language that used in Outlook on the web for forms-based authentication and for error messages when a user's current language setting can't be read.
SatisfactionEnabled boolean Specifies whether to enable or disable the satisfaction survey.
InterestingCalendarsEnabled boolean Specifies whether interesting calendars are available in Outlook on the web
IRMEnabled boolean Specifies whether Information Rights Management (IRM) features are available in Outlook on the web.
WebReadyDocumentViewingForAllSupportedTypes boolean Specifies whether to enable WebReady Document Viewing for all supported file and MIME types.
PremiumClientEnabled boolean Controls the availability of the full version of Outlook Web App.
ClassicAttachmentsEnabled boolean Specifies whether users can attach local files as regular email attachments in Outlook on the web.
ExternalSPMySiteHostURL string Specifies the My Site Host URL for external users (for example, https://sp01.contoso.com).
DefaultTheme string Specifies the default theme that's used in Outlook on the web when the user hasn't selected a theme.
SMimeSuppressNameChecksEnabled boolean Specifies whether to suppress name check in S/MIME messages. You don't need to specify a value with this switch.
ShowOnlineArchiveEnabled boolean Available only in the cloud-based service. Description pending.
SetPhotoEnabled boolean Specifies whether users can add, change, and remove their sender photo in Outlook on the web.
NpsSurveysEnabled boolean Specifies whether to enable or disable the Net Promoter Score (NPS) survey in Outlook on the web. The survey allows users to rate Outlook on the web on a scale of 1 to 5, and to provide feedback and suggested improvements in free text.
TasksEnabled boolean Specifies whether Tasks folder is available in Outlook Web App.
ForceSaveMimeTypes list<string> Specifies the MIME extensions in attachments that only allow the attachments to be saved locally (not opened).
LinkedInEnabled boolean If False, LinkedIn contact synchronization is disabled.
PersonalAccountCalendarsEnabled boolean Specifies whether to allow users to connect to their personal Outlook.com or Google Calendar in Outlook on the web.
WebReadyDocumentViewingSupportedFileTypes list<string> This is a read-only parameter that can't be modified; use the WebReadyFileTypes parameter instead.
ThirdPartyFileProvidersEnabled boolean Description pending.
WacOMEXEnabled boolean Specifies whether to enable or disable apps for Outlook in Outlook on the web in Office Online Server.
AllAddressListsEnabled boolean Specifies which address lists are available in Outlook on the web.
ChangePasswordEnabled boolean Specifies whether users can change their passwords from inside Outlook on the web.
IsDefault boolean Specifies whether the Outlook on the web policy is the default policy that's used to configure the Outlook on the web settings for new mailboxes.
AllowOfflineOn string Specifies when Outlook Web App in offline mode is available for supported web browsers. Valid values are: PrivateComputersOnly: Offline mode is available in private computer sessions. By default in Exchange 2013 or later and Exchange Online, all Outlook on the web sessions are considered to be on private computers. In Exchange 2013 or later, users can only specify public computer sessions if you've enabled the private/public selection on the sign in page (the LogonPagePublicPrivateSelectionEnabled parameter value is $true on the Set-OwaVirtualDirectory cmdlet). NoComputers: Offline mode is disabled. AllComputers: Offline mode is available for public and private computer sessions.
Name string Name of the OwaMailboxPolicy
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Name string Name of the Quarantine policy, e.g. "DefaultFullAccessPolicy".
ESNEnabled boolean The ESNEnabled parameter specifies whether to enable quarantine notifications (formerly known as end-user spam notifications) for the policy.
EndUserQuarantinePermissions list<object> List of end user quarantine permissions.
 isEnabled boolean Is permission enabled.
 name string Permission name.
QuarantinePolicyType string Type of quarantine policy.
QuarantineRetentionDays number Retention of quarantine policy in days.
Identity string Specifies the name, distinguished name (DN), or GUID of the quarantine policy.
IsValid boolean Whether this QuarantinePolicy is valid or not.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
DomainName string The remote domain that is being configured. "*" represents any remote domain. The default Remote Domain setting in an O365 account has the name "Default" and domain "*".
AutoForwardEnabled boolean If False, AutoForwarding of email to this remote domain will not be allowed.
Name string The name of the Remote Domain asset. The default Remote Domain on an O365 account has name "Default", and domain "*".
ATTRIBUTE TYPE REFERS TO DESCRIPTION
id string The unique identifier for this retention policy.
Name string Unique name for the retention policy.
IsValid boolean Whether the retention policy is valid.
IsDefaultArbitrationMailbox boolean Whether default retention policy for arbitration mailboxes in Exchange Online organization.
Identity string Specifies the name, distinguished name (DN),or GUID of the retention policy.
RetentionId string The identity of the retention policy to ensure mailboxes moved from an on-premises Exchange deployment to the cloud continue to have the same retention policy applied to them.
IsDefault boolean Whether the retention policy is the default retention policy.
RetentionPolicyTagLinks list<string> RetentionPolicyTag The RetentionPolicyTags associated.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Identity string Specifies the name of the tag.
RetentionEnabled boolean Specifies whether the tag is enabled. When set to False, the tag is disabled, and no retentionaction is taken on messages that have the tag applied.
RetentionAction string Specifies the action for the retention policy.
AgeLimitForRetention number Specifies the age at which retention is enforced on an item. The age limit corresponds to the number of days from the date the item was delivered,or the date an item was created if it wasn't delivered.
MessageClass string Specifies the message type to which the tag applies. If not specified, the default value is set to '*'.
RetentionId string Specifies an alternate tag ID to ensure the retention tag found on mailbox items tagged in one Exchangeorganization matches the tag when the mailbox is moved to another Exchange organization.
IsValid boolean Specifies whether the retention policy tag is valid.
LocalizedRetentionPolicyTagName list<string> Specifies localized tag names and their languages.
Comment string Specifies a comment for the tag.
id string The unique identifier for this retention policy tag.
IsPrimary boolean Specifies whether its primary retention policy tag.
SystemTag boolean Specifies that the tag is created for internal Exchange functionality.
Description string Specifies a Description for the tag.
LegacyManagedFolder string Specifies the name of a managed folder. The retention tag is created by using retention settings from the managed folder and its managed content settings. You can use this parameter to create retention tags based on existing managed folders to migrate users from managed folder mailbox policies to retention policies.
TriggerForRetention string Specifies the date that's considered as the start date of the retention period. An item can reach its retention limit a specific number of days after the item was delivered or after it was moved into a specific folder. Valid values include: WhenDelivered The item expires based on when it was delivered. WhenMoved The item expires based on the date it was moved. If this parameter isn't present and the RetentionEnabled parameter is set to $true, an error is returned.
MessageClassDisplayName string Specifies the message class display name.
RawRetentionId string Specifies the raw RetentionId.
Name string Specifies the name of the retention policy tag.
MustDisplayCommentEnabled boolean Specifies whether the comment can be hidden..
LocalizedComment list<string> Specifies localized comments and their languages.
MoveToDestinationFolder string Description pending.
Type string Specifies the type of retention tag being created.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Name string Name of the policy.
Description string Description of the role assignment policy.
IsDefault boolean True if this is the default role assignment policy.
IsValid boolean True if this is a valid role assignment policy.
AssignedRoles list<string> List of roles assigned to this policy. Some sample values are "My Custom Apps", "My Marketplace Apps", "My ReadWriteMailbox Apps".
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Redirect boolean Specifies whether to deliver messages that were identified by Safe Attachments as containing malware attachments to another email address.
id string id of the SafeAttachmentPolicy
Name string Name of the SafeAttachmentPolicy
IsBuiltInProtection boolean Description pending.
IsValid boolean The validity for the SafeAttachmentPolicy.
IsDefault boolean Whether the SafeAttachmentPolicy is the default policy.
QuarantineTag string Specifies the quarantine policy that's used on messages that are quarantined as malware by Safe Attachments.
EnableOrganizationBranding boolean Description pending.
RedirectAddress string Specifies the email address to deliver messages that were identified by Safe Attachments as containing malware attachments when the Redirect parameter is set to the value true.
Identity string The identifier for this policy.
Action string The Action parameter specifies the action for the safe attachment policy. Valid values are: Allow: Deliver the message if malware is detected in the attachment and track scanning results. This value corresponds to Monitor for the Safe Attachments unknown malware response property of the policy in the admin center. Block: Block the email message that contains the malware attachment. This is the default value. Replace: Deliver the email message, but remove the malware attachment and replace it with warning text. DynamicDelivery: Deliver the email message with a placeholder for each email attachment. The placeholder remains until a copy of the attachment is scanned and determined to be safe.
Enable boolean If true, the Action parameter specifies the action for the Safe Attachment policy. If false, Attachments are not scanned by Safe Attachments.
AdminDisplayName string Specifies a description for the policy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
IsValid boolean Whether SafeLinksPolicy is valid one.
RecommendedPolicyType string Used for Standard and Strict policy creation.
DeliverMessageAfterScan boolean Specifies whether to deliver email messages only after Safe Links scanning is complete.
DisableUrlRewrite boolean Specifies whether to rewrite (wrap) URLs in email message.
EnableOrganizationBranding boolean Specifies whether your organization's logo is displayed on Safe Links warning and notification pages..
EnableSafeLinksForTeams boolean Specifies whether Safe Links is enabled for Microsoft Teams.
TrackClicks boolean Specifies whether to track user clicks related to Safe Links protection of links.
ScanUrls boolean Specifies whether to enable or disable real-time scanning of clicked links in email messages.
AllowClickThrough boolean The AllowClickThrough parameter specifies whether to allow users to click through to the original URL on warning pages.
EnableSafeLinksForEmail boolean The EnableSafeLinksForEmail parameter specifies whether to enable Safe Links protection for email messages.
EnableSafeLinksForOffice boolean The EnableSafeLinksForOffice parameter specifies whether to enable Safe Links protection for Microsoft Office Apps.
DoNotRewriteUrls list<string> Specifies the URLs that are not rewritten by Safe Links scanning.
id string Unique ID of the SafeLinksPolicy.
EnableForInternalSenders boolean Specifies whether the Safe Links policy is applied to messages sent between internal senders and internal recipients within the same Exchange Online organization.
CustomNotificationText string Specifies the customized notification text to show to users.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
id string Combination of azureTenantId_createdDateTime.
azureTenantId string GUID string for tenant ID.
createdDateTime number The date when the entity is created.
maxScore number Tenant maximum possible score on specified date.
currentScore number Tenant current attained score on specified date.
controlScores list<object> Contains tenant scores for a set of controls.
 on boolean Indicate whether the policy is turned on.
 description string Description of the control.
 isEnforced boolean Whether this control score is enforced or not.
 scoreInPercentage number The current score as a percentage.
 count number Count of violated resources for this control
 implementationStatus string Description of current status, e.g. "You currently have 4 global admins".
 lastSynced number The datetime when last synced in epoch time.
 total number Number of applicable resources for this control
 reviewed number Unix timestamp.
 controlName string Unique name for the control.
 controlCategory string Control action category (Identity, Data, Device, Apps, Infrastructure).
 score number Tenant achieved score for the control (it varies day by day depending on tenant operations on the control).
 IsApplicable boolean Whether this control score is applicable or not.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
requireAcceptingAccountMatchInvitedAccount boolean If true, external users must accept sharing invitations using the same account that the invitations were sent to.
bccExternalSharingInvitations boolean When the feature is enabled, all external sharing invitations that are sent will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.
isFluidEnabled boolean Specifies whether Fluid Framework is enabled or not.
defaultSharingLinkType string Lets administrators choose what type of link appears is selected in the "Get a link" sharing dialog box in OneDrive for Business and SharePoint Online.
iPAddressAllowList string Comma separated list of allowed IP addresses or IP address ranges.
officeClientADALDisabled boolean When set to true this will disable the ability to use Modern Authentication that leverages ADAL across the tenant.
publicCdnEnabled boolean Enables or disables the public CDN.
showPeoplePickerSuggestionsForGuestUsers boolean Shows people picker suggestions for guest users.
stopNew2010Workflows boolean Prevents creation of new SharePoint 2010 classic workflows.
disableOutlookPSTVersionTrimming boolean Specifies whether Outlook PST version trimming is disabled or not.
notificationsInOneDriveForBusinessEnabled boolean Enables or disables notifications in OneDrive for Business.
oDBAccessRequests string Specifies if AccessRequests is On, Off or Unspecified for Onedrive for Business.
startASiteFormUrl string Specifies URL of the form to load in the Start a Site dialog.
allowEditing boolean Prevents users from editing Office files in the browser and copying and pasting Office file contents out of the browser window.
contentTypeSyncSiteTemplatesList list<string> When the feature is enabled, the Content Type Hub will push content types to OneDrive for Business sites.
coreRequestFilesLinkExpirationInDays number Specifies the number of days before a Request files link expires for all SharePoint sites (not including OneDrive sites).
markNewFilesSensitiveByDefault string If external sharing is turned on, sensitive content could be shared and accessed by guests before the Office DLP rule finishes processing, you can address this issue by configuring this parameter.
storageQuotaAllocated number Storage quota that is allocated for all sites in the tenant.
oneDriveForGuestsEnabled boolean Lets OneDrive for Business creation for administrator managed guest users. Administrator managed Guest users use credentials in the resource tenant to access the resources.
showOpenInDesktopOptionForSyncedFiles boolean The ShowOpenInDesktopOptionForSyncedFiles setting displays the "Open in desktop" option when users go to SharePoint or OneDrive on the web and open the shortcut menu for a file that they're syncing with the OneDrive sync app.
blockUserInfoVisibilityInOneDrive string Specifies block user info visibility in OneDrive.
defaultLinkPermission string Lets administrators choose the default permission of the link in the sharing dialog box in OneDrive for Business and SharePoint Online. This applies to anonymous access, internal and direct links.
stopNew2013Workflows boolean Prevents creation of new SharePoint 2013 classic workflows.
allowCommentsTextOnEmailEnabled boolean When this parameter is true, the email notification that a user receives when is mentioned, includes the surrounding document context.
displayNamesOfFileViewers boolean If true, file owners can see the names of people who viewed their files in OneDrive.
folderAnonymousLinkType string Type of anonymous access link of folders to allow recipients to only view or view and edit.
isCollabMeetingNotesFluidEnabled boolean Specifies whether CollabMeetingNotes Fluid Framework is enabled or not.
mediaTranscription string Defines the media transcription policy.
notificationsInSharePointEnabled boolean Enables or disables notifications in SharePoint.
allowedDomainListForSyncClient list<string> The list of allowed domains if "isUnManagedSyncClientForTenantRestricted" is set to True.
coreSharingCapability string Determines what level of sharing is available for SharePoint sites (not including OneDrive sites).
enableAutoNewsDigest boolean Enable or disable auto news digest.
externalServicesEnabled boolean Enables external services(services that are not in the Office 365 datacenters) for a tenant.
publicCdnOrigins list<string> Specifies a list of the Public CDN origins.
workflow2010Disabled boolean Specifies whether workflow 2010 is disabled or not.
sharingDomainRestrictionMode string The sharing domain restriction being used. Possible values are: "None", "AllowList", "BlockList".
blockAccessOnUnmanagedDevices boolean If true, unmanaged devices will not be allowed access to SharePoint. Note only one of the allowLimitedAccessOnUnmanagedDevices and blockAccessOnUnmanagedDevices settings can be true at the same time. If both settings are false, then all devices, unmanaged or not, will have full access to SharePoint.
blockUserInfoVisibilityInSharePoint string Specifies block user info visibility in SharePoint.
iPAddressEnforcement boolean Allows access from network locations that are defined by an administrator.
blockSendLabelMismatchEmail boolean When a sensitivity label mismatch occurs between the label on the document uploaded and the label on the site, SharePoint Online captures an audit record, and sends an Incompatible sensitivity label detected email notification to the person who uploaded the document and the site owner. The notification contains details of the document which caused the problem and the label assigned to the document and to the site. The comparison happens between the priority of these two labels.
disabledWebPartIds list<string> Allows administrators to prevent certain web parts from being added to pages or rendering on pages on which they were previously added.
oneDriveRequestFilesLinkEnabled boolean Enable or disable the Request files link on the OneDrive partition for all OneDrive sites.
oneDriveStorageQuota number Specifies a default OneDrive for Business storage quota for the tenant. It will be used for new OneDrive for Business sites created.
provisionSharedWithEveryoneFolder boolean Creates a Shared with Everyone folder in every user's new OneDrive for Business document library.
searchResolveExactEmailOrUPN boolean Removes the search capability from People Picker. This also does not allow SharePoint users to search for security groups or SharePoint groups.
showEveryoneClaim boolean Enables the administrator to hide the Everyone claim in the People Picker.
reduceTempTokenLifetimeValue number Specifies the session timeout value for temporary URLs. The value can be in between 5 and 15 minutes and the default value is 15 minutes.
sharingCapability string Specifies what level of sharing is available for the site.
sharingAllowedDomainList list<string> List of domains that resources are allowed to be shared with, if "sharingDomainRestrictionMode" = "AllowList"
blockMacSync boolean If True, MacOS devices cannot sync files from OneDrive / SharePoint.
notifyOwnersWhenInvitationsAccepted boolean If true, OneDrive owners will receive a notification when external users accept invitations to access files.
conditionalAccessPolicyErrorHelpLink string A Link for help when Conditional Access Policy blocks a user.
externalUserExpireInDays number Specifies the number of days before an external user will expire and be removed from the site collection if the policy is enabled. Value can be from 30 to 730 days.
iPAddressWACTokenLifetime number Allows to set the session timeout. If you are a tenant administrator and you begin IP address enforcement for OneDrive for Business in Office 365, this enforcement automatically activates a tenant parameter IPAddressWACTokenLifetime. The default value is 15 minutes, when IP Address Enforcement is True.
showPeoplePickerGroupSuggestionsForIB boolean The ShowPeoplePickerGroupSuggestionsForIB setting allows showing group suggestions for information barriers (IBs) in the People Picker.
storageQuota number Storage quota that is available for all sites in the tenant.
syncPrivacyProfileProperties boolean Specifies whether privacy profile properties synced or not.
legacyAuthProtocolsEnabled boolean If False, basic authentication and other legacy authentication mechanisms are not allowed for this SharePoint tenant.
coreRequestFilesLinkEnabled boolean Enable or disable the Request files link on the core partition for all SharePoint sites (not including OneDrive sites). If this value is not set, Request files will only show for OneDrives with Anyone links enabled.
blockDownloadLinksFileType string Specifies the type of files that can be displayed when the block download links feature is being used.
resourceQuota number Resource quota that is available for all sites in the tenant.
viewInFileExplorerEnabled boolean Enables or disables the ability to use View in Explorer in Microsoft Edge (93) or above.
anyoneLinkTrackUsers boolean Specifies whether anyone links should track link users.
fileAnonymousLinkType string Type of anonymous access link of files to allow recipients to only view or view and edit.
emailAttestationReAuthDays number The number of days for email attestation re-authentication. Value can be from 1 to 365 days.
oDBMembersCanShare string Specifies if MembersCanShare is On, Off or Unspecified for Onedrive for Business.
displayStartASiteOption boolean If false, the site creation command will be hidden in SharePoint.
specialCharactersStateInFileFolderNames string Permits the use of special characters in file and folder names in SharePoint Online and OneDrive for Business document libraries.
allowGuestUserShareToUsersNotInSiteCollection boolean This setting will allow guests to share to users not in the site.
disableSpacesActivation boolean Specifies whether activation of spaces are disabled or not.
informationBarriersSuspension boolean Specifies whether information barriers suspensed or not.
limitedAccessFileType string Allows users to preview only Office files in the browser. This option increases security, but may be a barrier to user productivity.
disallowInfectedFileDownload boolean If True, files that ATP has detected as infected will not be allowed to be downloaded via SharePoint.
disableCustomAppAuthentication boolean Prevents apps using an Azure Access Control (ACS) app-only access token to access SharePoint.
externalUserExpirationRequired boolean Specifies whether to enable the external user expiration policy.
excludedFileExtensionsForSyncClient list<string> The list of excluded file extensions when syncing OneDrive files.
reduceTempTokenLifetimeEnabled boolean Enables reduced session timeout for temporary URLs used by apps for document download scenarios.
socialBarOnSitePagesDisabled boolean The Social Bar will appear on all modern SharePoint pages with the exception of the home page of a site. It will give users the ability to like a page, see the number of views, likes, and comments on a page, and see the people who have liked a page.
userVoiceForFeedbackEnabled boolean Enables or disables the User Voice Feedback button.
disableBackToClassic boolean Specifies whether back to classic link is disabled in Modern UX.
disabledModernListTemplateIds list<string> An array of modern List template ids that are disabled on the tenant.
viewersCanCommentOnMediaDisabled boolean Controls whether viewers commenting on media items is disabled or not.
preventExternalUsersFromResharing boolean If True, external users will not be able to share files and folders unless they were the original owner of the resource.
orphanedPersonalSitesRetentionPeriod number Specifies the number of days after a user's Active Directory account is deleted that their OneDrive for Business content will be deleted.
applyAppEnforcedRestrictionsToAdHocRecipients boolean When the feature is enabled, all guest users are subject to conditional access policy. By default guest users who are accessing SharePoint Online files with pass code are exempt from the conditional access policy.
permissiveBrowserFileHandlingOverride boolean Enables the Permissive browser file handling. By default, the browser file handling is set to Strict.
allowOverrideForBlockUserInfoVisibility boolean Specifies whether to override block user info visibility.
filePickerExternalImageSearchEnabled boolean For Webparts that support inserting images, like for example Image or Hero webpart, the Web search (Powered by Bing) option will be available if enabled.
emailAttestationRequired boolean Sets email attestation to required.
oneDriveRequestFilesLinkExpirationInDays number Specifies the number of days before a Request files link expires for all OneDrive sites. The value can be from 0 to 730 days.
showEveryoneExceptExternalUsersClaim boolean Enables the administrator to hide the "Everyone except external users" claim in the People Picker.
oneDriveLoopSharingCapability string Specifies sharing capabilities of Onedrive loop.
useFindPeopleInPeoplePicker boolean This feature enables tenant admins to enable ODB and SPO to respect Exchange supports Address Book Policy (ABP) policies in the people picker.
displayNamesOfFileViewersInSpo boolean If true, file owners can see the names of people who viewed their files in SharePoint.
notifyOwnersWhenItemsReshared boolean If true, OneDrive owners will receive a notification when other users invite additional external users to shared files.
commentsOnListItemsDisabled boolean Disables or enables commenting functionality on list items.
compatibilityRange string Determines which compatibility range is available for new site collections
enableAzureADB2BIntegration boolean Enables the preview for OneDrive and SharePoint integration with Azure AD B2B.
enableGuestSignInAcceleration boolean Accelerates guest-enabled site collections as well as member-only site collections when the SignInAccelerationDomain parameter is set.
allowAnonymousMeetingParticipantsToAccessWhiteboards string Specifies whether to allow anonymous meeting participants to access whiteboards.
conditionalAccessPolicy string Specifies conditional access policy for the tenant.
enableAIPIntegration boolean This parameter enables SharePoint to process the content of files stored in SharePoint and OneDrive with sensitivity labels that include encryption.
requireAnonymousLinksExpireInDays number The number of days before an anonymous sharing link for a file expires. A value of -1 indicates no expiry.
allowLimitedAccessOnUnmanagedDevices boolean If true, unmanaged devices will only be allowed limited, web-only access to SharePoint. Note only one of the allowLimitedAccessOnUnmanagedDevices and blockAccessOnUnmanagedDevices settings can be true at the same time. If both settings are false, then all devices, unmanaged or not, will have full access to SharePoint.
bccExternalSharingInvitationsList string Specifies a list of e-mail addresses to be BCC'd when the BCC for External Sharing feature is enabled. Multiple addresses can be specified by creating a comma separated list with no spaces.
commentsOnSitePagesDisabled boolean Disables or enables commenting functionality on the site pages.
showAllUsersClaim boolean Enables the administrator to hide the All Users claim groups in People Picker.
sharingBlockedDomainList list<string> List of domains that resources will not be allowed to be shared with, if "sharingDomainRestrictionMode" = "BlockList"
isUnmanagedSyncClientForTenantRestricted boolean If True, file syncing for OneDrive / SharePoint will only be allowed on PCs joined to specific domains. (See property "allowedDomainListForSyncClient")
commentsOnFilesDisabled boolean Disables or enables commenting functionality on the files.
includeAtAGlanceInShareEmails boolean Enable or disable the At A Glance feature in sharing e-mails. This provides the key points and time to read for the shared item if available.
publicCdnAllowedFileTypes string Specifies public CDN allowed file types.
resourceQuotaAllocated number Resource quota that is allocated for all sites in the tenant.
signInAccelerationDomain string Specifies the home realm discovery value to be sent to Azure Active Directory (AAD) during the user sign-in process.
ownerAnonymousNotification boolean If true, OneDrive owners will receive a notification when an anonymous link is created or changed.
customizedExternalSharingServiceUrl string Specifies a URL that will be appended to the error message that is surfaced when a user is blocked from sharing externally by policy. This URL can be used to direct users to internal portals to request help or to inform them about your organization's policies. An example value is "https://www.contoso.com/sharingpolicies".
disablePersonalListCreation boolean Specifies whether personal list creation is disabled or not.
isWBFluidEnabled boolean Specifies whether Whiteboard is enabled or disabled for OneDrive for Business users. Whiteboard on OneDrive for Business is automatically enabled for applicable Microsoft 365 tenants but can be disabled.
labelMismatchEmailHelpLink string This parameter allows tenant admins to customize the "Help Link" in email with the subject "Incompatible sensitivity label detected."
noAccessRedirectUrl string Specifies the URL of the redirected site for those site collections which have the locked state "NoAccess."
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
sharingEnabled boolean The "enabled" setting from the PowerShell command. If "False", no calendar sharing is allowed with users outside of the O365 organization.
domains list<object> List of domains and what kind of calendar details can be shared with them.
 domain string Possible values are "*" (represents users outside of the o365 organization who have an o365 account), "Anonymous" (represents users outside of the o365 organization who do not have an o365 account).
 sharingAllowedDetails string Possible values are "CalendarSharingFreeBusySimple" (share free/busy hours only), "CalendarSharingFreeBusyDetail" (share free/busy hours, subject, and location), "CalendarSharingFreeBusyReviewer" (share free/busy hours, subject, location, and the body of the message or calendar item), "ContactsSharing" (share contacts only).
id string id of the SharingPolicy.
isDefault boolean True if this is the default sharing policy.
name string Name of the sharing policy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
OWAEncryptionAlgorithms string Specifies a list of symmetric encryption algorithms that are used by Outlook on the web to encrypt messages. Valid values are: 6601: DES (56-bit). 6602: RC2. Supported key lengths are 40, 56, 64, and 128. RC2 is the only supported algorithm that offers multiple key lengths. 6603: 3DES (168-bit). 660E: AES128. 660F: AES192. 6610: AES256 (This is the default value).
OWAIncludeCertificateChainAndRootCertificate boolean Specifies whether the certificate chains and root certificates of the signing or encryption certificates are included in the message in Outlook on the web.
OWAIncludeSMIMECapabilitiesInMessage boolean Specifies whether signed and encrypted messages in Outlook on the web include attributes that describe the supported encryption and signing algorithms.
SMIMEExpiredCertificateThumbprint string Description pending.
OWADisableCRLCheck boolean Enables or disables CRL checking in Outlook on the web. Valid values are: true: CRL checks are disabled when validating certificates. false: CRL checks are enabled when validating certificates.This is the default value.
SMIMECertificateIssuingCA list<string> Specifies the serialized certificate store (SST) that contains the Certificate Authority (CA) signing and intermediate certificate information.
IsValid boolean Whether the smime config is valid.
OWACRLRetrievalTimeout boolean Specifies the time in milliseconds that Outlook on the web waits to retrieve all CRLs when validating a certificate. VA valid value is an integer between 0 and 4294967295 (UInt32). The default value is 10000 (10 seconds).
OWAForceSMIMEClientUpgrade boolean Specifies whether or not users are forced to upgrade an S/MIME control that's older than their current version in Outlook on the web. true: Users need to download and install the new control before they can use S/MIME. This is the default value. false: Users receive a warning if the S/MIME control on their computer is not current, but they can still use S/MIME without updating the control.
OWASenderCertificateAttributesToDisplay string Controls which certificate attributes are displayed when signature verification proceeds despite a mismatch between the sender's email address and the email address in sender's certificate.
OWAUseKeyIdentifier boolean Specifies whether a certificate's key identifier is used to encode the asymmetrically encrypted token in Outlook on the web.
OWAUseSecondaryProxiesWhenFindingCertificates boolean Specifies whether alternative proxies are used during the certificate search in Outlook on the web.
SMIMECertificatesExpiryDate number Description pending.
OWAAllowUserChoiceOfSigningCertificate boolean Specifies whether to allow users to select the certificate to use when they digitally sign email messages in Outlook on the web.
OWABCCEncryptedEmailForking number Specifies how Bcc messages are encrypted in Outlook on the web. Valid values are: 0: One encrypted message per Bcc recipient. This is the default value. 1: One single encrypted message for all Bcc recipients. 2: One encrypted message without Bcc forking.
OWAEncryptTemporaryBuffers boolean Specifies whether the Outlook on the web client-side temporary message storage buffers are encrypted.
OWAOnlyUseSmartCard boolean Specifies whether smartcard-based certificates are required for Outlook on the web message signing and decryption.
id string The unique identifier for this smime config.
OWAAlwaysSign boolean Specifies whether all outgoing messages are automatically signed in Outlook on the web.
OWADLExpansionTimeout number Specifies the time in milliseconds that Outlook on the web waits when sending encrypted messages to members of a distribution group that requires expansion. A valid value is an integer between 0 and 4294967295 (UInt32). The default value is 60000 (60 seconds). If the operation doesn't complete in the time specified by this parameter, the operation fails and the message is not sent.
OWATripleWrapSignedEncryptedMail boolean Specifies whether signed and encrypted email messages in Outlook on the web are triple-wrapped. Valid values are: true: A signed message is encrypted, and then the encrypted message is signed (signed-encrypted-signed). false: A signed message is encrypted only (there is no additional signing of the encrypted message). This is the default value.
OWACRLConnectionTimeout number Specifies the time in milliseconds that Outlook on the web waits while connecting to retrieve a single CRL as part of a certificate validation operation. A valid value is an integer between 0 and 4294967295 (UInt32). The default value is 60000 (60 seconds).
OWAIncludeCertificateChainWithoutRootCertificate boolean Specifies whether the certificate chains of the signing or encryption certificates are included in messages in Outlook on the web. Valid values are: true: Signed or encrypted messages include the full certificate chain, but not the root certificate. false: Signed or encrypted messages include only the signing and encrypting certificates, not their corresponding certificate chains. This is the default value.
OWASignedEmailCertificateInclusion boolean Specifies whether the sender's encryption certificate is excluded from a signed email message in Outlook on the web. Valid values are: true: Outlook on the web and the S/MIME control include both signing and encrypting certificates with signed email messages. This is the default value. false: Outlook on the web and the S/MIME control do not include signing and encrypting certificates with signed email messages.
OWASigningAlgorithms string Specifies the list of symmetric encryption signing algorithms that are used by Outlook on the web to sign messages with the S/MIME control. Valid values are: 8003: CALG_MD5 or 128-bit MD5. 800E: CALG_SHA_512 or 512-bit Secure Hash Algorithm (SHA). 800D: CALG_SHA_384 or 384-bit SHA. 800C: CALG_SHA_256 or 256-bit SHA. 8004: SHA1 or 160-bit SHA-1 (This is the default value)
Name string Unique name for the smime config.
OWAAlwaysEncrypt boolean Specifies whether all outgoing messages are automatically encrypted in Outlook on the web.
OWACheckCRLOnSend boolean Specifies how the certificate revocation list (CRL) check is enforced when an email message is sent in Outlook on the web. Valid values are: true: When the CRL distribution point is inaccessible, Outlook on the web displays a warning dialog box and prevents signed or encrypted messages from being sent. false: When the CRL distribution point is inaccessible, Outlook on the web allows signed or encrypted messages to be sent. This is the default value.
OWAClearSign boolean Specifies how email messages are signed in Outlook on the web. Valid values are: true: Digitally signed messages are clear-signed. This is the default value. false: digitally signed messages are opaque-signed.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Enabled boolean Enables the browser idle sign-out policy.
SignOutAfter object Specifies a time interval of inactivity before the user gets signed out
 Days number Days
 Hours number Hours
 Milliseconds number Milliseconds
 Microseconds number Microseconds
 Nanoseconds number Nanoseconds
 Minutes number Minutes
 Ticks number Ticks
WarnAfter object Specifies a time interval of inactivity before the user gets a warning about being signed out.
 Minutes number Minutes
 Ticks number Ticks
 Days number Days
 Hours number Hours
 Milliseconds number Milliseconds
 Microseconds number Microseconds
 Nanoseconds number Nanoseconds
ATTRIBUTE TYPE REFERS TO DESCRIPTION
CommentsOnSitePagesDisabled boolean Disables or enables commenting functionality on the site pages
Owner string Gets or sets the login name of the site owner.
DisableAppViews string DisableAppViews
LockIssue string Gets a description of the lock issue.
OverrideTenantExternalUserExpirationPolicy boolean OverrideTenantExternalUserExpirationPolicy
Title string Gets or sets the title of the site.
DisableFlows string DisableFlows
ExternalUserExpirationInDays number ExternalUserExpirationInDays
GroupId string GroupId
IsTeamsConnected boolean IsTeamsConnected
SensitivityLabel string SensitivityLabel
SharingBlockedDomainList list<string> SharingBlockedDomainList
SocialBarOnSitePagesDisabled boolean Disables or enables the Social Bar.
CompatibilityLevel number Gets the compatibility level of the site.
PWAEnabled string PWAEnabled
ResourceUsageAverage number ResourceUsageAverage
StorageQuota number StorageQuota
Template string Gets or sets the web template name of the site.
WebsCount number Gets the number of [SPWeb] objects in the site.
SiteDefinedSharingCapability string SiteDefinedSharingCapability
LocaleId number LocaleId
LockState string Gets or sets the lock state of the site.
HubSiteId string HubSiteId
DefaultSharingLinkType string Lets administrators choose what type of link appears is selected in the "Get a link" sharing dialog box in OneDrive for Business and SharePoint Online.
InformationSegment string InformationSegment
ResourceQuota number ResourceQuota
SandboxedCodeActivationCapability string SandboxedCodeActivationCapability
StorageQuotaWarningLevel number StorageQuotaWarningLevel
AnonymousLinkExpirationInDays number AnonymousLinkExpirationInDays
BlockDownloadLinksFileType string ServerRendered (Office Only) and WebPreviewable (All supported files).
DisableSharingForNonOwnersStatus boolean DisableSharingForNonOwnersStatus
IsHubSite boolean IsHubSite
ResourceUsageCurrent number ResourceUsageCurrent
AllowDownloadingNonWebViewableFiles boolean AllowDownloadingNonWebViewableFiles
AllowEditing boolean Prevents users from editing Office files in the browser and copying and pasting Office file contents out of the browser window.
ConditionalAccessPolicy string ConditionalAccessPolicy
Description string Description of the Sharepoint Site
OwnerName string Name of Sharepoint Site owner
SharingDomainRestrictionMode string SharingDomainRestrictionMode
StorageQuotaType string StorageQuotaType
LimitedAccessFileType string Allows users to preview only Office files in the browser. This option increases security, but may be a barrier to user productivity.
ResourceQuotaWarningLevel number ResourceQuotaWarningLevel
SharingCapability string Determines what level of sharing is available for the site.
OverrideTenantAnonymousLinkExpirationPolicy boolean OverrideTenantAnonymousLinkExpirationPolicy
OwnerEmail string Email of Sharepoint Site owner
RestrictedToGeo string RestrictedToGeo
SharingAllowedDomainList list<string> SharingAllowedDomainList
Status string Gets the status of the site.
Url string Gets the URL of the site.
DefaultLinkToExistingAccess boolean DefaultLinkToExistingAccess
RelatedGroupId string RelatedGroupId
StorageUsageCurrent number StorageUsageCurrent
ShowPeoplePickerSuggestionsForGuestUsers boolean Shows people picker suggestions for guest users.
AllowSelfServiceUpgrade boolean Gets or sets a value that indicates whether a site supports self-service upgrade.
DefaultLinkPermission string Lets administrators choose the default permission of the link in the sharing dialog box in OneDrive for Business and SharePoint Online.
DenyAddAndCustomizePages string Gets or sets a value of the DenyAddAndCustomizePagesStatus enumeration for the site.
DisableCompanyWideSharingLinks string DisableCompanyWideSharingLinks
IsTeamsChannelConnected boolean IsTeamsChannelConnected
OwnerLoginName string Login name of Sharepoint Site owner
ProtectionLevelName string ProtectionLevelName
TeamsChannelType string TeamsChannelType
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowedDomainList list<string> Configure OneDrive to sync only on PCs that are joined to specific domains.
ExcludedFileExtensions list<string> Prevent users from uploading specific file types when they sync their OneDrive files.
OptOutOfGrooveBlock boolean Whether user is allowed to sync OneDrive for Business libraries with the old OneDrive for Business sync client.
OptOutOfGrooveSoftBlock boolean OptOutOfGrooveSoftBlock.
DisableReportProblemDialog boolean DisableReportProblemDialog
TenantRestrictionEnabled boolean TenantRestrictionEnabled.
BlockMacSync boolean Block Mac sync clients-- the Beta version and the new sync client (OneDrive.exe).
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Identity string Specifies the collection of tenant federation configuration settings to be modified. Because each tenant is limited to a single.
AllowedAcsResources list<string> The list of the ACS resources (at least one) for which federation is enabled, when EnableAcsUsers is set to true. If EnableAcsUsers is set to false, then this list is ignored and should be null/empty.
EnableAcsUsers boolean Set to True to enable federation between Teams and ACS. When set to False, all other parameters are ignored.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowTranscriptionForCalling boolean Determines whether post-call transcriptions are allowed. Set this to True to allow. Set this to False to prohibit.
AllowWebPSTNCalling boolean Allows PSTN calling from the Teams web client.
Copilot string Setting this parameter lets you control how Copilot is used during calls and if transcription is needed to be turned on and saved after the call.
InboundFederatedCallRoutingTreatment string Setting this parameter lets you control how inbound federated calls should be routed.
PopoutForIncomingPstnCalls string Setting this parameter allows you to control the tenant users' ability to launch an external website URL automatically in the browser window upon incoming PSTN calls for specific users or user groups. Valid options are Enabled and Disabled.
PreventTollBypass boolean Setting this parameter to True will send calls through PSTN and incur charges rather than going through the network and bypassing the tolls.
SpamFilteringEnabledType string Determines if spam detection is enabled for inbound PSTN calls.
AllowCallForwardingToPhone boolean Enables the user to configure in the Microsoft Teams client call forwarding or simultaneous ringing of inbound calls to any phone number.
AllowCallGroups boolean Enables the user to configure call groups in the Microsoft Teams client and that inbound calls should be routed to call groups.
AllowCloudRecordingForCalls boolean Determines whether cloud recording is allowed in a user's 1:1 Teams or PSTN calls. Set this to True to allow the user to be able to record 1:1 calls. Set this to False to prohibit the user from recording 1:1 calls.
AllowSIPDevicesCalling boolean Determines whether the user is allowed to use a SIP device for calling on behalf of a Teams client.
LiveCaptionsEnabledTypeForCalling string Determines whether real-time captions are available for the user in Teams calls.
Identity string Name of the policy instance being created.
AllowCallRedirect string Setting this parameter enables local call redirection for SIP devices connecting via the Microsoft Teams SIP gateway.
AllowDelegation boolean Enables the user to configure delegation in the Microsoft Teams client and that inbound calls to be routed to delegates; allows delegates to make outbound calls on behalf of the users for whom they have delegated permissions.
AllowVoicemail string Enables inbound calls to be routed to voicemail.
InboundPstnCallRoutingTreatment string Setting this parameter lets you control how inbound PSTN calls should be routed.
MusicOnHoldEnabledType string Setting this parameter allows you to turn on or turn off the music on hold when a caller is placed on hold.
AllowCallForwardingToUser boolean Enables the user to configure in the Microsoft Teams client call forwarding or simultaneous ringing of inbound calls to other users in your tenant.
AllowPrivateCalling boolean Controls all calling capabilities in Teams. Turning this off will turn off all calling functionality in Teams. If you use Skype for Business for calling, this policy will not affect calling functionality in Skype for Business.
BusyOnBusyEnabledType string Setting this parameter lets you configure how incoming calls are handled when a user is already in a call or conference or has a call placed on hold.
CallRecordingExpirationDays number Sets the expiration of the recorded 1:1 calls. Default is 60 days.
PopoutAppPathForIncomingPstnCalls string Setting this parameter allows you to set the PopoutForIncomingPstnCalls setting's URL path of the website to launch upon receiving incoming PSTN calls. This parameter accepts an HTTPS URL with less than 1024 characters. The URL can contain a {phone} placeholder that is replaced with the caller's PSTN number in E.164 format when launched.
Description string Enables administrators to provide explanatory text about the calling policy. For example, the Description might indicate the users to whom the policy should be assigned.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowEgnyte boolean Designates whether users are able to leverage Egnyte as a third party storage solution in Microsoft Teams. If true, users will be able to add Egnyte in the client and interact with the files stored there
AllowShareFile boolean Designates whether users are able to leverage Citrix ShareFile as a third party storage solution in Microsoft Teams. If true, users will be able to add Citrix ShareFile in the client and interact with the files stored there.
ResourceAccountContentAccess string Require a secondary form of authentication to access meeting content. Possible values: NoAccess, PartialAccess and FullAccess.
AllowBox boolean Designates whether users are able to leverage Box as a third party storage solution in Microsoft Teams. If true, users will be able to add Box in the client and interact with the files stored there.
AllowDropBox boolean Designates whether users are able to leverage DropBox as a third party storage solution in Microsoft Teams. If true, users will be able to add DropBox in the client and interact with the files stored there
AllowOrganizationTab boolean When set to true, users will be able to see the organizational chart icon other users contact cards, and when clicked, this icon will display the detailed organizational chart
ContentPin string This setting applies only to Skype for Business Online (not Microsoft Teams) and defines whether the user must provide a secondary form of authentication to access the meeting content from a resource device account. Meeting content is defined as files that are shared to the Content Bin - files that have been attached to the meeting. Possible Values: NotRequired, RequiredOutsideScheduleMeeting, AlwaysRequired . Default Value: RequiredOutsideScheduleMeeting.
RestrictedSenderList string Senders domains can be further restricted to ensure that only allowed SMTP domains can send emails to the Teams channels. This is a semicolon-separated string of the domains you'd like to allow to send emails to Teams channels.
AllowEmailIntoChannel boolean When set to true, mail hooks are enabled, and users can post messages to a channel by sending an email to the email address of Teams channel
AllowGoogleDrive boolean Designates whether users are able to leverage GoogleDrive as a third party storage solution in Microsoft Teams. If true, users will be able to add Google Drive in the client and interact with the files stored there
AllowResourceAccountSendMessage boolean Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the "from" party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed "anonymous" because it originated from the Surface Hub's device account. If set to true, these device accounts will be able to send chat messages in Skype for Business Online (does not apply to Microsoft Teams).
AllowSkypeBusinessInterop boolean When set to true, Teams conversations automatically show up in Skype for Business for users that aren't enabled for Teams.
Identity string The only valid value is Global - the tenant wide configuration
AllowGuestUser boolean Designates whether or not guest users in your organization will have access to the Teams client. If true, guests in your tenant will be able to access the Teams client. Note that this setting has a core dependency on Guest Access being enabled in your Office 365 tenant.
AllowRoleBasedChatPermissions boolean When set to True, Supervised Chat is enabled for the tenant.
AllowScopedPeopleSearchandAccess boolean If set to true, the Exchange address book policy (ABP) will be used to provide customized view of the global address book for each user. This is only a virtual separation and not a legal separation
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Enabled boolean Controls whether this Teams recording policy is active or not. Setting this to True and having the right set of ComplianceRecordingApplications will initiate automatic policy-based recording for all new calls and meetings of all Microsoft Teams users who are assigned this policy. Existing calls and meetings are unaffected. Setting this to False will stop automatic policy-based recording for any new calls or meetings of all Microsoft Teams users who are assigned this policy. Existing calls and meetings are unaffected.
Identity string Unique identifier to be assigned to the new Teams recording policy.
RecordReroutedCalls boolean Setting this attribute to true enables compliance recording for calls that have been re-routed from a compliance recording-enabled user. Supported call scenarios include forward, transfer, delegation, call groups, and simultaneous ring.
WarnUserOnRemoval boolean This parameter is reserved for future use.
ComplianceRecordingApplications list<string> A list of application instances of policy-based recording applications to assign to this policy. The Id of each of these application instances must be the ObjectId of the application instance as obtained by the Get-CsOnlineApplicationInstance cmdlet.
CustomBanner string References the Custom Banner text in the storage
Description string Enables administrators to provide explanatory text to accompany a Teams recording policy. For example, the Description might include information about the users the policy should be assigned to.
DisableComplianceRecordingAudioNotificationForCalls boolean Setting this attribute to true disables recording audio notifications for 1:1 calls that are under compliance recording.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Description string Enables administrators to provide explanatory text to accompany a Teams enhanced encryption policy. For example, the Description might include information about the users the policy should be assigned to.
Identity string Unique identifier assigned to the Teams enhanced encryption policy. Use the "Global" Identity if you wish to retrieve the policy set for the entire tenant.
MeetingEndToEndEncryption string Determines whether end-to-end encrypted meetings are available in Teams (requires a Teams Premium license). Set this to DisabledUserOverride to allow users to schedule end-to-end encrypted meetings. Set this to Disabled to prohibit.
CallingEndtoEndEncryptionEnabledType string Determines whether end-to-end encrypted calling is available for the user in Teams. Set this to DisabledUserOverride to allow user to turn on end-to-end encrypted calls. Set this to Disabled to prohibit.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowWebinars string This setting governs if a user can create webinars using Teams Events. Possible values are: Enabled, Disabled.
Description string Enables administrators to provide explanatory text to accompany a Teams Events policy.
Identity string Unique identifier assigned to the Teams Events policy.
TownhallChatExperience string This setting governs whether the user can enable the Comment Stream chat experience for Town Halls. Possible values are: Optimized, None.
AllowedQuestionTypesInRegistrationForm string This setting governs which users in a tenant can add which registration form questions to an event registration page for attendees to answer when registering for the event. Possible values are: DefaultOnly, DefaultAndPredefinedOnly, AllQuestions.
AllowedTownhallTypesForRecordingPublish string This setting describes how IT admins can control which types of Town Hall attendees can have their recordings published. Possible values are: None, InviteOnly, EveryoneInCompanyIncludingGuests, Everyone.
AllowEmailEditing string This setting governs if a user is allowed to edit the communication emails in Teams Town Hall or Teams Webinar events. Possible values are: Enabled, Disabled
AllowEventIntegrations boolean This setting governs access to the integrations tab in the event creation workflow. Possible values true, false.
AllowedWebinarTypesForRecordingPublish string This setting describes how IT admins can control which types of webinar attendees can have their recordings published. Possible values are: None, InviteOnly, EveryoneInCompanyIncludingGuests, Everyone.
AllowTownhalls string This setting governs if a user can create town halls using Teams Events. Possible values are: Enabled, Disabled.
EventAccessType string This setting governs which users can access the event registration page or the event site to register. It also governs which user type is allowed to join the session/s in the event. Possible values are: Everyone, EveryoneInCompanyExcludingGuests.
UseMicrosoftECDN boolean This setting governs whether the admin disables this property and prevents the organizers from creating town halls that use Microsoft eCDN even though they have been assigned a Teams Premium license.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowPrivateCalling boolean Designates whether guests who have been enabled for Teams can use calling functionality. If $false, guests cannot call.
Identity string Specifies name of guest calling configuration, The only option is Global.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ScreenSharingMode string Determines the mode in which guests can share a screen in calls or meetings. can set to allow SingleApplication or EntireScreen else Disable screen sharing.
AllowIPVideo boolean Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow guests to share their video. Set this to FALSE to prohibit guests from sharing their video
AllowMeetNow boolean Determines whether guests can start ad-hoc meetings. Set this to TRUE to allow guests to start ad-hoc meetings. Set this to FALSE to prohibit guests from starting ad-hoc meetings.
AllowTranscription boolean Determines whether post-meeting captions and transcriptions are allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.
Identity string Specifies the name of guest meeting configuration, The only input allowed is "Global".
LiveCaptionsEnabledType string Determines whether real-time captions are available for guests in Teams meetings. Set this to DisabledUserOverride to allow guests to turn on live captions. Set this to Disabled to prohibit.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowUserDeleteChat boolean Turn this setting on to allow users to permanently delete their one-on-one chat, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat). Set this to TRUE to allow. Set this to FALSE to prohibit.
AllowUserDeleteMessage boolean Determines if a user is allowed to delete their own messages.
AllowUserEditMessage boolean Determines if a user is allowed to edit their own messages.
Identity string Specifies the name of Teams Guest Messaging Configuration
AllowImmersiveReader boolean Determines if immersive reader for viewing messages is enabled.
AllowMemes boolean Determines if memes are available for use.
AllowStickers boolean Determines if stickers are available for use.
AllowUserChat boolean Determines if a user is allowed to chat.
GiphyRatingType string Determines Giphy content restrictions. Default value is "Moderate", other options are "NoRestriction" and "Strict".
AllowGiphy boolean Determines if Giphy images are available.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ClientAppSharingPort number Determines the starting port number for client screen sharing or application sharing. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50040.
ClientMediaPortRangeEnabled boolean Determines whether custom media port and range selections need to be enforced. When set to True, clients will use the specified port range for media traffic. When set to False (the default value) for any available port (from port 1024 through port 65535) will be used to accommodate media traffic.
HelpURL string URL to a website where users can obtain assistance on joining the meeting.This would be included in the meeting invite.
Identity string Name of the meeting configuration.
LogoURL string URL to a logo image. This would be included in the meeting invite.
ClientAudioPortRange number Determines the total number of ports available for client audio. Default value is 20.
ClientVideoPort number Determines the starting port number for client video. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50020.
CustomFooterText string Text to be used on custom meeting invitations.
LegalURL string URL to a website containing legal information and meeting disclaimers. This would be included in the meeting invite.
ClientAudioPort number Determines the starting port number for client audio. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50000.
ClientVideoPortRange number Determines the total number of ports available for client video. Default value is 20.
DisableAnonymousJoin boolean Determines whether anonymous users are blocked from joining meetings in the tenant. Set this to TRUE to block anonymous users from joining. Set this to FALSE to allow anonymous users to join meetings.
EnableQoS boolean Determines whether Quality of Service Marking for real-time media (audio, video, screen/app sharing) is enabled in the tenant. Set this to TRUE to enable and FALSE to disable.
ClientAppSharingPortRange number Determines the total number of ports available for client sharing or application sharing. Default value is 20.
DisableAppInteractionForAnonymousUsers boolean Determines if anonymous users can interact with apps in meetings. Set to TRUE to disable App interaction.
FeedbackSurveyForAnonymousUsers string Determines if anonymous participants receive surveys to provide feedback about their meeting experience. Set to Disabled to disable anonymous meeting participants to receive surveys. Set to Enabled to allow anonymous meeting participants to receive surveys.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AttendeeIdentityMasking string his setting will allow admins to enable or disable Masked Attendee mode in Meetings. Masked Attendee meetings will hide attendees' identifying information (e.g., name, contact information, profile photo). Possible Values: Enabled(Hides attendees' identifying information in meetings), Disabled(Does not allow attendees' to hide identifying information in meetings).
ExplicitRecordingConsent string This setting will enable Tenant Admins to turn on/off Explicit Recording Consent feature. Possible Values: Enabled(Turns on the Explicit Recording Consent feature) and Disabled(Turns off the Explicit Recording Consent feature).
LiveCaptionsEnabledType string Determines whether real-time captions are available for the user in Teams meetings. Set this to DisabledUserOverride to allow user to turn on live captions. Set this to Disabled to prohibit.
UsersCanAdmitFromLobby string This policy controls who can admit from the lobby.
AllowAvatarsInGallery boolean If admins disable avatars in 2D meetings, then users cannot represent themselves as avatars in the Gallery view. This does not disable avatars in Immersive view.
AllowIPAudio boolean Determines whether audio is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their audio. Set this to FALSE to prohibit the user from sharing their audio.
AllowParticipantGiveRequestControl boolean Determines whether participants can request or give control of screen sharing during meetings scheduled by this user. Set this to TRUE to allow the user to be able to give or request control. Set this to FALSE to prohibit the user from giving, requesting control in a meeting.
AllowPSTNUsersToBypassLobby boolean Determines whether a PSTN user joining the meeting is allowed or not to bypass the lobby. If you set this parameter to True, PSTN users are allowed to bypass the lobby as long as an authenticated user is joined to the meeting.
WatermarkForCameraVideoPattern string Allows the pattern design of watermark to be customizable
AllowMeetingCoach boolean This setting will allow admins to allow users the option of turning on Meeting Coach during meetings, which provides users with private personalized feedback on their communication and inclusivity. If set to True, then users will see and be able to click the option for turning on Meeting Coach during calls. If set to False, then users will not have the option to turn on Meeting Coach during calls.
AutoRecording string This setting will enable Tenant Admins to turn on/off auto recording feature.
ExternalMeetingJoin string Determines whether the user is allowed to join external meetings. Possible values are: EnabledForAnyone, EnabledForTrustedOrgs, and Disabled.
WatermarkForCameraVideoOpacity number Allows the transparency of watermark to be customizable
AutomaticallyStartCopilot string This setting gives admins the ability to auto-start Copilot. Possible values are: Enabled and Disabled.
VoiceIsolation string Determines whether you provide support for your users to enable voice isolation in Teams meeting calls. Possible values are: Enabled(default), Disabled.
CaptchaVerificationForMeetingJoin string Require a verification check for meeting join.
ConnectToMeetingControls string Allows external connections of third-party apps to Microsoft Teams. Possible values are: Enabled and Enabled.
ScreenSharingMode string Determines the mode in which a user can share a screen in calls or meetings. Set this to SingleApplication to allow the user to share an application at a given point in time. Set this to EntireScreen to allow the user to share anything on their screens. Set this to Disabled to prohibit the user from sharing their screens.
WatermarkForScreenSharingOpacity number Allows the transparency of watermark to be customizable
AllowAnonymousUsersToDialOut boolean Determines whether anonymous users are allowed to dial out to a PSTN number. Set this to TRUE to allow anonymous users to dial out. Set this to FALSE to prohibit anonymous users from dialing out.
AllowMeetNow boolean Determines whether a user can start ad-hoc meetings. Set this to TRUE to allow a user to start ad-hoc meetings. Set this to FALSE to prohibit the user from starting ad-hoc meetings.
AllowScreenContentDigitization boolean This parameter is reserved for internal Microsoft use.
AllowTasksFromTranscript string This policy setting allows for the extraction of AI-Assisted Action Items/Tasks from the Meeting Transcript
BlockedAnonymousJoinClientTypes list<string> A user can join a Teams meeting anonymously using a Teams client or using a custom application built using Azure Communication Services. When anonymous meeting join is enabled, both types of clients may be used by default. This optional parameter can be used to block one of the client types that can be used. The allowed values are ACS (to block the use of Azure Communication Services clients) or Teams (to block the use of Teams clients). Both can also be specified, separated by a comma, but this is equivalent to disabling anonymous join completely.
DesignatedPresenterRoleMode string Determines if users can change the default value of the Who can present? setting in Meeting options in the Teams client. This policy setting affects all meetings, including Meet Now meetings. Possible values are: EveryoneUserOverride(All meeting participants can be presenters. This is the default value. This parameter corresponds to the Everyone setting in Teams), EveryoneInCompanyUserOverride(Authenticated users in the organization, including guest users, can be presenters. This parameter corresponds to the People in my organization setting in Teams), EveryoneInSameAndFederatedCompanyUserOverride(Authenticated users in the organization, including guest users and users from federated organizations, can be presenters. This parameter corresponds to the People in my organization and trusted organizations setting in Teams), OrganizerOnlyUserOverride(Only the meeting organizer can be a presenter and all meeting participants are designated as attendees. This parameter corresponds to the Only me setting in Teams).
VideoFiltersMode string Determines the background effects that a user can configure in the Teams client. Possible values are: NoFilters, BlurOnly, BlurAndDefaultBackgrounds, AllFilters.
AllowCloudRecording boolean Determines whether cloud recording is allowed in a user's meetings. Set this to TRUE to allow the user to be able to record meetings. Set this to FALSE to prohibit the user from recording meetings.
AllowExternalParticipantGiveRequestControl boolean Determines whether external participants can request or give control of screen sharing during meetings scheduled by this user. Set this to TRUE to allow the user to be able to give or request control. Set this to FALSE to prohibit an external user from giving or requesting control in a meeting.
AllowPowerPointSharing boolean Determines whether Powerpoint sharing is allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.
AllowWhiteboard boolean Determines whether whiteboard is allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.
AllowPrivateMeetingScheduling boolean Determines whether a user can schedule private meetings. Set this to TRUE to allow a user to schedule private meetings. Set this to FALSE to prohibit the user from scheduling private meetings. Note: This only restricts from scheduling and not from joining a meeting scheduled by another user.
DetectSensitiveContentDuringScreenSharing boolean Allows the admin to enable sensitive content detection during screen share.
NewMeetingRecordingExpirationDays number Specifies the number of days before meeting recordings will expire and move to the recycle bin. Value can be from 1 to 99,999 days. Value can also be -1 to set meeting recordings to never expire.
AllowTranscription boolean Determines whether post-meeting captions and transcriptions are allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.
ParticipantNameChange string This setting will enable Tenant Admins to turn on/off participant renaming feature. Possible Values: Enabled(Turns on the Participant Renaming feature) and Disabled(Turns off the Participant Renaming feature)
ChannelRecordingDownload string Controls how channel meeting recordings are saved, permissioned, and who can download them. Possible values: Allow (Saves channel meeting recordings to a "Recordings" folder in the channel. The permissions on the recording files will be based on the Channel SharePoint permissions. This is the same as any other file uploaded for the channel) and Block (Saves channel meeting recordings to a "Recordings\View only" folder in the channel. Channel owners will have full rights to the recordings in this folder, but channel members will have read access without the ability to download).
IPVideoMode string Determines whether video can be turned on in meetings and group calls. Set this to ENABLEDOUTGOINGINCOMING to allow outgoing and incoming video in the meeting. Set this to DISABLED to prohibit outgoing and incoming video in the meeting.
MediaBitRateKb number Determines the media bit rate for audio/video/app sharing transmissions in meetings
MeetingInviteLanguages string Controls how the join information in meeting invitations is displayed by enforcing a common language or enabling up to two languages to be displayed. The preliminary list of available languages is shown below: ar-SA,az-Latn-AZ,bg-BG,ca-ES,cs-CZ,cy-GB,da-DK,de-DE,el-GR,en-GB,en-US,es-ES,es-MX,et-EE,eu-ES,fi-FI,fil-PH,fr-CA,fr-FR,gl-ES,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it-IT,ja-JP,ka-GE,kk-KZ,ko-KR,lt-LT,lv-LV,mk-MK,ms-MY,nb-NO,nl-NL,nn-NO,pl-PL,pt-BR,pt-PT,ro-RO,ru-RU,sk-SK,sl-SL,sq-AL,sr-Latn-RS,sv-SE,th-TH,tr-TR,uk-UA,vi-VN,zh-CN,zh-TW.
AllowAnonymousUsersToJoinMeeting boolean Determines whether anonymous users can join the meetings that impacted users organize. Set this to TRUE to allow anonymous users to join a meeting. Set this to FALSE to prohibit them from joining a meeting.
AllowChannelMeetingScheduling boolean Determines whether a user can schedule channel meetings. Set this to TRUE to allow a user to schedule channel meetings. Set this to FALSE to prohibit the user from scheduling channel meetings.
AllowNDIStreaming boolean This parameter enables the use of NDI technology to capture and deliver broadcast-quality audio and video over your network.
AutoAdmittedUsers string Determines what types of participants will automatically be added to meetings organized by this user. Possible values are: EveryoneInCompany(if you would like meetings to place every external user in the lobby but allow all users in the company to join the meeting immediately), EveryoneInSameAndFederatedCompany(if you would like meetings to allow federated users to join like your company's users, but place all other external users in a lobby), Everyone(if you'd like to admit anonymous users by default), OrganizerOnly(if you would like that only meeting organizers can bypass the lobby), EveryoneInCompanyExcludingGuests(if you would like meetings to place every external and guest users in the lobby but allow all other users in the company to join the meeting immediately), and InvitedUsers(if you would like that only meeting organizers and invited users can bypass the lobby). This setting also applies to participants joining via a PSTN device (i.e. a traditional phone).
AllowSharedNotes boolean Determines whether users are allowed to take shared Meeting notes. Set this to TRUE to allow. Set this to FALSE to prohibit..
ContentSharingInExternalMeetings string This policy allows admins to determine whether the user can share content in meetings organized by external organizations. The user should have a Teams Premium license to be protected under this policy.
Copilot string This setting allows the admin to choose whether Copilot will be enabled with a persisted transcript or a non-persisted transcript. Possible values are: Enabled and EnabledWithTranscript.
RoomAttributeUserOverride string Possible values: Off, Distinguish, Attribute.
AllowBreakoutRooms boolean Set to true to enable Breakout Rooms, set to false to disable the Breakout Rooms functionality.
AllowedStreamingMediaInput string Enables the use of RTMP-In in Teams meetings. Possible values are <blank>, RTMP.
AllowLocalRecording boolean This parameter is reserved for internal Microsoft use
AllowMeetingReactions boolean Set to false to disable Meeting Reactions.
SmsNotifications string Participants can sign up for text message meeting reminders.
EnrollUserOverride string Turn on/off Biometric enrollment Possible values are: Disabled and Enabled.
QnAEngagementMode string This setting enables Microsoft 365 Tenant Admins to Enable or Disable the Questions and Answers experience (Q+A). When Enabled, Organizers can turn on Q+A for their meetings. When Disabled, Organizers cannot turn on Q+A in their meetings. The setting is enforced when a meeting is created or is updated by Organizers. Attendees can use Q+A in meetings where it was previously added. Organizers can remove Q+A for those meetings through Teams and Outlook Meeting Options. Possible values: Enabled, Disabled.
AllowCartCaptionsScheduling string Determines whether a user can add a URL for captions from a Communications Access Real-Time Translation (CART) captioner for providing real time captions in meetings. Possible values are EnabledUserOverride(CART captions is available by default but a user can disable), DisabledUserOverride(if you would like users to be able to use CART captions in meetings but by default it is disabled), and Disabled(if you'd like to not allow CART captions in meeting).
AllowedUsersForMeetingContext string This policy controls which users should have the ability to see the meeting info details on the join screen. 'None' option should disable the feature completely
AllowUserToJoinExternalMeeting boolean Currently, this parameter has no effect. Possible values are - Enabled, FederatedOnly, Disabled.
AllowWatermarkForScreenSharing boolean This setting allows scheduling meetings with watermarking for screen sharing enabled.
Identity string Specify the name of the policy being created.
IPAudioMode string Determines whether audio can be turned on in meetings and group calls. Set this to ENABLEDOUTGOINGINCOMING to allow outgoing and incoming audio in the meeting. Set this to DISABLED to prohibit outgoing and incoming audio in the meeting.
TeamsCameraFarEndPTZMode string Possible values are: Disabled, AutoAcceptInTenant, AutoAcceptAll.
WatermarkForAnonymousUsers string Determines the meeting experience and watermark content of an anonymous user
RoomPeopleNameUserOverride string Enabling people recognition requires the tenant CsTeamsMeetingPolicy roomPeopleNameUserOverride to be "On" and roomAttributeUserOverride to be Attribute for allowing individual voice and face profiles to be used for recognition in meetings.
AllowAnnotations boolean This setting will allow admins to choose which users will be able to use the Annotation feature.
AllowDocumentCollaboration string This setting will allow admins to choose which users will be able to use the Document Collaboration feature.
AllowRecordingStorageOutsideRegion boolean Allows storing recordings outside of the region. All meeting recordings will be permanently stored in another region, and can't be migrated. This does not apply to recordings saved in OneDrive or SharePoint.
LiveStreamingMode string Determines whether you provide support for your users to stream their Teams meetings to large audiences through Real-Time Messaging Protocol (RTMP). Possible values are: Disabled and Enabled.
InfoShownInReportMode string This policy controls what kind of information get shown for the user's attendance in attendance report/dashboard.
MeetingChatEnabledType string Specifies if users will be able to chat in meetings. Possible values are: Disabled, Enabled, and EnabledExceptAnonymous
RecordingStorageMode string This parameter can take two possible values: Stream, OneDriveForBusiness.
AllowExternalNonTrustedMeetingChat boolean This field controls whether a user is allowed to chat in external meetings with users from non trusted organizations.
AllowImmersiveView boolean If admins have disabled avatars, this does not disable using avatars in Immersive view on Teams desktop or web. Additionally, it does not prevent users from joining the Teams meeting on VR headsets.
AllowNetworkConfigurationSettingsLookup boolean Determines whether network configuration setting lookup can be made for users who are not Enterprise Voice enabled. It is used to enable Network Roaming policy.
AllowPrivateMeetNow boolean This setting controls whether a user can start an ad hoc private meeting.
AudibleRecordingNotification string The setting controls whether recording notification is played to all attendees or just PSTN users.
LiveInterpretationEnabledType string Allows meeting organizers to configure a meeting for language interpretation, selecting attendees of the meeting to become interpreters that other attendees can select and listen to the real-time translation they provide. Possible values are: DisabledUserOverride(if you would like users to be able to use interpretation in meetings but by default it is disabled) and Disabled(prevents the option to be enabled in Meeting Options).
WhoCanRegister string Controls the attendees who can attend a webinar meeting. The default is Everyone, meaning that everyone can register. If you want to restrict registration to internal accounts set the value to 'EveryoneInCompany'.
AllowAnonymousUsersToStartMeeting boolean Determines whether anonymous users can initiate a meeting. Set this to TRUE to allow anonymous users to initiate a meeting. Set this to FALSE to prohibit them from initiating a meeting.
AllowEngagementReport string Determines whether meeting organizers are allowed to download the attendee engagement report. Possible values are: Enabled(allow the meeting organizer to download the report), Disabled(disable attendee report generation and prohibit meeting organizer from downloading it), and ForceEnabled(enable attendee report generation and prohibit meeting organizer from disabling it). If set to Enabled or ForceEnabled, only meeting organizers and co-organizers will get a link to download the report in Teams. Regular attendees will have no access to it.
AllowMeetingRegistration boolean Controls if a user can create a webinar meeting. The default value is True.
AllowTrackingInReport boolean This parameter is reserved for internal Microsoft use.
SpeakerAttributionMode string Determines if users are identified in transcriptions and if they can change the value of the Automatically identify me in meeting captions and transcripts setting. Possible values: Enabled, EnabledUserOverride, DisabledUserOverride, Disabled.
WatermarkForScreenSharingPattern string Allows the pattern design of watermark to be customizable
AllowCarbonSummary boolean This setting will enable Tenant Admins to enable/disable the sharing of location data necessary to provide the end of meeting carbon summary screen for either the entire tenant or for a particular user. If set to True the meeting organizer will share their location to the client of the participant to enable the calculation of distance and the resulting carbon.
AllowOutlookAddIn boolean Determines whether a user can schedule Teams Meetings in Outlook desktop client. Set this to TRUE to allow the user to be able to schedule Teams meetings in Outlook client. Set this to FALSE to prohibit a user from scheduling Teams meeting in Outlook client.
AllowWatermarkForCameraVideo boolean This setting allows scheduling meetings with watermarking for video enabled.
CopyRestriction boolean This parameter enables a setting that controls a meeting option which allows users to disable right-click or Ctrl+C to copy, Copy link, Forward message, and Share to Outlook for meeting chat messages.
AllowIPVideo boolean Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video.
Description string Enables administrators to provide explanatory text about the meeting policy. For example, the Description might indicate the users the policy should be assigned to.
PreferredMeetingProviderForIslandsMode string Determines the Outlook meeting add-in available to users on Islands mode. By default, this is set to TeamsAndSfb, and the users sees both the Skype for Business and Teams add-ins. Set this to Teams to remove the Skype for Business add-in and only show the Teams add-in.
StreamingAttendeeMode string Controls if Teams uses overflow capability once a meeting reaches its capacity (1,000 users with full functionality). Possible values are: Disabled, Enabled. Set this to Enabled to allow up to 20,000 extra view-only attendees to join.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
AllowMemes boolean Determines whether a user is allowed to access and post memes. Set this to TRUE to allow. Set this FALSE to prohibit.
AllowUserTranslation boolean Determines whether a user is allowed to translate messages to their client languages. Set this to TRUE to allow. Set this to FALSE to prohibit.
Description string Provide a description of your policy to identify purpose of creating it.
ChatPermissionRole string Determines the Supervised Chat role of the user. Set this to Full to allow the user to supervise chats. Supervisors have the ability to initiate chats with and invite any user within the environment. Set this to Limited to allow the user to initiate conversations with Full and Limited permissioned users, but not Restricted. Set this to Restricted to block chat creation with anyone other than Full permissioned users.
AllowCommunicationComplianceEndUserReporting boolean This setting determines if users can report offensive messages to their admin for Communication Compliance. Possible Values: True, False.
AllowGiphyDisplay boolean Determines if Giphy images should be displayed that had been already sent or received in chat. Possible values: True, False.
AllowImmersiveReader boolean Determines whether a user is allowed to use Immersive Reader for reading conversation messages. Set this to TRUE to allow. Set this FALSE to prohibit.
AllowSecurityEndUserReporting boolean This setting determines if users can report any security concern posted in message to their admin. Possible values: True, False.
AllowUserEditMessage boolean Determines whether a user is allowed to edit their own messages. Set this to TRUE to allow. Set this to FALSE to prohibit.
ReadReceiptsEnabledType string Use this setting to specify whether read receipts are user controlled, enabled for everyone, or disabled. Set this to UserPreference, Everyone or None.
AllowPriorityMessages boolean Determines whether a user is allowed to send priority messages. Set this to TRUE to allow. Set this FALSE to prohibit.
AllowRemoveUser boolean Determines whether a user is allowed to remove a user from a conversation. Set this to TRUE to allow. Set this FALSE to prohibit.
GiphyRatingType string Determines the Giphy content restrictions applicable to a user. Set this to STRICT, MODERATE or NORESTRICTION.
AllowUserChat boolean Determines whether a user is allowed to chat. Set this to TRUE to allow a user to chat across private chat, group chat and in meetings. Set this to FALSE to prohibit all chat.
AllowUserDeleteChat boolean Turn this setting on to allow users to permanently delete their 1:1, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat). Set this to TRUE to allow. Set this to FALSE to prohibit.
AllowUserDeleteMessage boolean Determines whether a user is allowed to delete their own messages. Set this to TRUE to allow. Set this to FALSE to prohibit. If this value is set to FALSE, the team owner will not be able to delete their own messages.
AllowFullChatPermissionUserToDeleteAnyMessage boolean This setting determines if users with the 'Full permissions' role can delete any group or meeting chat message within their tenant. Possible values: True, False.
AllowGiphy boolean Determines whether a user is allowed to access and post Giphys. Set this to TRUE to allow. Set this FALSE to prohibit.
AllowGroupChatJoinLinks boolean This setting determines if users in a group chat can create and share join links for other users within the organization to join that chat. Possible values: True, False.
AllowPasteInternetImage boolean Determines if a user is allowed to paste internet-based images in compose. Possible values: True, False.
AllowStickers boolean Determines whether a user is allowed to access and post stickers. Set this to TRUE to allow. Set this FALSE to prohibit.
AudioMessageEnabledType string Determines whether a user is allowed to send audio messages. Possible values are: ChatsAndChannels, ChatsOnly, Disabled
DeleteCustomEmojis boolean These settings enable and disable the editing and deletion of custom emojis and reactions for the users included in the messaging policy.
DesignerForBackgroundsAndImages boolean This setting determines whether a user is allowed to create custom AI-powered backgrounds and images with MS Designer. Possible values are: Enabled, Disabled.
AllowChatWithGroup boolean This setting determines if users can chat with groups (Distribution, M365 and Security groups). Possible values: True, False.
AllowCustomGroupChatAvatars boolean These settings enables, disables updating or fetching custom group chat avatars for the users included in the messaging policy. Possible values: True, False.
AllowOwnerDeleteMessage boolean Determines whether owners are allowed to delete all the messages in their team. Set this to TRUE to allow. Set this to FALSE to prohibit.
Identity string Identity for the teams messaging policy you're modifying. To modify the global policy, use this syntax: -Identity global
InOrganizationChatControl string This setting determines if chat regulation for internal communication in the tenant is allowed.
CreateCustomEmojis boolean This setting enables the creation of custom emojis and reactions within an organization for the specified policy users.
AllowSmartCompose boolean Turn on this setting to let a user get text predictions for chat messages.
AllowSmartReply boolean Turn this setting on to enable suggested replies for chat messages. Set this to TRUE to allow. Set this to FALSE to prohibit.
ChannelsInChatListEnabledType string On mobile devices, enable to display favorite channels above recent chats. Possible values are: DisabledUserOverride, EnabledUserOverride.
AllowFluidCollaborate boolean This field enables or disables Fluid Collaborate feature for users. Possible values: True, False.
AllowUrlPreviews boolean Use this setting to turn automatic URL previewing on or off in messages. Set this to TRUE to turn on. Set this to FALSE to turn off. Note: Optional Connected Experiences must be also enabled for URL previews to be allowed.
AllowVideoMessages boolean This setting determines if users can create and send video messages. Possible values: True, False.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
IPAudioMobileMode string When set to WifiOnly, prohibits the user from making, receiving calls or joining meetings using VoIP calls on the mobile device while on cellular data connection.
IPVideoMobileMode string When set to WifiOnly, prohibits the user from making, receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on cellular data connection.
MobileDialerPreference string Determines the mobile dialer preference, possible values are: Teams, Native, UserOverride.
Description string Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to.
Identity string Specify the name of the policy that you are creating.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ZapEnabled boolean The ZapEnabled parameter specifies whether to enable zero-hour auto purge (ZAP) for malware and high confidence phishing messages in Teams messages.
AdminDisplayName string The AdminDisplayName parameter specifies a description for the policy.
HighConfidencePhishQuarantineTag string The HighConfidencePhishQuarantineTag parameter specifies the quarantine policy that's used for messages that are quarantined as high confidence phishing by ZAP for Teams. You can use any value that uniquely identifies the quarantine policy.
Identity string The Identity parameter specifies the Teams protection policy that you want to modify. There's only one Teams protection policy in an organization named Teams Protection Policy.
MalwareQuarantineTag string The MalwareQuarantineTag parameter specifies the quarantine policy that's used for messages that are quarantined as malware by ZAP for Teams. You can use any value that uniquely identifies the quarantine policy.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
EnableWorkLocationDetection boolean This setting allows your organization to collect the work location of users when they connect, interact, or are detected near your organization's networks and devices. It also captures the geographic location information users share from personal and mobile devices. This gives users the ability to consent to the use of this location data to set their current work location.
Identity string Name of the new policy instance to be updated
ATTRIBUTE TYPE REFERS TO DESCRIPTION
CustomizeFederation boolean Defines if we enable more customized federation settings in ExternalAccessPolicy or not. For example, when this is true, if the AllowedDomains includes [a.com, b.com], but the AllowedExternalDomains of the ExternalAccessPolicy includes [c.com], then users assigned by the ExternalAccessPolicy will only be allowed to access c.com, all other users will have access to a.com and b.com as defined in AllowedDomains. Possible values: True, False.
SharedSipAddressSpace boolean When set to True, indicates that the users homed on Skype for Business Online use the same SIP domain as users homed on the on-premises version of Skype for Business Server. The default value is False, meaning that the two sets of users have different SIP domains.
AllowPublicUsers boolean When set to True (the default value) users will be potentially allowed to communicate with users who have accounts on public IM and presence providers such as Windows Live, Yahoo, and AOL. The collection of public providers that users can actually communicate with is managed by using the Set-CsTenantPublicProvider cmdlet.
AllowTeamsConsumer boolean Allows federation with people using Teams with an account that's not managed by an organization.
AllowedDomains list<string> Domain objects (created by using the New-CsEdgeAllowList cmdlet or the New-CsEdgeAllowAllKnownDomains cmdlet) that represent the domains that users are allowed to communicate with. If the New-CsEdgeAllowAllKnownDomains cmdlet is used then users can communicate with any domain that does not appear on the blocked domains list. If the New-CsEdgeAllowList cmdlet is used then users can only communicate with domains that have been added to the allowed domains list.
AllowFederatedUsers boolean When set to True (the default value) users will be potentially allowed to communicate with users from other domains. If this property is set to False then users cannot communicate with users from other domains regardless of the values assigned to the AllowedDomains and BlockedDomains properties.
BlockAllSubdomains boolean If the BlockedDomains parameter is used, then BlockAllSubdomains can be used to activate all subdomains blocking. If the BlockedDomains parameter is ignored, then BlockAllSubdomains is also ignored. Just like for BlockedDomains, users will be disallowed from communicating with users from blocked domains. But all subdomains for domains in this list will also be blocked.
ExternalAccessWithTrialTenants string When set to 'Blocked', all external access with users from Teams subscriptions that contain only trial licenses will be blocked. This means users from these trial-only tenants will not be able to reach to your users via chats, Teams calls, and meetings (using the users authenticated identity) and your users will not be able to reach users in these trial-only tenants. If this setting is set to "Blocked", users from the trial-only tenant will also be removed from existing chats. Allowed - Communication with other tenants is allowed based on other settings. Blocked - Communication with users in tenants that contain only trial licenses will be blocked.
TreatDiscoveredPartnersAsUnverified boolean When set to True, messages sent from discovered partners are considered unverified. That means that those messages will be delivered only if they were sent from a person who is on the recipient's Contacts list. The default value is False ($False).
AllowedDomainsAsAList list<string> You can specify allowed domains using a List object that contains the domains that users are allowed to communicate with.
AllowedTrialTenantDomains list<string> You can whitelist specific "trial-only" tenant domains, while keeping the ExternalAccessWithTrialTenants set to Blocked. This will allow you to protect your organization against majority of tenants that don't have any paid subscriptions, while still being able to collaborate externally with those trusted trial-tenants in the list.
AllowTeamsConsumerInbound boolean Allows people using Teams with an account that's not managed by an organization, to discover and start communication with users in your organization. When -AllowTeamsConsumer is enabled and this parameter is disabled, only the users in your organization will be able to discover and start communication with people using Teams with an account that's not managed by an organization, but they will not discover and start communications with users in your organization.
BlockedDomains list<string> If the AllowedDomains property has been set to AllowAllKnownDomains, then users will be allowed to communicate with users from any domain except domains that appear in the blocked domains list. If the AllowedDomains property has not been set to AllowAllKnownDomains, then the blocked list is ignored, and users can only communicate with domains that have been expressly added to the allowed domains list. The BlockedDomains parameter can support up to 4,000 domains.
Identity string Specifies the collection of tenant federation configuration settings to be modified. Because each tenant is limited to a single, global collection of federation settings there is no need include this parameter when calling the Set-CsTenantFederationConfiguration cmdlet.
RestrictTeamsConsumerToExternalUserProfiles boolean Defines if a user is restricted to collaboration with Teams Consumer (TFL) user only in Extended Directory. Possible values: True, False.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ATTRIBUTE TYPE REFERS TO DESCRIPTION
ExternalDsnMaxMessageAttachSize boolean The ExternalDsnMaxMessageAttachSize parameter specifies the maximum size of the original message attached to an external DSN message. If the original message exceeds this size, only the headers of the original message are included in the DSN message. The default value is 10 megabytes (MB). This parameter is available only in on-premises Exchange.
Rfc2231EncodingEnabled boolean The Rfc2231EncodingEnabled parameter specifies whether the RFC 2231 encoding of MIME parameters for outbound messages is enabled in your organization. Valid input for this parameter is $true or $false. The default value is $false.
ShadowResubmitTimeSpan string The ShadowResubmitTimeSpan parameter specifies amount of time a server waits before deciding that a primary server has failed and assumes ownership of shadow messages in the shadow queue for the primary server that's unreachable. Valid input for this parameter is 00:00:01 to 1.00:00:00. The default value is 03:00:00 or 3 hours.
AllowLegacyTLSClients boolean The AllowLegacyTLSClients parameter specifies whether to allow clients that use legacy TLS versions to connect.
QueueDiagnosticsAggregationInterval string The QueueDiagnosticsAggregationInterval parameter specifies the polling interval that's used to retrieve message queue diagnostic information. The default value is 00:01:00 or one minute. This parameter is available only in on-premises Exchange.
ShadowMessagePreferenceSetting string The ShadowMessagePreferenceSetting parameter specifies the preferred location for making a shadow copy of a message. Valid values are - LocalOnly: A shadow copy of the message should only be made on a server in the local Active Directory site, RemoteOnly: A shadow copy of the message should only be made on a server in a different Active Directory site, PreferRemote: Try to make a shadow copy of the message in a different Active Directory site. If the operation fails, try make a shadow copy of the message on a server in the local Active Directory site. The default value is PreferRemote.
DSNConversionMode string The DSNConversionMode parameter controls how Exchange handles delivery status notifications (also known as DSNs, non-delivery reports, NDRs, or bounce messages) that are generated by earlier versions of Exchange or other email systems. Valid values are: DoNotConvert: DSNs aren't modified. The DSN is delivered as a standard message. PreserveDSNBody: DSNs are converted to the Exchange 2010 or later format, and the text in the body of the DSN message is retained. UseExchangeDSNs: DSNs are converted to the Exchange 2010 or later format. However, any customized text or attachments that were associated with the original DSN are overwritten.
ExternalDsnSendHtml boolean The ExternalDsnSendHtml parameter specifies whether external DSN messages should be HTML or plain text.
MaxSendSize string The MaxSendSize parameter specifies the maximum message size that can be sent by senders in the organization. The default value is 10 MB. This parameter is available only in on-premises Exchange.
MaxReceiveSize string The MaxReceiveSize parameter specifies the maximum message size that can be received by recipients in the organization. The default value is 10 MB.
RejectMessageOnShadowFailure boolean The RejectMessageOnShadowFailure parameter specifies whether to accept or reject messages when shadow copies of the messages can't be created. Valid values are - $true: Messages are rejected with the SMTP code 450 4.5.1. Use this value only if you have multiple Mailbox servers in a database availability group (DAG) or in an Active Directory site where shadow copies of the messages can be created, $false: Messages are accepted without making shadow copies. This is the default value.
SupervisionTags list<string> The SupervisionTags parameter specifies the various tags that are used for transport supervision in the organization. When you install Exchange, two tags, Allow and Reject, are created by default.
ExternalDsnLanguageDetectionEnabled boolean The ExternalDsnLanguageDetectionEnabled parameter specifies whether the server should try to send an external DSN message in the same language as the original message that generated the notification.
InternalDsnMaxMessageAttachSize string The InternalDsnMaxMessageAttachSize parameter specifies the maximum size of the original message that generated an internal DSN message. If the original message exceeds this size, only the headers of the original message are included in the DSN message. The default value is 10 MB. This parameter is available only in on-premises Exchange.
LegacyJournalingMigrationEnabled boolean The LegacyJournalingMigrationEnabled parameter specifies whether journal messages generated in Microsoft Exchange Server 2003 will be reformatted by Exchange 2010. This parameter is available only in Exchange Server 2010.
HeaderPromotionModeSetting string The HeaderPromotionModeSetting parameter specifies whether named properties are created for custom X-headers on messages received. Valid values are:MustCreate: Exchange creates a named property for each new custom X-headerMayCreate: Exchange creates a named property for each new custom X-header on messages received from authenticated senders. No named properties are created for custom X-headers on messages received from unauthenticated sendersNoCreate: Exchange won't create any named properties based on custom X-headers on incoming messages. This is the default value.
JournalingReportNdrTo string The JournalingReportNdrTo parameter specifies the email address to which journal reports are sent if the journaling mailbox is unavailable. By default, if this parameter is left empty, Exchange continues to try to deliver the journal report to the journaling mailbox. We recommended that you use a dedicated (non-user) mailbox as the value for this parameter. Like the journaling mailbox, the alternate journaling mailbox can't be an Exchange Online mailbox.
AddressBookPolicyRoutingEnabled boolean The AddressBookPolicyRoutingEnabled parameter controls how recipients are resolved in an organization that uses address book policies to create separate virtual organizations within the same Exchange organization. Specifically, the global address list (GAL) that's specified in the user's address book policy controls how recipients are resolved. When the value of this parameter is true, users that are assigned different GALs appear as external recipients. When the value of this parameter is false, users that are assigned different GALs appear as internal recipients.
DiagnosticsAggregationServicePort number The DiagnosticsAggregationServicePort parameter specifies the TCP port that's used to collect message queue diagnostic information. The default value is 9710.
ExternalPostmasterAddress string The ExternalPostmasterAddress parameter specifies the email address in the From header field of an external DSN message. The default value is blank ($null).
GenerateCopyOfDSNFor list<string> The GenerateCopyOfDSNFor parameter controls the non-delivery reports (NDRs) that are copied to a mailbox by specifying the DSN codes that you want to monitor. You must configure the list of monitored DSNs on one Mailbox server and locally on each Edge Transport server in your Exchange organization. This parameter is available only in on-premises Exchange.
MaxAllowedAgentGeneratedMessageDepthPerAgent number The MaxAllowedAgentGeneratedMessageDepthPerAgent parameter specifies how many times a single agent can process any resulting copies of the same message. The default value is 2.The value of the MaxAllowedAgentGeneratedMessageDepth parameter should be larger than the value of the MaxAllowedAgentGeneratedMessageDepthPerAgent parameter.
ShadowMessageAutoDiscardInterval string The ShadowMessageAutoDiscardInterval parameter specifies how long a server retains discard events for shadow messages. A primary server queues discard events until queried by the shadow server. However, if the shadow server doesn't query the primary server for the duration specified in this parameter, the primary server deletes the queued discard events. Valid input for this parameter is 00:00:05 to 90.00:00:00. The default value is 2.00:00:00 or 2 days.
DomainController boolean The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com. The DomainController parameter isn't supported on Edge Transport servers. An Edge Transport server uses the local instance of Active Directory Lightweight Directory Services (AD LDS) to read and write data. This parameter is available only in on-premises Exchange.
JournalMessageExpirationDays number The JournalMessageExpirationDays parameter extends the number of days that undeliverable journal reports are queued before they expire. A valid value is an integer from 0 to 7. The default value is 0, which means undeliverable journal reports are treated like regular undeliverable messages.
ReplyAllStormDetectionMinimumRecipients number Reply All Storm Detection Minimum Recipients count. This parameter is available only in the cloud-based service
ConvertDisclaimerWrapperToEml boolean The ConvertDisclaimerWrapperToEml parameter specifies whether the original message will be added as a TNEF attachment or a regular EML attachment to a disclaimer when all of the following are true: Message is sent to an external user. The sender has signed the message.The message is processed by a Transport rule that adds a disclaimer. When a Transport rule that adds disclaimers to outbound messages encounters a message signed by the sender, the Transport rule can't add the disclaimer directly to the message. As a result, the disclaimer is sent to the intended recipient with the original message as an attachment.
InternalDelayDsnEnabled boolean The InternalDelayDsnEnabled parameter specifies whether a delay DSN message should be created for messages sent to or from recipients or senders in the same Exchange organization that couldn't be immediately delivered.
InternalDsnReportingAuthority string The InternalDsnReportingAuthority parameter specifies the domain in the machine-readable part of internal DSN messages. The default value is blank ($null), which means the value is the authoritative domain that you specified during the creation of the organization.
ExternalDsnDefaultLanguage string The ExternalDsnDefaultLanguage parameter specifies which Exchange server language should be used by default when you create external DSN messages. The default value is the default Windows server language.
ReplyAllStormProtectionEnabled boolean ReplyAllStormProtectionEnabled. This parameter is available only in the cloud-based service
ShadowHeartbeatTimeoutInterval string The ShadowHeartbeatTimeoutInterval parameter specifies the amount of time a server waits before establishing a connection to a primary server to query the discard status of shadow messages. Valid input for this parameter is 00:00:01 to 1.00:00:00. The default value is 00:15:00 or 15 minutes.
MaxDumpsterTime string The MaxDumpsterTime parameter specifies how long an email message should remain in the transport dumpster on a Hub Transport server. The default value is seven days. This parameter is available only in on-premises Exchange. This parameter isn't used by Exchange Server 2016. It's used only by Exchange 2010 servers in coexistence environments.
MaxRetriesForRemoteSiteShadow number The MaxRetriesForRemoteSiteShadow parameter specifies the maximum number of attempts to make a shadow copy of the message in a different Active Directory site. Valid input for this parameter is an integer between 0 and 255. The default value is 4. The total number of attempts to create a shadow copy of the message is controlled by the ShadowMessagePreferenceSetting parameter - If ShadowMessagePreferenceSetting is set to RemoteOnly, the total number of attempts to make a shadow copy of the message is the value of the MaxRetriesForRemoteSiteShadow parameter, If ShadowMessagePreferenceSetting is set to PreferRemote, the total number of attempts to make a shadow copy of the message is the value of the MaxRetriesForLocalSiteShadow and MaxRetriesForRemoteSiteShadow parameters added together, If ShadowMessagePreferenceSetting is set to LocalOnly, the value of MaxRetriesForRemoteSiteShadow is 0, and the MaxRetriesForRemoteSiteShadow parameter has no effect on the total number of attempts to create a shadow copy of the message.
ReplyAllStormBlockDurationHours number Reply All Storm Block Duration Hours setting blocks subsequent replies to a thread for a specified number of hours. This parameter is available only in the cloud-based service.
VerifySecureSubmitEnabled boolean The VerifySecureSubmitEnabled parameter verifies that email clients submitting messages from mailboxes on Mailbox servers are using encrypted MAPI submission. The valid values for this parameter are $true or $false. The default value is $false.
AgentGeneratedMessageLoopDetectionInSubmissionEnabled string The AgentGeneratedMessageLoopDetectionInSubmissionEnabled parameter controls the behavior of messages loop detection in for loops caused by transport agents in the Mailbox Transport Submission service. An agent-generated loop occurs when an agent creates a new copy of a message or adds recipients to a message, and the agent continues to process these resulting messages by creating copies or adding recipients. This parameter is available only in on-premises Exchange.
InternalDsnSendHtml boolean The InternalDsnSendHtml parameter specifies whether internal DSN messages should be HTML or plain text.
MaxRetriesForLocalSiteShadow number The MaxRetriesForLocalSiteShadow parameter specifies the maximum number of attempts to make a shadow copy of the message in the local Active Directory site. Valid input for this parameter is an integer between 0 and 255. The default value is 2. The total number of attempts to create a shadow copy of the message is controlled by the ShadowMessagePreferenceSetting parameter - If ShadowMessagePreferenceSetting is set to LocalOnly, the total number of attempts to make a shadow copy of the message is the value of the MaxRetriesForLocalSiteShadow parameter, If ShadowMessagePreferenceSetting is set to PreferRemote, the total number of attempts to make a shadow copy of the message is the value of the MaxRetriesForLocalSiteShadow and MaxRetriesForRemoteSiteShadow parameters added together, If ShadowMessagePreferenceSetting is set to RemoteOnly, the value of MaxRetriesForLocalSiteShadow is 0, and the MaxRetriesForLocalSiteShadow parameter has no effect on the total number of attempts to create a shadow copy of the message.
MaxRecipientEnvelopeLimit string In on-premises Exchange, the default value is 500. The valid input range for this parameter is from 0 through 2147483647. If you enter a value of Unlimited, no limit is imposed on the number of recipients in a message. The MaxRecipientEnvelopeLimit parameter specifies the maximum number of recipients in a message. Exchange treats an unexpanded distribution group as one recipient.
SmtpClientAuthenticationDisabled boolean The SmtpClientAuthenticationDisabled parameter specifies whether to disable authenticated SMTP (SMTP AUTH) for the whole organization. This parameter is available only in the cloud-based service. Valid values for this parameter are: $true: Authenticated SMTP is disabled. This is the default value for organizations created after January 2020, $false: Authenticated SMTP is enabled.
ShadowRedundancyEnabled boolean The ShadowRedundancyEnabled parameter specifies whether shadow redundancy is enabled in the organization. Valid input for this parameter is $true or $false. The default value is $true.
Identity string This parameter is available only in on-premises Exchange.
InternalDsnDefaultLanguage string The InternalDsnDefaultLanguage parameter specifies which Exchange server language should be used by default when you create internal DSN messages.
MessageExpiration string The MessageExpiration parameter specifies the message expiration timeout interval for the organization. This parameter is available only in the cloud-based service.
AgentGeneratedMessageLoopDetectionInSmtpEnabled boolean The AgentGeneratedMessageLoopDetectionInSmtpEnabled parameter controls the behavior of messages loop detection in for loops caused by transport agents in the Transport service. An agent-generated loop occurs when an agent creates a new copy of a message or adds recipients to a message, and the agent continues to process these resulting messages by creating copies or adding recipients. This parameter is available only in on-premises Exchange.
TLSReceiveDomainSecureList list<string> The TLSReceiveDomainSecureList parameter specifies the domains from which you want to receive domain secured email by using mutual Transport Layer Security (TLS) authentication.
Xexch50Enabled boolean The Xexch50Enabled parameter specifies whether Xexch50 authentication should be enabled for backward compatibility with computers running Exchange 2003. Valid input for this parameter is $true or $false. The default value is $true.
MaxAllowedAgentGeneratedMessageDepth number The MaxAllowedAgentGeneratedMessageDepth parameter specifies how many times all agents can process any resulting copies of the same message. The default value is 3.
SafetyNetHoldTime string The SafetyNetHoldTime parameter specifies how long a copy of a successfully processed message is retained in Safety Net. Unacknowledged shadow copies of messages auto-expire from Safety Net based on adding the values of the SafetyNetHoldTime parameter and the MessageExpirationTimeout parameter on the Set-TransportService cmdlet. The default value is 2.00:00:00 or 2 days.
ShadowHeartbeatRetryCount number The ShadowHeartbeatRetryCount parameter specifies the number of time-outs a server waits before deciding that a primary server has failed and assumes ownership of shadow messages in the shadow queue for the primary server that's unreachable. Valid input for this parameter is an integer between 1 and 15. The default value is 12.
TLSSendDomainSecureList list<string> The TLSSendDomainSecureList parameter specifies the domains from which you want to send domain secured email by using mutual TLS authentication.
VoicemailJournalingEnabled boolean The VoicemailJournalingEnabled parameter specifies whether Unified Messaging voice mail messages are journaled by the Journaling agent. Valid input for this parameter is $true or $false. The default value is $true.
ClearCategories boolean The ClearCategories parameter keeps or removes Microsoft Outlook message categories during content conversion. Valid input for this parameter is $true or $false.
ExternalDsnReportingAuthority string The ExternalDsnReportingAuthority parameter specifies the domain in the machine-readable part of external DSN messages. The default value is blank ($null), which means the value is the authoritative domain that you specified during the creation of the organization.
InternalDsnLanguageDetectionEnabled boolean The InternalDsnLanguageDetectionEnabled parameter specifies whether the server should try to send an internal DSN message in the same language as the original message that generated the notification.
ReplyAllStormDetectionMinimumReplies number ReplyAllStormDetectionMinimumReplies. This parameter is available only in the cloud-based service
ShadowHeartbeatFrequency string The ShadowHeartbeatFrequency parameter specifies the amount of time a server waits before establishing a connection to a primary server to query the discard status of shadow messages. Valid input for this parameter is 00:00:01 to 1.00:00:00. The default value is 00:02:00 or 2 minutes.
TransportRuleAttachmentTextScanLimit string The TransportRuleAttachmentTextScanLimit parameter specifies the maximum size of text to extract from attachments for scanning by attachment scanning predicates in transport rules and data loss prevention (DLP) policies.
ExternalDelayDsnEnabled boolean The ExternalDelayDsnEnabled parameter specifies whether a delay delivery status notification (DSN) message should be created for external messages that couldn't be immediately delivered.
InternalSMTPServers list<string> The InternalSMTPServers parameter specifies a list of internal SMTP server IP addresses or IP address ranges that should be ignored by Sender ID and connection filtering. This parameter is available only in on-premises Exchange.
MaxDumpsterSizePerDatabase string The MaxDumpsterSizePerDatabase parameter specifies the maximum size of the transport dumpster on a Hub Transport server for each database. The default value is 18 MB. The valid input range for this parameter is from 0 through 2147483647 KB. This parameter is available only in on-premises Exchange. This parameter isn't used by Exchange Server 2016. It's used only by Exchange 2010 servers in coexistence environments.
ATTRIBUTE TYPE REFERS TO DESCRIPTION
Name string The name of the Mail Transport Rule.
State string The state of the TransportRule. For example, "Enabled"
SetScl number Spam Confidence Level. -1 = Bypass spam filters. 0-4 = perform normal spam filtering. 5-6 = mark as spam. 7-9 = mark as high confidence spam. See https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-mail-flow-rules-to-set-the-spam-confidence-level-scl-in-messages?view=o365-worldwide for more info.
FromScope string The "from scope" condition being checked in this Transport Rule. Possible values are "InOrganization" "NotInOrganization". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more details.
MessageTypeMatches string Specifies a condition that looks for messages of a specified type. Possible values are "OOF", "AutoForward", "Encrypted", "Calendaring", "PermissionControlled", Voicemail", "Signed", "ApprovalRequest", and "ReadReceipt". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more information.
RejectMessageEnhancedStatusCode string Specifies the enhanced status code that's used when the rule rejects messages. See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more information.
Identity string The id of the TransportRule
SenderDomainIs list<string> The sender domain that is being checked in this Mail Transport Rule.
Priority number The priority level of the Transport Rule that determines the order of rule processing. 0 is the highest priority.
SentToScope string The "sent to scope" condition being checked in this Transport Rule. Possible values are "InOrganization", "NotInOrganization", "ExternalPartner" and "ExternalNonPartner". See https://docs.microsoft.com/en-us/powershell/module/exchange/set-transportrule?view=exchange-ps for more details.
RejectMessageReasonText string Specifies the explanation text that's used when a TransportRule rejects a message.
RedirectMessageTo string An email address that this MailTransportRule will auto-forward emails to.