Add-MgBetaSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold

Module:

Microsoft.Graph.Beta.Security

Start the process of applying hold on eDiscovery non-custodial data sources. After the operation is created, you can get the status by retrieving the Location parameter from the response headers. The location provides a URL that returns an eDiscoveryHoldOperation object.

Note

To view the v1.0 release of this cmdlet, view Add-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold

Syntax

Add-MgBetaSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold
   -EdiscoveryCaseId <String>
   [-ResponseHeadersVariable <String>]
   [-AdditionalProperties <Hashtable>]
   [-Ids <String[]>]
   [-Headers <IDictionary>]
   [-PassThru]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-MgBetaSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold
   -EdiscoveryCaseId <String>
   [-ResponseHeadersVariable <String>]
   -BodyParameter <IPathsUr2Sc1SecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema>
   [-Headers <IDictionary>]
   [-PassThru]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-MgBetaSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold
   -EdiscoveryCaseId <String>
   -EdiscoveryNoncustodialDataSourceId <String>
   [-ResponseHeadersVariable <String>]
   [-Headers <IDictionary>]
   [-PassThru]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-MgBetaSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold
   -InputObject <ISecurityIdentity>
   [-ResponseHeadersVariable <String>]
   [-AdditionalProperties <Hashtable>]
   [-Ids <String[]>]
   [-Headers <IDictionary>]
   [-PassThru]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-MgBetaSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold
   -InputObject <ISecurityIdentity>
   [-ResponseHeadersVariable <String>]
   -BodyParameter <IPathsUr2Sc1SecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema>
   [-Headers <IDictionary>]
   [-PassThru]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-MgBetaSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold
   -InputObject <ISecurityIdentity>
   [-ResponseHeadersVariable <String>]
   [-Headers <IDictionary>]
   [-PassThru]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Start the process of applying hold on eDiscovery non-custodial data sources. After the operation is created, you can get the status by retrieving the Location parameter from the response headers. The location provides a URL that returns an eDiscoveryHoldOperation object.

Permissions

Permission type	Least privileged permissions	Higher privileged permissions
Delegated (work or school account)	eDiscovery.Read.All	eDiscovery.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.	Not supported.
Application	Not supported.	Not supported.

Examples

Example 1: Code snippet

Import-Module Microsoft.Graph.Beta.Security

Add-MgBetaSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold -EdiscoveryCaseId $ediscoveryCaseId -EdiscoveryNoncustodialDataSourceId $ediscoveryNoncustodialDataSourceId

This example shows how to use the Add-MgBetaSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold Cmdlet.

Parameters

-AdditionalProperties

Additional Parameters

Type:	Hashtable
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-BodyParameter

. To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Type:	IPathsUr2Sc1SecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-EdiscoveryCaseId

The unique identifier of ediscoveryCase

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-EdiscoveryNoncustodialDataSourceId

The unique identifier of ediscoveryNoncustodialDataSource

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-Headers

Optional headers that will be added to the request.

Type:	IDictionary
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-Ids

.

Type:	String[]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Type:	ISecurityIdentity
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-PassThru

Returns true when the command succeeds

Type:	SwitchParameter
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ProgressAction

{{ Fill ProgressAction Description }}

Type:	ActionPreference
Aliases:	proga
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ResponseHeadersVariable

Optional Response Headers Variable.

Type:	String
Aliases:	RHV
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

Microsoft.Graph.Beta.PowerShell.Models.IPathsUr2Sc1SecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema

Microsoft.Graph.Beta.PowerShell.Models.ISecurityIdentity

System.Collections.IDictionary

Outputs

System.Boolean

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IPathsUr2Sc1SecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema>: .

• [(Any) <Object>]: This indicates any property can be added to this object.
• [Ids <String- []>]:

INPUTOBJECT <ISecurityIdentity>: Identity Parameter

• [AlertId <String>]: The unique identifier of alert
• [AnalyzedEmailId <String>]: The unique identifier of analyzedEmail
• [ArticleId <String>]: The unique identifier of article
• [ArticleIndicatorId <String>]: The unique identifier of articleIndicator
• [AttackSimulationOperationId <String>]: The unique identifier of attackSimulationOperation
• [AuditLogQueryId <String>]: The unique identifier of auditLogQuery
• [AuditLogRecordId <String>]: The unique identifier of auditLogRecord
• [AuthoredNoteId <String>]: The unique identifier of authoredNote
• [AuthorityTemplateId <String>]: The unique identifier of authorityTemplate
• [CaseOperationId <String>]: The unique identifier of caseOperation
• [CategoryTemplateId <String>]: The unique identifier of categoryTemplate
• [CitationTemplateId <String>]: The unique identifier of citationTemplate
• [CloudAppSecurityProfileId <String>]: The unique identifier of cloudAppSecurityProfile
• [DataSourceId <String>]: The unique identifier of dataSource
• [DepartmentTemplateId <String>]: The unique identifier of departmentTemplate
• [DetectionRuleId <String>]: The unique identifier of detectionRule
• [DispositionReviewStageNumber <String>]: The unique identifier of dispositionReviewStage
• [DomainSecurityProfileId <String>]: The unique identifier of domainSecurityProfile
• [EdiscoveryCaseId <String>]: The unique identifier of ediscoveryCase
• [EdiscoveryCustodianId <String>]: The unique identifier of ediscoveryCustodian
• [EdiscoveryFileId <String>]: The unique identifier of ediscoveryFile
• [EdiscoveryHoldPolicyId <String>]: The unique identifier of ediscoveryHoldPolicy
• [EdiscoveryNoncustodialDataSourceId <String>]: The unique identifier of ediscoveryNoncustodialDataSource
• [EdiscoveryReviewSetId <String>]: The unique identifier of ediscoveryReviewSet
• [EdiscoveryReviewSetQueryId <String>]: The unique identifier of ediscoveryReviewSetQuery
• [EdiscoveryReviewTagId <String>]: The unique identifier of ediscoveryReviewTag
• [EdiscoveryReviewTagId1 <String>]: The unique identifier of ediscoveryReviewTag
• [EdiscoverySearchId <String>]: The unique identifier of ediscoverySearch
• [EmailThreatSubmissionId <String>]: The unique identifier of emailThreatSubmission
• [EmailThreatSubmissionPolicyId <String>]: The unique identifier of emailThreatSubmissionPolicy
• [EndUserNotificationDetailId <String>]: The unique identifier of endUserNotificationDetail
• [EndUserNotificationId <String>]: The unique identifier of endUserNotification
• [FilePlanReferenceTemplateId <String>]: The unique identifier of filePlanReferenceTemplate
• [FileSecurityProfileId <String>]: The unique identifier of fileSecurityProfile
• [FileThreatSubmissionId <String>]: The unique identifier of fileThreatSubmission
• [HealthIssueId <String>]: The unique identifier of healthIssue
• [HostComponentId <String>]: The unique identifier of hostComponent
• [HostCookieId <String>]: The unique identifier of hostCookie
• [HostId <String>]: The unique identifier of host
• [HostPairId <String>]: The unique identifier of hostPair
• [HostPortId <String>]: The unique identifier of hostPort
• [HostSecurityProfileId <String>]: The unique identifier of hostSecurityProfile
• [HostSslCertificateId <String>]: The unique identifier of hostSslCertificate
• [HostTrackerId <String>]: The unique identifier of hostTracker
• [IPSecurityProfileId <String>]: The unique identifier of ipSecurityProfile
• [IncidentId <String>]: The unique identifier of incident
• [IntelligenceProfileId <String>]: The unique identifier of intelligenceProfile
• [IntelligenceProfileIndicatorId <String>]: The unique identifier of intelligenceProfileIndicator
• [LandingPageDetailId <String>]: The unique identifier of landingPageDetail
• [LandingPageId <String>]: The unique identifier of landingPage
• [LoginPageId <String>]: The unique identifier of loginPage
• [PassiveDnsRecordId <String>]: The unique identifier of passiveDnsRecord
• [PayloadId <String>]: The unique identifier of payload
• [ProviderTenantSettingId <String>]: The unique identifier of providerTenantSetting
• [RetentionEventId <String>]: The unique identifier of retentionEvent
• [RetentionEventTypeId <String>]: The unique identifier of retentionEventType
• [RetentionLabelId <String>]: The unique identifier of retentionLabel
• [SecureScoreControlProfileId <String>]: The unique identifier of secureScoreControlProfile
• [SecureScoreId <String>]: The unique identifier of secureScore
• [SecurityActionId <String>]: The unique identifier of securityAction
• [SensitivityLabelId <String>]: The unique identifier of sensitivityLabel
• [SimulationAutomationId <String>]: The unique identifier of simulationAutomation
• [SimulationAutomationRunId <String>]: The unique identifier of simulationAutomationRun
• [SimulationId <String>]: The unique identifier of simulation
• [SiteSourceId <String>]: The unique identifier of siteSource
• [SslCertificateId <String>]: The unique identifier of sslCertificate
• [SubcategoryTemplateId <String>]: The unique identifier of subcategoryTemplate
• [SubdomainId <String>]: The unique identifier of subdomain
• [SubjectRightsRequestId <String>]: The unique identifier of subjectRightsRequest
• [TiIndicatorId <String>]: The unique identifier of tiIndicator
• [TrainingCampaignId <String>]: The unique identifier of trainingCampaign
• [TrainingId <String>]: The unique identifier of training
• [TrainingLanguageDetailId <String>]: The unique identifier of trainingLanguageDetail
• [UnifiedGroupSourceId <String>]: The unique identifier of unifiedGroupSource
• [UrlThreatSubmissionId <String>]: The unique identifier of urlThreatSubmission
• [UserId <String>]: The unique identifier of user
• [UserSecurityProfileId <String>]: The unique identifier of userSecurityProfile
• [UserSourceId <String>]: The unique identifier of userSource
• [VulnerabilityComponentId <String>]: The unique identifier of vulnerabilityComponent
• [VulnerabilityId <String>]: The unique identifier of vulnerability
• [WhoisHistoryRecordId <String>]: The unique identifier of whoisHistoryRecord
• [WhoisRecordId <String>]: The unique identifier of whoisRecord

Related Links

• https://learn.microsoft.com/powershell/module/microsoft.graph.beta.security/add-mgbetasecuritycaseediscoverycasenoncustodialdatasourcehold
• https://learn.microsoft.com/graph/api/security-ediscoverynoncustodialdatasource-applyhold?view=graph-rest-1.0