Set-AuditConfigurationRule
This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.
Use the Set-AuditConfigurationRule cmdlet to modify audit configuration rules.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Set-AuditConfigurationRule
[-Identity] <ComplianceRuleIdParameter>
-AuditOperation <MultiValuedProperty>
[-Confirm]
[-DomainController <Fqdn>]
[-WhatIf]
[<CommonParameters>]
Description
To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.
Examples
Example 1
Set-AuditConfigurationRule 989a3a6c-dc40-4fa4-8307-beb3ece992e9 -AuditOperation @{Add="CheckOut"}
This example modifies an existing SharePoint auditing rule. The check-out operation is added to the rule without affecting the existing operations that are already being audited.
Parameters
-AuditOperation
The AuditOperation parameter specifies the operations that are audited by the rule. Valid values are:
- Administrate
- CheckIn
- CheckOut
- Count
- CreateUpdate
- Delete
- Forward
- MoveCopy
- PermissionChange
- ProfileChange
- SchemaChange
- Search
- SendAsOthers
- View
- Workflow
You can specify multiple values separated by commas.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Confirm
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false
. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DomainController
This parameter is reserved for internal Microsoft use.
Type: | Fqdn |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Identity
The Identity parameter specifies the audit configuration rule that you want to modify. The name of the rule is a GUID value. For example, 989a3a6c-dc40-4fa4-8307-beb3ece992e9. You can find the name value by running the following command: Get-AuditConfigurationRule | Format-List Name,Workload,AuditOperation,Policy.
Type: | ComplianceRuleIdParameter |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-WhatIf
The WhatIf switch doesn't work in Security & Compliance PowerShell.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |