Set-SupervisoryReviewRule

This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.

Use the Set-SupervisoryReviewRule cmdlet to modify supervisory review rules in the Microsoft Purview compliance portal.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Set-SupervisoryReviewRule
   [-Identity] <ComplianceRuleIdParameter>
   [-CcsiDataModelOperator <String>]
   [-Condition <String>]
   [-Confirm]
   [-ContentContainsSensitiveInformation <PswsHashtable[]>]
   [-ContentMatchesDataModel <String>]
   [-ContentSources <String[]>]
   [-ExceptIfRecipientDomainIs <MultiValuedProperty>]
   [-ExceptIfRevieweeIs <MultiValuedProperty>]
   [-ExceptIfSenderDomainIs <MultiValuedProperty>]
   [-ExceptIfSubjectOrBodyContainsWords <MultiValuedProperty>]
   [-IncludeAdaptiveScopes <String[]>]
   [-InPurviewFilter <String>]
   [-Ocr <Boolean>]
   [-SamplingRate <Int32>]
   [-WhatIf]
   [<CommonParameters>]
Set-SupervisoryReviewRule
   [-CcsiDataModelOperator <String>]
   [-Condition <String>]
   [-Confirm]
   [-ContentContainsSensitiveInformation <PswsHashtable[]>]
   [-ContentMatchesDataModel <String>]
   [-ContentSources <String[]>]
   [-DayXInsights <Boolean>]
   [-ExceptIfFrom <MultiValuedProperty>]
   [-ExceptIfRecipientDomainIs <MultiValuedProperty>]
   [-ExceptIfRevieweeIs <MultiValuedProperty>]
   [-ExceptIfSenderDomainIs <MultiValuedProperty>]
   [-ExceptIfSentTo <MultiValuedProperty>]
   [-ExceptIfSubjectOrBodyContainsWords <MultiValuedProperty>]
   [-From <MultiValuedProperty>]
   [-IncludeAdaptiveScopes <String[]>]
   [-InPurviewFilter <String>]
   [-Ocr <Boolean>]
   [-SamplingRate <Int32>]
   [-SentTo <MultiValuedProperty>]
   [-WhatIf]
   [<CommonParameters>]

Description

To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.

Examples

Example 1

Set-SupervisoryReviewRule -Identity "EU Brokers Rule" -Conditions "((NOT(Reviewee:US Compliance)) -AND (Reviewee:EU Brokers) -AND ((trade) -OR (insider trading)) -AND (NOT(approved by the Contoso financial team)))"

This example modifies the existing rule named EU Brokers Rule with the following settings:

  • Conditions: Supervise inbound and outbound communications for members of the EU Brokers group that contain the words trade or insider trading.
  • Exceptions: Exclude supervision for members of the EU Compliance group, or messages that contain the phrase "approved by the Contoso financial team".

Parameters

-CcsiDataModelOperator

{{ Fill CcsiDataModelOperator Description }}

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-Condition

The Condition parameter specifies the conditions and exceptions for the rule. This parameter uses the following syntax:

  • User or group communications to supervise: "((Reviewee:<emailaddress1>) -OR (Reviewee:<emailaddress2>)...)". Exceptions use the syntax "(NOT((Reviewee:<emailaddress1>) -OR (Reviewee:<emailaddress2>)...))".
  • Direction: "((Direction:Inbound) -OR (Direction:Outbound) -OR (Direction:Internal))".
  • Message contains words: "((<Word1orPhrase1>) -OR (<Word2orPhrase2>)...)". Exceptions use the syntax "(NOT((<Word1orPhrase1>) -OR (<Word2orPhrase2>)...))".
  • Any attachment contains words: "((Attachment:<word1>) -OR (Attachment:<word2>)...)". Exceptions use the syntax "(NOT((Attachment:<word1>) -OR (Attachment:<word2>)...))".
  • Any attachment has the extension: "((AttachmentName:.<extension1>) -OR (AttachmentName:.<extension2>)...)". Exceptions use the syntax "(NOT((AttachmentName:.<extension1>) -OR (AttachmentName:.<extension2>)...))".
  • Message size is larger than: "(MessageSize:<size in B, KB, MB or GB>)". For example "(MessageSize:300KB)". Exceptions use the syntax "(NOT(MessageSize:<size in B, KB, MB or GB>))".
  • Any attachment is larger than: "(AttachmentSize:<size in B, KB, MB or GB>)". For example "(AttachmentSize:3MB)". Exceptions use the syntax "(NOT(AttachmentSize:<size in B, KB, MB or GB>))".
  • Parentheses ( ) are required around the whole filter.
  • Separate multiple conditions or exception types with the AND operator. For example, "((Reviewee:[email protected]) -AND (AttachmentSize:3MB))".
Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.
  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ContentContainsSensitiveInformation

{{ Fill ContentContainsSensitiveInformation Description }}

Type:PswsHashtable[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ContentMatchesDataModel

{{ Fill ContentMatchesDataModel Description }}

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ContentSources

{{ Fill ContentSources Description }}

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-DayXInsights

{{ Fill DayXInsights Description }}

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ExceptIfFrom

{{ Fill ExceptIfFrom Description }}

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ExceptIfRecipientDomainIs

{{ Fill ExceptIfRecipientDomainIs Description }}

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ExceptIfRevieweeIs

{{ Fill ExceptIfRevieweeIs Description }}

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ExceptIfSenderDomainIs

{{ Fill ExceptIfSenderDomainIs Description }}

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ExceptIfSentTo

{{ Fill ExceptIfSentTo Description }}

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-ExceptIfSubjectOrBodyContainsWords

{{ Fill ExceptIfSubjectOrBodyContainsWords Description }}

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-From

{{ Fill From Description }}

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-Identity

The Identity parameter specifies the supervisory review rule that you want to modify. You can use any value that uniquely identifies the rule. For example:

  • Name
  • Distinguished name (DN)
  • GUID
Type:ComplianceRuleIdParameter
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Security & Compliance

-IncludeAdaptiveScopes

{{ Fill IncludeAdaptiveScopes Description }}

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-InPurviewFilter

{{ Fill InPurviewFilter Description }}

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-Ocr

{{ Fill Ocr Description }}

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-SamplingRate

The SamplingRate parameter specifies the percentage of communications for review. If you want reviewers to review all detected items, use the value 100.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-SentTo

{{ Fill SentTo Description }}

Type:MultiValuedProperty
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance

-WhatIf

The WhatIf switch doesn't work in Security & Compliance PowerShell.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance