New-SupervisoryReviewRule
This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.
Use the New-SupervisoryReviewRule cmdlet to create supervisory review rules in the Microsoft Purview compliance portal. Supervisory review lets you define policies that capture communications in your organization so they can be examined by internal or external reviewers.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
New-SupervisoryReviewRule
[-Name] <String>
-Policy <PolicyIdParameter>
[-CcsiDataModelOperator <String>]
[-Condition <String>]
[-Confirm]
[-ContentContainsSensitiveInformation <PswsHashtable[]>]
[-ContentMatchesDataModel <String>]
[-ContentSources <String[]>]
[-DayXInsights <Boolean>]
[-ExceptIfFrom <MultiValuedProperty>]
[-ExceptIfRecipientDomainIs <MultiValuedProperty>]
[-ExceptIfRevieweeIs <MultiValuedProperty>]
[-ExceptIfSenderDomainIs <MultiValuedProperty>]
[-ExceptIfSentTo <MultiValuedProperty>]
[-ExceptIfSubjectOrBodyContainsWords <MultiValuedProperty>]
[-From <MultiValuedProperty>]
[-IncludeAdaptiveScopes <String[]>]
[-InPurviewFilter <String>]
[-Ocr <Boolean>]
[-SamplingRate <Int32>]
[-SentTo <MultiValuedProperty>]
[-WhatIf]
[<CommonParameters>]
Description
To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.
Examples
Example 1
New-SupervisoryReviewRule -Name "EU Brokers Rule" -Policy "EU Brokers Policy" -SamplingRate 100 -Condition "((NOT(Reviewee:US Compliance)) -AND (Reviewee:EU Brokers) -AND ((trade) -OR (insider trading)) -AND (NOT(approved by the Contoso financial team)))"
This example creates a new supervisory review rule named EU Brokers Rule with the following settings:
- Policy: EU Brokers Policy
- Sampling rate: 100%
- Conditions: Supervise inbound and outbound communications for members of the EU Brokers group that contain the words trade or insider trading.
- Exceptions: Exclude supervision for members of the EU Compliance group, or messages that contain the phrase "approved by the Contoso financial team".
Parameters
-CcsiDataModelOperator
{{ Fill CcsiDataModelOperator Description }}
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Condition
The Condition parameter specifies the conditions and exceptions for the rule. This parameter uses the following syntax:
- User or group communications to supervise:
"((Reviewee:<emailaddress1>) -OR (Reviewee:<emailaddress2>)...)"
. Exceptions use the syntax"(NOT((Reviewee:<emailaddress1>) -OR (Reviewee:<emailaddress2>)...))"
. - Direction:
"((Direction:Inbound) -OR (Direction:Outbound) -OR (Direction:Internal))"
. - Message contains words:
"((<Word1orPhrase1>) -OR (<Word2orPhrase2>)...)"
. Exceptions use the syntax"(NOT((<Word1orPhrase1>) -OR (<Word2orPhrase2>)...))"
. - Any attachment contains words:
"((Attachment:<word1>) -OR (Attachment:<word2>)...)"
. Exceptions use the syntax"(NOT((Attachment:<word1>) -OR (Attachment:<word2>)...))"
. - Any attachment has the extension:
"((AttachmentName:.<extension1>) -OR (AttachmentName:.<extension2>)...)"
. Exceptions use the syntax"(NOT((AttachmentName:.<extension1>) -OR (AttachmentName:.<extension2>)...))"
. - Message size is larger than:
"(MessageSize:<size in B, KB, MB or GB>)"
. For example"(MessageSize:300KB)"
. Exceptions use the syntax"(NOT(MessageSize:<size in B, KB, MB or GB>))"
. - Any attachment is larger than:
"(AttachmentSize:<size in B, KB, MB or GB>)"
. For example"(AttachmentSize:3MB)"
. Exceptions use the syntax"(NOT(AttachmentSize:<size in B, KB, MB or GB>))"
. - Parentheses ( ) are required around the whole filter.
- Separate multiple conditions or exception types with the AND operator. For example,
"((Reviewee:[email protected]) -AND (AttachmentSize:3MB))"
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Confirm
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false
. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentContainsSensitiveInformation
{{ Fill ContentContainsSensitiveInformation Description }}
Type: | PswsHashtable[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentMatchesDataModel
{{ Fill ContentMatchesDataModel Description }}
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentSources
{{ Fill ContentSources Description }}
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DayXInsights
{{ Fill DayXInsights Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfFrom
{{ Fill ExceptIfFrom Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfRecipientDomainIs
{{ Fill ExceptIfRecipientDomainIs Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfRevieweeIs
{{ Fill ExceptIfRevieweeIs Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSenderDomainIs
{{ Fill ExceptIfSenderDomainIs Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSentTo
{{ Fill ExceptIfSentTo Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSubjectOrBodyContainsWords
{{ Fill ExceptIfSubjectOrBodyContainsWords Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-From
{{ Fill From Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-IncludeAdaptiveScopes
{{ Fill IncludeAdaptiveScopes Description }}
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-InPurviewFilter
{{ Fill InPurviewFilter Description }}
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Name
The Name parameter specifies the unique name for the supervisory review rule. The name can't exceed 64 characters. If the value contains spaces, enclose the value in quotation marks (").
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Ocr
{{ Fill Ocr Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Policy
The Policy parameter specifies the supervisory review policy that's assigned to the rule. You can use any value that uniquely identifies the policy. For example:
- Name
- Distinguished name (DN)
- GUID
Type: | PolicyIdParameter |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SamplingRate
The SamplingRate parameter specifies the percentage of communications for review. If you want reviewers to review all detected items, use the value 100.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SentTo
{{ Fill SentTo Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-WhatIf
The WhatIf switch doesn't work in Security & Compliance PowerShell.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |