Set-PolicyConfig
This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.
Use the Set-PolicyConfig cmdlet to modify the endpoint restrictions that are configured in the organization.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Default (Default)
Set-PolicyConfig
[[-Identity] <OrganizationIdParameter>]
[-CaseHoldPolicyLimit <Int32>]
[-ClassificationScheme <ClassificationScheme>]
[-ComplianceUrl <String>]
[-Confirm]
[-DlpAppGroups <PswsHashtable[]>]
[-DlpAppGroupsPsws <PswsHashtable[]>]
[-DlpExtensionGroups <PswsHashtable[]>]
[-DlpNetworkShareGroups <PswsHashtable>]
[-DlpPrinterGroups <PswsHashtable>]
[-DlpRemovableMediaGroups <PswsHashtable>]
[-DocumentIsUnsupportedSeverity <RuleSeverity>]
[-EnableAdvancedRuleBuilder <Boolean>]
[-EnableLabelCoauth <Boolean>]
[-EnableSpoAipMigration <Boolean>]
[-EndpointDlpGlobalSettings <PswsHashtable[]>]
[-EndpointDlpGlobalSettingsPsws <PswsHashtable[]>]
[-ExtendTeamsDlpPoliciesToSharePointOneDrive <Boolean>]
[-InformationBarrierMode <InformationBarrierMode>]
[-InformationBarrierPeopleSearchRestriction <InformationBarrierPeopleSearchRestriction>]
[-IsDlpSimulationOptedIn <Boolean>]
[-OnPremisesWorkload <Workload>]
[-ProcessingLimitExceededSeverity <RuleSeverity>]
[-PurviewLabelConsent <Boolean>]
[-ReservedForFutureUse <Boolean>]
[-RetentionForwardCrawl <Boolean>]
[-RuleErrorAction <PolicyRuleErrorAction>]
[-SenderAddressLocation <PolicySenderAddressLocation>]
[-SiteGroups <PswsHashtable[]>]
[-SiteGroupsPsws <PswsHashtable[]>]
[-WhatIf]
[<CommonParameters>]
Description
To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.
Examples
Example 1
{{ Add example code here }}
{{ Add example description here }}
Parameters
-CaseHoldPolicyLimit
Applicable: Security & Compliance
{{ Fill CaseHoldPolicyLimit Description }}
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ClassificationScheme
Applicable: Security & Compliance
{{ Fill ClassificationScheme Description }}
Parameter properties
| Type: | ClassificationScheme |
| Default value: | None |
| Accepted values: | Default, V0_AggregatedOnly, V1_DetailedResults |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ComplianceUrl
Applicable: Security & Compliance
{{ Fill ComplianceUrl Description }}
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Confirm
Applicable: Security & Compliance
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.
- Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DlpAppGroups
Applicable: Security & Compliance
{{ Fill DlpAppGroups Description }}
Parameter properties
| Type: | PswsHashtable[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DlpAppGroupsPsws
Applicable: Security & Compliance
{{ Fill DlpAppGroupsPsws Description }}
Parameter properties
| Type: | PswsHashtable[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DlpExtensionGroups
Applicable: Security & Compliance
{{ Fill DlpExtensionGroups Description }}
Parameter properties
| Type: | PswsHashtable[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DlpNetworkShareGroups
Applicable: Security & Compliance
{{ Fill DlpNetworkShareGroups Description }}
Parameter properties
| Type: | PswsHashtable |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DlpPrinterGroups
Applicable: Security & Compliance
{{ Fill DlpPrinterGroups Description }}
Parameter properties
| Type: | PswsHashtable |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DlpRemovableMediaGroups
Applicable: Security & Compliance
{{ Fill DlpRemovableMediaGroups Description }}
Parameter properties
| Type: | PswsHashtable |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DocumentIsUnsupportedSeverity
Applicable: Security & Compliance
{{ Fill DocumentIsUnsupportedSeverity Description }}
Parameter properties
| Type: | RuleSeverity |
| Default value: | None |
| Accepted values: | Low, Medium, High, None, Informational, Information |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-EnableAdvancedRuleBuilder
Applicable: Security & Compliance
{{ Fill EnableAdvancedRuleBuilder Description }}
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-EnableLabelCoauth
Applicable: Security & Compliance
The EnableLabelCoauth parameter enables or disables co-authoring support in Office desktop apps for the entire organization. Valid value are:
- $true: Co-authoring support in Office desktop apps is enabled. When documents are labeled and encrypted by sensitivity labels, multiple users can edit these documents at the same time. Labeling information for unencrypted files is no longer saved in custom properties. Don't enable co-authoring if you use any apps, services, scripts, or tools that read or write labeling metadata to the old location.
- $false: Co-authoring support in Office desktop apps is disabled.
Disabling co-authoring support in Office desktop apps in the organization has the following consequences:
- For apps and services that support the new labeling metadata, they now revert to the original metadata format and location when labels are read or saved.
- The new metadata format and location for Office documents used while the setting was enabled isn't copied to the original format and location. As a result, this labeling information for unencrypted Word, Excel, and PowerPoint files is lost.
- Co-authoring and AutoSave no longer work in your organization for labeled and encrypted documents.
- Sensitivity labels remain enabled for Office files in OneDrive and SharePoint.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-EnableSpoAipMigration
Applicable: Security & Compliance
The EnableSpoAipMigration parameter enables or disables built-in labeling for supported Office files in SharePoint and OneDrive. Valid values are:
- $true: Users can apply your sensitivity labels in Office for the web. Users see the Sensitivity button on the ribbon so they can apply labels, and see any applied label name on the status bar.
- $false: Users can't apply your sensitivity labels in Office for the web.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-EndpointDlpGlobalSettings
Applicable: Security & Compliance
The EndpointDlpGlobalSettings parameter specifies the global endpoints. This parameter uses the following syntax: @(@{"Setting"="<Setting>"; "Value"="<Value>}",@{"Setting"="<Setting>"; "Value"="<Value>"},...).
The value of <Setting> is one of the supported values.
Example values:
@{"Setting"="PathExclusion"; "Value"="C:\Windows";}@{"Setting"="PathExclusion"; "Value"="%AppData%\Mozilla";}@{"Setting"="PathExclusion"; "Value"="C:\Users\*\Desktop";}@{"Setting"="UnallowedApp"="Notepad ++;"Executable"="notepad++"}@{"Setting"="UnallowedApp"="Executable"="cmd"}@{"Setting"="UnallowedBrowser"="Chrome";"Executable"="chrome"}@{"Setting"="CloudAppRestrictions"="Allow"}@{"Setting"="CloudAppRestrictionList"="1.1.2.2"}@{"Setting"="CloudAppRestrictionList"="subdomain.com"}@{"Setting"="CloudAppRestrictionList"="another.differentdomain.edu"}@{"Setting"="ShowEndpointJustificationDropdown"; "True";}
Parameter properties
| Type: | PswsHashtable[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-EndpointDlpGlobalSettingsPsws
Applicable: Security & Compliance
{{ Fill EndpointDlpGlobalSettingsPsws Description }}
Parameter properties
| Type: | PswsHashtable[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ExtendTeamsDlpPoliciesToSharePointOneDrive
Applicable: Security & Compliance
The ExtendTeamsDlpPoliciesToSharePointOneDrive parameter enables the Teams DLP Policy to automatically extend protection to the content stored in OneDrive shared in 1:1 chats and content stored in SharePoint associated with Teams teams shared through channel chats. Valid values are:
- $true
- $false
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Identity
Applicable: Security & Compliance
You don't need to use this parameter. The only endpoint restrictions object in the organization is named Settings.
Parameter properties
| Type: | OrganizationIdParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 0 |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-InformationBarrierMode
Applicable: Security & Compliance
The InformationBarrierMode parameter specifies the mode that controls the total number of segments and how many segments a user can be part of. Valid values are:
- SingleSegment: Users in the organization can have 5000 segments but can only be assigned to one segment.
- MultiSegment: Users in the organization can have 5000 segments and can be assigned up to 10 segments. For more information, see Use multi-segment support in information barriers.
Parameter properties
| Type: | InformationBarrierMode |
| Default value: | None |
| Accepted values: | SingleSegment, MultiSegment |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InformationBarrierPeopleSearchRestriction
Applicable: Security & Compliance
{{ Fill InformationBarrierPeopleSearchRestriction Description }}
Parameter properties
| Type: | InformationBarrierPeopleSearchRestriction |
| Default value: | None |
| Accepted values: | Enabled, Disabled |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-IsDlpSimulationOptedIn
Applicable: Security & Compliance
{{ Fill IsDlpSimulationOptedIn Description }}
Parameter properties
| Type: | Boolean |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-OnPremisesWorkload
Applicable: Security & Compliance
{{ Fill OnPremisesWorkload Description }}
Parameter properties
| Type: | Workload |
| Default value: | None |
| Accepted values: | None, Exchange, SharePoint, Intune, OneDriveForBusiness, PublicFolder, SharePointOnPremises, ExchangeOnPremises, AuditAlerting, Skype, ModernGroup, DynamicScope, Teams, UnifiedAuditAzure, EndpointDevices, ThirdPartyApps, OnPremisesScanner |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ProcessingLimitExceededSeverity
Applicable: Security & Compliance
{{ Fill ProcessingLimitExceededSeverity Description }}
Parameter properties
| Type: | RuleSeverity |
| Default value: | None |
| Accepted values: | Low, Medium, High, None, Informational, Information |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PurviewLabelConsent
Applicable: Security & Compliance
{{ Fill PurviewLabelConsent Description }}
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ReservedForFutureUse
Applicable: Security & Compliance
{{ Fill ReservedForFutureUse Description }}
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RetentionForwardCrawl
Applicable: Security & Compliance
{{ Fill RetentionForwardCrawl Description }}
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RuleErrorAction
Applicable: Security & Compliance
The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. Valid values are:
- Ignore
- RetryThenBlock (default value)
Parameter properties
| Type: | PolicyRuleErrorAction |
| Default value: | None |
| Accepted values: | Ignore, RetryThenBlock |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SenderAddressLocation
Applicable: Security & Compliance
The SenderAddressLocation parameter specifies where to look for sender addresses in conditions and exceptions that examine sender email addresses. Valid values are:
- Header: Only examine senders in the message headers (for example, the From, Sender, or Reply-To fields). This value is the default.
- Envelope: Only examine senders from the message envelope (the MAIL FROM value that was used in the SMTP transmission, which is typically stored in the Return-Path field).
- HeaderOrEnvelope: Examine senders in the message header and the message envelope.
Parameter properties
| Type: | PolicySenderAddressLocation |
| Default value: | None |
| Accepted values: | Header, Envelope, HeaderOrEnvelope |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SiteGroups
Applicable: Security & Compliance
{{ Fill SiteGroups Description }}
Parameter properties
| Type: | PswsHashtable[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SiteGroupsPsws
Applicable: Security & Compliance
{{ Fill SiteGroupsPsws Description }}
Parameter properties
| Type: | PswsHashtable[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Applicable: Security & Compliance
The WhatIf switch doesn't work in Security & Compliance PowerShell.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.