New-AuditConfigurationRule
This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.
Use the New-AuditConfigurationRule cmdlet to create audit configuration rules.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
New-AuditConfigurationRule
-AuditOperation <MultiValuedProperty>
-Workload <Workload>
[-Confirm]
[-DomainController <Fqdn>]
[-WhatIf]
[<CommonParameters>] Description
To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.
Examples
Example 1
New-AuditConfigurationRule -Workload SharePoint -AuditOperation DeleteThis example creates a new audit configuration rule for Microsoft SharePoint Online that audits delete operations.
Parameters
-AuditOperation
The AuditOperation parameter specifies the operations that are audited by the rule. Valid values are:
- Administrate
- CheckIn
- CheckOut
- Count
- CreateUpdate
- Delete
- Forward
- MoveCopy
- PermissionChange
- ProfileChange
- SchemaChange
- Search
- SendAsOthers
- View
- Workflow
You can specify multiple values separated by commas.
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-Confirm
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-DomainController
This parameter is reserved for internal Microsoft use.
| Type: | Fqdn |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-WhatIf
The WhatIf switch doesn't work in Security & Compliance PowerShell.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |
-Workload
The Workload parameter specifies where the audit configuration policy applies. Valid values are:
- Exchange
- OneDriveForBusiness
- SharePoint
| Type: | Workload |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Security & Compliance |