Get-ConfigAnalyzerPolicyRecommendation
This cmdlet is available only in the cloud-based service.
Use the Get-ConfigAnalyzerPolicyRecommendation cmdlet to compare the settings in your existing security policies to the settings that are used in the Standard or Strict preset security policies. Settings that are below the recommend value are returned in the results.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Get-ConfigAnalyzerPolicyRecommendation
-RecommendedPolicyType <RecommendedPolicyType>
[[-Identity] <ConfigAnalyzerPolicyRecommendationIdParameter>]
[-IsAppliedToDisabled]
[<CommonParameters>] Description
For information about the policies and their recommended Standard and Strict values, see Recommended settings for EOP and Microsoft Defender for Office 365 security.
The output of this cmdlet only returns settings that fall below the value that you've specified as a baseline (Standard or Strict).
The output contains the following information for each setting:
- PolicyGroup: The type of policy. The value will be Anti-Spam, Anti-Phishing, Anti-Malware, ATP Safe Links, or ATP Safe Attachments
- SettingName: The name of the setting in the policy.
- SettingNameDescription: A description of the setting.
- Policy: The name of the policy.
- AppliedTo: The number of users or domains that the policy applies to. If the policy isn't applied to anyone (for example, it's disabled), this value will be blank.
- CurrentConfiguration: The current value of the setting.
- LastModified: When the policy was last modified.
- Recommendation: The recommended Standard or Strict value for the setting.
- SettingType: For example, Boolean, String, or Integer.
If a setting is configured at or better than the Standard or Strict protection profile that you're comparing to, those settings/policies aren't returned in the results
This cmdlet returns the following output for each setting in each policy that falls below the recommended value.
You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.
Examples
Example 1
Get-ConfigAnalyzerPolicyRecommendation -RecommendedPolicyType StrictThis example runs a comparison using the Strict preset security policy settings as a baseline.
Parameters
-Identity
This parameter is reserved for internal Microsoft use.
| Type: | ConfigAnalyzerPolicyRecommendationIdParameter |
| Position: | 0 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online |
-IsAppliedToDisabled
The IsAppliedToDisabled switch filters the results by policies that aren't applied to anyone (the AppliedTo property is blank). You don't need to specify a value with this switch.
If you don't use this switch, the results include policies that are applied to users and policies that aren't applied to anyone.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online |
-RecommendedPolicyType
The RecommendedPolicyType parameter specifies the preset security policy that you want to use as a baseline. Valid values are:
- Standard
- Strict
| Type: | RecommendedPolicyType |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online |