Get-ConfigAnalyzerPolicyRecommendation
This cmdlet is available only in the cloud-based service.
Use the Get-ConfigAnalyzerPolicyRecommendation cmdlet to compare the settings in your existing security policies to the settings that are used in the Standard or Strict preset security policies. Settings that are below the recommend value are returned in the results.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Default (Default)
Get-ConfigAnalyzerPolicyRecommendation
-RecommendedPolicyType <RecommendedPolicyType>
[[-Identity] <ConfigAnalyzerPolicyRecommendationIdParameter>]
[-IsAppliedToDisabled]
[<CommonParameters>]
Description
For information about the policies and their recommended Standard and Strict values, see Recommended settings for EOP and Microsoft Defender for Office 365 security.
The output of this cmdlet only returns settings that fall below the value that you've specified as a baseline (Standard or Strict).
The output contains the following information for each setting:
- PolicyGroup: The type of policy. The value is Anti-Spam, Anti-Phishing, Anti-Malware, ATP Safe Links, or ATP Safe Attachments
- SettingName: The name of the setting in the policy.
- SettingNameDescription: A description of the setting.
- Policy: The name of the policy.
- AppliedTo: The number of users or domains that the policy applies to. If the policy isn't applied to anyone (for example, it's disabled), this value is blank.
- CurrentConfiguration: The current value of the setting.
- LastModified: When the policy was last modified.
- Recommendation: The recommended Standard or Strict value for the setting.
- SettingType: For example, Boolean, String, or Integer.
If a setting is configured at or better than the Standard or Strict protection profile that you're comparing to, those settings/policies aren't returned in the results
This cmdlet returns the following output for each setting in each policy that falls below the recommended value.
You need to be assigned permissions before you can run this cmdlet. Although this article lists all parameters for the cmdlet, you might not have access to some parameters if they aren't included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.
Examples
Example 1
Get-ConfigAnalyzerPolicyRecommendation -RecommendedPolicyType Strict
This example runs a comparison using the Strict preset security policy settings as a baseline.
Parameters
-Identity
Applicable: Exchange Online
This parameter is reserved for internal Microsoft use.
Parameter properties
| Type: | ConfigAnalyzerPolicyRecommendationIdParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 0 |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-IsAppliedToDisabled
Applicable: Exchange Online
The IsAppliedToDisabled switch filters the results by policies that aren't applied to anyone (the AppliedTo property is blank). You don't need to specify a value with this switch.
If you don't use this switch, the results include policies that are applied to users and policies that aren't applied to anyone.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RecommendedPolicyType
Applicable: Exchange Online
The RecommendedPolicyType parameter specifies the preset security policy that you want to use as a baseline. Valid values are:
- Standard
- Strict
Parameter properties
| Type: | RecommendedPolicyType |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.