Set-SupervisoryReviewRule
This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.
Use the Set-SupervisoryReviewRule cmdlet to modify supervisory review rules in the Microsoft Purview compliance portal.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Set-SupervisoryReviewRule
[-Identity] <ComplianceRuleIdParameter>
[-CcsiDataModelOperator <String>]
[-Condition <String>]
[-Confirm]
[-ContentContainsSensitiveInformation <PswsHashtable[]>]
[-ContentMatchesDataModel <String>]
[-ContentSources <String[]>]
[-ExceptIfRecipientDomainIs <MultiValuedProperty>]
[-ExceptIfRevieweeIs <MultiValuedProperty>]
[-ExceptIfSenderDomainIs <MultiValuedProperty>]
[-ExceptIfSubjectOrBodyContainsWords <MultiValuedProperty>]
[-IncludeAdaptiveScopes <String[]>]
[-InPurviewFilter <String>]
[-Ocr <Boolean>]
[-SamplingRate <Int32>]
[-WhatIf]
[<CommonParameters>]
Set-SupervisoryReviewRule
[-CcsiDataModelOperator <String>]
[-Condition <String>]
[-Confirm]
[-ContentContainsSensitiveInformation <PswsHashtable[]>]
[-ContentMatchesDataModel <String>]
[-ContentSources <String[]>]
[-DayXInsights <Boolean>]
[-ExceptIfFrom <MultiValuedProperty>]
[-ExceptIfRecipientDomainIs <MultiValuedProperty>]
[-ExceptIfRevieweeIs <MultiValuedProperty>]
[-ExceptIfSenderDomainIs <MultiValuedProperty>]
[-ExceptIfSentTo <MultiValuedProperty>]
[-ExceptIfSubjectOrBodyContainsWords <MultiValuedProperty>]
[-From <MultiValuedProperty>]
[-IncludeAdaptiveScopes <String[]>]
[-InPurviewFilter <String>]
[-Ocr <Boolean>]
[-SamplingRate <Int32>]
[-SentTo <MultiValuedProperty>]
[-WhatIf]
[<CommonParameters>]
Description
To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.
Examples
Example 1
Set-SupervisoryReviewRule -Identity "EU Brokers Rule" -Conditions "((NOT(Reviewee:US Compliance)) -AND (Reviewee:EU Brokers) -AND ((trade) -OR (insider trading)) -AND (NOT(approved by the Contoso financial team)))"
This example modifies the existing rule named EU Brokers Rule with the following settings:
- Conditions: Supervise inbound and outbound communications for members of the EU Brokers group that contain the words trade or insider trading.
- Exceptions: Exclude supervision for members of the EU Compliance group, or messages that contain the phrase "approved by the Contoso financial team".
Parameters
-CcsiDataModelOperator
{{ Fill CcsiDataModelOperator Description }}
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Condition
The Condition parameter specifies the conditions and exceptions for the rule. This parameter uses the following syntax:
- User or group communications to supervise:
"((Reviewee:<emailaddress1>) -OR (Reviewee:<emailaddress2>)...)"
. Exceptions use the syntax"(NOT((Reviewee:<emailaddress1>) -OR (Reviewee:<emailaddress2>)...))"
. - Direction:
"((Direction:Inbound) -OR (Direction:Outbound) -OR (Direction:Internal))"
. - Message contains words:
"((<Word1orPhrase1>) -OR (<Word2orPhrase2>)...)"
. Exceptions use the syntax"(NOT((<Word1orPhrase1>) -OR (<Word2orPhrase2>)...))"
. - Any attachment contains words:
"((Attachment:<word1>) -OR (Attachment:<word2>)...)"
. Exceptions use the syntax"(NOT((Attachment:<word1>) -OR (Attachment:<word2>)...))"
. - Any attachment has the extension:
"((AttachmentName:.<extension1>) -OR (AttachmentName:.<extension2>)...)"
. Exceptions use the syntax"(NOT((AttachmentName:.<extension1>) -OR (AttachmentName:.<extension2>)...))"
. - Message size is larger than:
"(MessageSize:<size in B, KB, MB or GB>)"
. For example"(MessageSize:300KB)"
. Exceptions use the syntax"(NOT(MessageSize:<size in B, KB, MB or GB>))"
. - Any attachment is larger than:
"(AttachmentSize:<size in B, KB, MB or GB>)"
. For example"(AttachmentSize:3MB)"
. Exceptions use the syntax"(NOT(AttachmentSize:<size in B, KB, MB or GB>))"
. - Parentheses ( ) are required around the whole filter.
- Separate multiple conditions or exception types with the AND operator. For example,
"((Reviewee:[email protected]) -AND (AttachmentSize:3MB))"
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Confirm
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false
. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentContainsSensitiveInformation
{{ Fill ContentContainsSensitiveInformation Description }}
Type: | PswsHashtable[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentMatchesDataModel
{{ Fill ContentMatchesDataModel Description }}
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ContentSources
{{ Fill ContentSources Description }}
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-DayXInsights
{{ Fill DayXInsights Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfFrom
{{ Fill ExceptIfFrom Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfRecipientDomainIs
{{ Fill ExceptIfRecipientDomainIs Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfRevieweeIs
{{ Fill ExceptIfRevieweeIs Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSenderDomainIs
{{ Fill ExceptIfSenderDomainIs Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSentTo
{{ Fill ExceptIfSentTo Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-ExceptIfSubjectOrBodyContainsWords
{{ Fill ExceptIfSubjectOrBodyContainsWords Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-From
{{ Fill From Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Identity
The Identity parameter specifies the supervisory review rule that you want to modify. You can use any value that uniquely identifies the rule. For example:
- Name
- Distinguished name (DN)
- GUID
Type: | ComplianceRuleIdParameter |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-IncludeAdaptiveScopes
{{ Fill IncludeAdaptiveScopes Description }}
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-InPurviewFilter
{{ Fill InPurviewFilter Description }}
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-Ocr
{{ Fill Ocr Description }}
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SamplingRate
The SamplingRate parameter specifies the percentage of communications for review. If you want reviewers to review all detected items, use the value 100.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-SentTo
{{ Fill SentTo Description }}
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |
-WhatIf
The WhatIf switch doesn't work in Security & Compliance PowerShell.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Security & Compliance |