Skip to content

EXOAntiPhishPolicy

Parameters

Parameter Attribute DataType Description Allowed Values
Identity Key String The Identity parameter specifies the name of the antiphishing policy that you want to modify.
Ensure Write String Specify if this policy should exist or not. Present, Absent
AdminDisplayName Write String The AdminDisplayName parameter specifies a description for the policy.
PhishThresholdLevel Write String The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages. 1, 2, 3, 4
AuthenticationFailAction Write String The AuthenticationFailAction parameter specifies the action to take when the message fails composite authentication. MoveToJmf, Quarantine
TargetedDomainProtectionAction Write String The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages for the domains specified by the TargetedDomainsToProtect parameter. BccMessage, Delete, MoveToJmf, NoAction, Quarantine, Redirect
TargetedUserProtectionAction Write String The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter. BccMessage, Delete, MoveToJmf, NoAction, Quarantine, Redirect
Enabled Write Boolean Specify if this policy should be enabled. Default is $true.
EnableFirstContactSafetyTips Write Boolean The EnableFirstContactSafetyTips parameter specifies whether to enable or disable the safety tip that's shown when recipients first receive an email from a sender or do not often receive email from a sender.
EnableAntispoofEnforcement Write Boolean The EnableAntispoofEnforcement parameter specifies whether to enable or disable antispoofing protection for the policy.
EnableMailboxIntelligence Write Boolean The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first contact graph) in domain and user impersonation protection.
EnableMailboxIntelligenceProtection Write Boolean The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user's individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives.
EnableOrganizationDomainsProtection Write Boolean The EnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation protection for all registered domains in the Office 365 organization.
EnableSimilarDomainsSafetyTips Write Boolean The EnableSimilarDomainsSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for domain impersonation detections.
EnableSimilarUsersSafetyTips Write Boolean The EnableSimilarUsersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for user impersonation detections.
EnableSpoofIntelligence Write Boolean The EnableSpoofIntelligence parameter specifies whether to enable or disable antispoofing protection for the policy.
EnableTargetedDomainsProtection Write Boolean The EnableTargetedDomainsProtection parameter specifies whether to enable domain impersonation protection for a list of specified domains.
EnableTargetedUserProtection Write Boolean The EnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for the users specified by the TargetedUsersToProtect parameter
EnableUnauthenticatedSender Write Boolean The EnableUnauthenticatedSender parameter enables or disables unauthenticated sender identification in Outlook.
EnableUnusualCharactersSafetyTips Write Boolean The EnableUnusualCharactersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for unusual characters in domain and user impersonation detections.
EnableViaTag Write Boolean This setting is part of spoof protection. The EnableViaTag parameter enables or disables adding the via tag to the From address in Outlook.
MakeDefault Write Boolean Make this the default antiphishing policy
ExcludedDomains Write StringArray[] The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas.
ExcludedSenders Write StringArray[] The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas.
ImpersonationProtectionState Write String The ImpersonationProtectionState parameter specifies the configuration of impersonation protection.
MailboxIntelligenceProtectionAction Write String The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection.
MailboxIntelligenceProtectionActionRecipients Write StringArray[] The MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage.
TargetedDomainActionRecipients Write StringArray[] The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.
TargetedDomainsToProtect Write StringArray[] The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true.
TargetedUserActionRecipients Write StringArray[] The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.
TargetedUsersToProtect Write StringArray[] The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true.
Credential Write PSCredential Credentials of the Exchange Global Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
CertificatePassword Write PSCredential Username can be made up to anything but password will be used for CertificatePassword
CertificatePath Write String Path to certificate used in service principal usually a PFX file.

EXOAntiPhishPolicy

Description

This resource configures an Anti-Phish Policy in Exchange Online. Reference: https://docs.microsoft.com/en-us/powershell/module/exchange/advanced-threat-protection/new-antiphishpolicy?view=exchange-ps

Parameters

Ensure

  • Required: No (Defaults to 'Present')
  • Description: Specifies if the configuration should be Present or Absent

Credential

  • Required: Yes
  • Description: Credentials of the account to authenticate with

Identity

  • Required: Yes
  • Description: Name of the Anti-Phish Policy

Example

EXOAntiPhishPolicy TestPhishPolicy {
    Ensure = 'Present'
    Identity = 'TestPolicy'
    Credential = $Credential
}

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $credsGlobalAdmin
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        EXOAntiPhishPolicy 'ConfigureAntiphishPolicy'
        {
            Identity                              = "Our Rule"
            MakeDefault                           = $null
            PhishThresholdLevel                   = 1
            EnableTargetedDomainsProtection       = $null
            TreatSoftPassAsAuthenticated          = $True
            Enabled                               = $null
            TargetedDomainsToProtect              = $null
            EnableSimilarUsersSafetyTips          = $null
            ExcludedDomains                       = $null
            EnableAuthenticationSafetyTip         = $False
            TargetedDomainActionRecipients        = $null
            EnableMailboxIntelligence             = $null
            EnableSimilarDomainsSafetyTips        = $null
            TargetedDomainProtectionAction        = "NoAction"
            AdminDisplayName                      = ""
            AuthenticationFailAction              = "MoveToJmf"
            TargetedUserProtectionAction          = "NoAction"
            TargetedUsersToProtect                = $null
            EnableTargetedUserProtection          = $null
            ExcludedSenders                       = $null
            EnableAuthenticationSoftPassSafetyTip = $False
            EnableOrganizationDomainsProtection   = $null
            EnableUnusualCharactersSafetyTips     = $null
            TargetedUserActionRecipients          = $null
            EnableAntispoofEnforcement            = $True
            Ensure                                = "Present"
            Credential                            = $credsGlobalAdmin
        }
    }
}