New-SupervisoryReviewRule
This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.
Use the New-SupervisoryReviewRule cmdlet to create supervisory review rules in the Microsoft Purview compliance portal. Supervisory review lets you define policies that capture communications in your organization so they can be examined by internal or external reviewers.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Default (Default)
New-SupervisoryReviewRule
[-Name] <String>
-Policy <PolicyIdParameter>
[-AdvancedRule <String>]
[-CcsiDataModelOperator <String>]
[-Condition <String>]
[-Confirm]
[-ContentContainsSensitiveInformation <PswsHashtable[]>]
[-ContentMatchesDataModel <String>]
[-ContentSources <String[]>]
[-DayXInsights <Boolean>]
[-ExceptIfFrom <MultiValuedProperty>]
[-ExceptIfRecipientDomainIs <MultiValuedProperty>]
[-ExceptIfRevieweeIs <MultiValuedProperty>]
[-ExceptIfSenderDomainIs <MultiValuedProperty>]
[-ExceptIfSentTo <MultiValuedProperty>]
[-ExceptIfSubjectOrBodyContainsWords <MultiValuedProperty>]
[-From <MultiValuedProperty>]
[-IncludeAdaptiveScopes <String[]>]
[-InPurviewFilter <String>]
[-Ocr <Boolean>]
[-PolicyRBACScopes <MultiValuedProperty>]
[-SamplingRate <Int32>]
[-SentTo <MultiValuedProperty>]
[-WhatIf]
[<CommonParameters>]
Description
To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.
Examples
Example 1
New-SupervisoryReviewRule -Name "EU Brokers Rule" -Policy "EU Brokers Policy" -SamplingRate 100 -Condition "((NOT(Reviewee:US Compliance)) -AND (Reviewee:EU Brokers) -AND ((trade) -OR (insider trading)) -AND (NOT(approved by the Contoso financial team)))"
This example creates a new supervisory review rule named EU Brokers Rule with the following settings:
- Policy: EU Brokers Policy
- Sampling rate: 100%
- Conditions: Supervise inbound and outbound communications for members of the EU Brokers group that contain the words trade or insider trading.
- Exceptions: Exclude supervision for members of the EU Compliance group, or messages that contain the phrase "approved by the Contoso financial team".
Parameters
-AdvancedRule
Applicable: Security & Compliance
{{ Fill AdvancedRule Description }}
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-CcsiDataModelOperator
Applicable: Security & Compliance
{{ Fill CcsiDataModelOperator Description }}
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Condition
Applicable: Security & Compliance
The Condition parameter specifies the conditions and exceptions for the rule. This parameter uses the following syntax:
- User or group communications to supervise:
"((Reviewee:<emailaddress1>) -OR (Reviewee:<emailaddress2>)...)". Exceptions use the syntax"(NOT((Reviewee:<emailaddress1>) -OR (Reviewee:<emailaddress2>)...))". - Direction:
"((Direction:Inbound) -OR (Direction:Outbound) -OR (Direction:Internal))". - Message contains words:
"((<Word1orPhrase1>) -OR (<Word2orPhrase2>)...)". Exceptions use the syntax"(NOT((<Word1orPhrase1>) -OR (<Word2orPhrase2>)...))". - Any attachment contains words:
"((Attachment:<word1>) -OR (Attachment:<word2>)...)". Exceptions use the syntax"(NOT((Attachment:<word1>) -OR (Attachment:<word2>)...))". - Any attachment has the extension:
"((AttachmentName:.<extension1>) -OR (AttachmentName:.<extension2>)...)". Exceptions use the syntax"(NOT((AttachmentName:.<extension1>) -OR (AttachmentName:.<extension2>)...))". - Message size is larger than:
"(MessageSize:<size in B, KB, MB or GB>)". For example"(MessageSize:300KB)". Exceptions use the syntax"(NOT(MessageSize:<size in B, KB, MB or GB>))". - Any attachment is larger than:
"(AttachmentSize:<size in B, KB, MB or GB>)". For example"(AttachmentSize:3MB)". Exceptions use the syntax"(NOT(AttachmentSize:<size in B, KB, MB or GB>))". - Parentheses ( ) are required around the whole filter.
- Separate multiple conditions or exception types with the AND operator. For example,
"((Reviewee:chris@contoso.com) -AND (AttachmentSize:3MB))".
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Confirm
Applicable: Security & Compliance
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ContentContainsSensitiveInformation
Applicable: Security & Compliance
{{ Fill ContentContainsSensitiveInformation Description }}
Parameter properties
| Type: | PswsHashtable[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ContentMatchesDataModel
Applicable: Security & Compliance
{{ Fill ContentMatchesDataModel Description }}
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ContentSources
Applicable: Security & Compliance
{{ Fill ContentSources Description }}
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DayXInsights
Applicable: Security & Compliance
{{ Fill DayXInsights Description }}
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExceptIfFrom
Applicable: Security & Compliance
{{ Fill ExceptIfFrom Description }}
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExceptIfRecipientDomainIs
Applicable: Security & Compliance
{{ Fill ExceptIfRecipientDomainIs Description }}
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExceptIfRevieweeIs
Applicable: Security & Compliance
{{ Fill ExceptIfRevieweeIs Description }}
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExceptIfSenderDomainIs
Applicable: Security & Compliance
{{ Fill ExceptIfSenderDomainIs Description }}
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExceptIfSentTo
Applicable: Security & Compliance
{{ Fill ExceptIfSentTo Description }}
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExceptIfSubjectOrBodyContainsWords
Applicable: Security & Compliance
{{ Fill ExceptIfSubjectOrBodyContainsWords Description }}
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-From
Applicable: Security & Compliance
{{ Fill From Description }}
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-IncludeAdaptiveScopes
Applicable: Security & Compliance
{{ Fill IncludeAdaptiveScopes Description }}
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InPurviewFilter
Applicable: Security & Compliance
{{ Fill InPurviewFilter Description }}
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Name
Applicable: Security & Compliance
The Name parameter specifies the unique name for the supervisory review rule. The name can't exceed 64 characters. If the value contains spaces, enclose the value in quotation marks (").
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Ocr
Applicable: Security & Compliance
{{ Fill Ocr Description }}
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Policy
Applicable: Security & Compliance
The Policy parameter specifies the supervisory review policy that's assigned to the rule. You can use any value that uniquely identifies the policy. For example:
- Name
- Distinguished name (DN)
- GUID
Parameter properties
| Type: | PolicyIdParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PolicyRBACScopes
Applicable: Security & Compliance
{{ Fill PolicyRBACScopes Description }}
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SamplingRate
Applicable: Security & Compliance
The SamplingRate parameter specifies the percentage of communications for review. If you want reviewers to review all detected items, use the value 100.
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SentTo
Applicable: Security & Compliance
{{ Fill SentTo Description }}
Parameter properties
| Type: | MultiValuedProperty |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Applicable: Security & Compliance
The WhatIf switch doesn't work in Security & Compliance PowerShell.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.