New-PhishSimOverrideRule
This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.
Use the New-PhishSimOverrideRule cmdlet to create third-party phishing simulation override rules to bypass Exchange Online Protection filtering. For more information, see Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
New-PhishSimOverrideRule
[-Name] <String>
-Policy <PolicyIdParameter>
-SenderIpRanges <MultiValuedProperty>
[-Comment <String>]
[-Confirm]
[-Domains <MultiValuedProperty>]
[-SenderDomainIs <MultiValuedProperty>]
[-WhatIf]
[<CommonParameters>]
Description
You need to be assigned permissions in the Security & Compliance before you can use this cmdlet. For more information, see Permissions in the Security & Compliance.
Examples
Example 1
New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains fabrikam.com,wingtiptoys.com -SenderIpRanges 192.168.1.55
This example creates a new phishing simulation override rule with the specified settings.
Parameters
-Comment
The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note".
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Confirm
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false
. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Domains
The Domains parameter specifies the email domain that's used by the third-party phishing simulation. You can use either of the following values:
- The
5321.MailFrom
address (also known as the MAIL FROM address, P1 sender, or envelope sender). - The DKIM domain.
You can specify up to 20 values separated by commas.
A phishing simulation requires at least one domain from this parameter and at least one IP address in the SenderIPRanges parameter.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Name
The Name parameter specifies the name for the policy. Regardless of the value you specify, the name will be PhishSimOverrideRule<GUID> where <GUID> is a unique GUID value (for example, a0eae53e-d755-4a42-9320-b9c6b55c5011).
Type: | String |
Position: | 0 |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Policy
The Policy parameter specifies the phishing simulation override policy that's associated with the rule. You can use any value that uniquely identifies the policy. For example:
- Name
- Id
- Distinguished name (DN)
- GUID
Type: | PolicyIdParameter |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SenderDomainIs
This parameter has been replaced by the Domains parameter.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SenderIpRanges
The SenderIpRanges parameter specifies the source IP address that's used by the third-party phishing simulation. Valid values are:
- Single IP address: For example, 192.168.1.1.
- IP address range: For example, 192.168.0.1-192.168.0.254.
- Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25.
You can specify up to 10 entries separated by commas.
A phishing simulation entry requires at least one IP address in this parameter and at least one domain in the Domains parameter.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-WhatIf
The WhatIf switch doesn't work in Security & Compliance PowerShell.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
Feedback
Submit and view feedback for