From 0a06854b5c96bc82de237ffb2cd78565c0ae293e Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Tue, 13 May 2025 15:00:41 -0700 Subject: [PATCH 1/2] Removed AuditConfigurationPolicy/Rule and ActivityAlert Redirected to ProtectionAlert --- .../exchange-ps/exchange/Get-ActivityAlert.md | 80 --- .../exchange/Get-AuditConfigurationPolicy.md | 91 ---- .../exchange/Get-AuditConfigurationRule.md | 91 ---- .../exchange-ps/exchange/New-ActivityAlert.md | 470 ------------------ .../exchange/New-AuditConfigurationPolicy.md | 125 ----- .../exchange/New-AuditConfigurationRule.md | 159 ------ .../exchange/Remove-ActivityAlert.md | 127 ----- .../Remove-AuditConfigurationPolicy.md | 121 ----- .../exchange/Remove-AuditConfigurationRule.md | 121 ----- .../exchange-ps/exchange/Set-ActivityAlert.md | 408 --------------- .../exchange/Set-AuditConfigurationRule.md | 155 ------ exchange/exchange-ps/exchange/exchange.md | 22 - exchange/mapping/serviceMapping.json | 11 - 13 files changed, 1981 deletions(-) delete mode 100644 exchange/exchange-ps/exchange/Get-ActivityAlert.md delete mode 100644 exchange/exchange-ps/exchange/Get-AuditConfigurationPolicy.md delete mode 100644 exchange/exchange-ps/exchange/Get-AuditConfigurationRule.md delete mode 100644 exchange/exchange-ps/exchange/New-ActivityAlert.md delete mode 100644 exchange/exchange-ps/exchange/New-AuditConfigurationPolicy.md delete mode 100644 exchange/exchange-ps/exchange/New-AuditConfigurationRule.md delete mode 100644 exchange/exchange-ps/exchange/Remove-ActivityAlert.md delete mode 100644 exchange/exchange-ps/exchange/Remove-AuditConfigurationPolicy.md delete mode 100644 exchange/exchange-ps/exchange/Remove-AuditConfigurationRule.md delete mode 100644 exchange/exchange-ps/exchange/Set-ActivityAlert.md delete mode 100644 exchange/exchange-ps/exchange/Set-AuditConfigurationRule.md diff --git a/exchange/exchange-ps/exchange/Get-ActivityAlert.md b/exchange/exchange-ps/exchange/Get-ActivityAlert.md deleted file mode 100644 index 4d61e352ef..0000000000 --- a/exchange/exchange-ps/exchange/Get-ActivityAlert.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/get-activityalert -applicable: Security & Compliance -title: Get-ActivityAlert -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# Get-ActivityAlert - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -**Note**: Activity alerts have been effectively replaced by alert policies and the corresponding **\*-ProtectionAlert** cmdlets. For more information about alert policies, see [Alert policies in Microsoft 365](https://learn.microsoft.com/purview/alert-policies). - -Use the Get-ActivityAlert cmdlet to view activity alerts. Activity alerts send email notifications when users perform specific activities in Microsoft 365. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -``` -Get-ActivityAlert [[-Identity] ] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Defender portal](https://learn.microsoft.com/defender-office-365/mdo-portal-permissions) or [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -Get-ActivityAlert | Format-List Disabled,Name,Description,Operation,UserId,NotifyUser -``` - -This example returns a summary list of all activity alerts. - -### Example 2 -```powershell -Get-ActivityAlert -Identity "All Mailbox Activities" -``` - -This example returns detailed information about the activity alert named All Mailbox Activities. - -## PARAMETERS - -### -Identity -The Identity parameter specifies the activity alert that you want to view. You can use any value that uniquely identifies the activity alert. For example: - -- Name -- Distinguished name (DN) -- GUID - -```yaml -Type: ComplianceRuleIdParameter -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: 1 -Default value: None -Accept pipeline input: True -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/Get-AuditConfigurationPolicy.md b/exchange/exchange-ps/exchange/Get-AuditConfigurationPolicy.md deleted file mode 100644 index df97a6ed36..0000000000 --- a/exchange/exchange-ps/exchange/Get-AuditConfigurationPolicy.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/get-auditconfigurationpolicy -applicable: Security & Compliance -title: Get-AuditConfigurationPolicy -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# Get-AuditConfigurationPolicy - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -Use the Get-AuditConfigurationPolicy cmdlet to view audit configuration policies. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -``` -Get-AuditConfigurationPolicy [[-Identity] ] - [-DomainController ] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -Get-AuditConfigurationPolicy | Format-List Name,Enabled,Workload,Priority,*Location -``` - -This example lists summary information about all audit configuration policies. - -### Example 2 -```powershell -Get-AuditConfigurationPolicy -Identity 8d4d2060-ee8e-46a8-8d72-24922956fba5 -``` - -This examples lists details about the audit configuration policy named 8d4d2060-ee8e-46a8-8d72-24922956fba5. - -## PARAMETERS - -### -Identity -The Identity parameter specifies the audit configuration policy that you want to view. The name of the policy is a GUID value. For example, 8d4d2060-ee8e-46a8-8d72-24922956fba5. - -```yaml -Type: PolicyIdParameter -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: 1 -Default value: None -Accept pipeline input: True -Accept wildcard characters: False -``` - -### -DomainController -This parameter is reserved for internal Microsoft use. - -```yaml -Type: Fqdn -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/Get-AuditConfigurationRule.md b/exchange/exchange-ps/exchange/Get-AuditConfigurationRule.md deleted file mode 100644 index f4253e782f..0000000000 --- a/exchange/exchange-ps/exchange/Get-AuditConfigurationRule.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/get-auditconfigurationrule -applicable: Security & Compliance -title: Get-AuditConfigurationRule -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# Get-AuditConfigurationRule - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -Use the Get-AuditConfigurationRule cmdlet to view audit configuration rules. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -``` -Get-AuditConfigurationRule [[-Identity] ] - [-DomainController ] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -Get-AuditConfigurationRule | Format-List Name,Workload,AuditOperation,Policy -``` - -This example lists summary information about all audit configuration rules. - -### Example 2 -```powershell -Get-AuditConfigurationRule 989a3a6c-dc40-4fa4-8307-beb3ece992e9 -``` - -This example lists details about the audit configuration rule named 989a3a6c-dc40-4fa4-8307-beb3ece992e9. - -## PARAMETERS - -### -Identity -The Identity parameter specifies the audit configuration rule that you want to view. The name of the rule is a GUID value. For example, 989a3a6c-dc40-4fa4-8307-beb3ece992e9. - -```yaml -Type: ComplianceRuleIdParameter -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: 1 -Default value: None -Accept pipeline input: True -Accept wildcard characters: False -``` - -### -DomainController -This parameter is reserved for internal Microsoft use. - -```yaml -Type: Fqdn -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/New-ActivityAlert.md b/exchange/exchange-ps/exchange/New-ActivityAlert.md deleted file mode 100644 index 5d49c0e66c..0000000000 --- a/exchange/exchange-ps/exchange/New-ActivityAlert.md +++ /dev/null @@ -1,470 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/new-activityalert -applicable: Security & Compliance -title: New-ActivityAlert -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# New-ActivityAlert - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -**Note**: Activity alerts have been effectively replaced by alert policies and the corresponding **\*-ProtectionAlert** cmdlets. For more information about alert policies, see [Alert policies in Microsoft 365](https://learn.microsoft.com/purview/alert-policies). - -Use the New-ActivityAlert cmdlet to create activity alerts. Activity alerts send email notifications when users perform specific activities in Microsoft 365. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -### AnomalousOperationAuditAlert -``` -New-ActivityAlert -Multiplier -Name -NotifyUser -Type - [-Operation ] - [-Category ] - [-Condition ] - [-Confirm] - [-Description ] - [-Disabled ] - [-EmailCulture ] - [-RecordType ] - [-ScopeLevel ] - [-Severity ] - [-UserId ] - [-WhatIf] - [] -``` - -### SimpleAggregationAuditAlert -``` -New-ActivityAlert -Name -NotifyUser -Threshold -TimeWindow -Type - [-Operation ] - [-Category ] - [-Condition ] - [-Confirm] - [-Description ] - [-Disabled ] - [-EmailCulture ] - [-RecordType ] - [-ScopeLevel ] - [-Severity ] - [-UserId ] - [-WhatIf] - [] -``` - -### Default -``` -New-ActivityAlert -Name -NotifyUser -Operation - [-Type ] - [-Category ] - [-Confirm] - [-Description ] - [-Disabled ] - [-EmailCulture ] - [-RecordType ] - [-Severity ] - [-UserId ] - [-WhatIf] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Defender portal](https://learn.microsoft.com/defender-office-365/mdo-portal-permissions) or [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -New-ActivityAlert -Name "External Sharing Alert" -Operation sharinginvitationcreated -NotifyUser chrisda@contoso.com,michelle@contoso.com -UserId laura@contoso.com,julia@contoso.com -Description "Notification for external sharing events by laura@contoso.com and julia@contoso.com" -``` - -This example creates a new activity alert named External Sharing Alert that has the following properties: - -- Operation: sharinginvitationcreated. -- NotifyUser: chrisda@contoso.com and michelle@contoso.com. -- UserId: laura@contoso.com and julia@contoso.com. -- Description: Notification for external sharing events by laura@contoso.com and julia@contoso.com. - -## PARAMETERS - -### -Multiplier -The Multiplier parameter specifies the number of events that trigger an activity alert. The value of this parameter indicates a multiplier from a baseline value. - -You can only use this parameter with the Type parameter value AnomalousAggregation. - -```yaml -Type: Double -Parameter Sets: AnomalousOperationAuditAlert -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Name -The Name parameter specifies the unique name of the activity alert. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks ("). - -```yaml -Type: String -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -NotifyUser -The NotifyUser parameter specifies the email addressesfor notification messages. You can specify internal and external email addresses. - -You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"Value1","Value2",..."ValueN"`. - -```yaml -Type: MultiValuedProperty -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Operation -The Operation parameter specifies the activity that triggers an activity alert. - -A valid value for this parameter is an activity that's available in the Microsoft 365 audit log. For a description of these activities, see [Audited activities](https://learn.microsoft.com/purview/audit-log-activities). - -You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"Value1","Value2",..."ValueN"`. - -You can't use this parameter if the Type parameter value is ElevationOfPrivilege. - -```yaml -Type: MultiValuedProperty -Parameter Sets: Default -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -```yaml -Type: MultiValuedProperty -Parameter Sets: AnomalousOperationAuditAlert, SimpleAggregationAuditAlert -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Threshold -The Threshold parameter specifies the number of events that trigger an activity alert in the time interval that's specified by the TimeWindow parameter. The minimum value for this parameter is 3. - -You can only use this parameter with the Type parameter value SimpleAggregation. - -```yaml -Type: Int32 -Parameter Sets: SimpleAggregationAuditAlert -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -TimeWindow -The TimeWindow parameter specifies the time window in minutes that's used by the Threshold parameter. - -You can only use this parameter with the Type parameter value SimpleAggregation. - -```yaml -Type: Int32 -Parameter Sets: SimpleAggregationAuditAlert -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Type -The Type parameter specifies the type alert. Valid values are: - -- Custom: An alert is created for the activities you specify with the Operation parameter. Typically, you don't need to use this value (if you don't use the Type parameter, and you specify the activities with the Operations parameter, the value Custom is automatically added to the Type property). -- ElevationOfPrivilege: This value is being retired. -- SimpleAggregation: An alert is created based on the activities defined by the Operation and Condition parameters, the number of activities specified by the Threshold parameter, and the time period specified by the TimeWindow parameter. -- AnomalousAggregation: An alert is created based the activities defined by the Operation and Condition parameters, and the number of activities specified by the Multiplier parameter. - -**Note**: You can't change the Type value in an existing activity alert. - -```yaml -Type: AlertType -Parameter Sets: AnomalousOperationAuditAlert, SimpleAggregationAuditAlert -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -```yaml -Type: AlertType -Parameter Sets: Default -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Category -The Category parameter specifies a category for the activity alert. Valid values are: - -- None (This is the default value) -- DataLossPrevention -- ThreatManagement -- DataGovernance -- AccessGovernance -- Others - -```yaml -Type: AlertRuleCategory -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Condition -The Condition parameter specifies filter conditions for event aggregation. - -```yaml -Type: String -Parameter Sets: AnomalousOperationAuditAlert, SimpleAggregationAuditAlert -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. - -- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. -- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Description -The Description parameter specifies an optional description for the activity alert. If the value contains spaces, enclose the value in quotation marks ("). - -```yaml -Type: String -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Disabled -The Disabled parameter specifies whether the activity alert is enabled or disabled. Valid values are: - -- $true: The activity alert is disabled. -- $false: The activity alert is enabled. This is the default value. - -```yaml -Type: Boolean -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -EmailCulture -The EmailCulture parameter specifies the language of the notification email message. - -Valid input for this parameter is a supported culture code value from the Microsoft .NET Framework CultureInfo class. For example, da-DK for Danish or ja-JP for Japanese. For more information, see [CultureInfo Class](https://learn.microsoft.com/dotnet/api/system.globalization.cultureinfo). - -```yaml -Type: CultureInfo -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -RecordType -The RecordType parameter specifies a record type label for the activity alert. For details about the available values, see [AuditLogRecordType](https://learn.microsoft.com/office/office-365-management-api/office-365-management-activity-api-schema#auditlogrecordtype). - -You can't use this parameter when the value of the Type parameter is ElevationOfPrivilege. - -```yaml -Type: AuditRecordType -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -ScopeLevel -The ScopeLevel parameter specifies the scope for activity alerts that use the Type parameter values SimpleAggregation or AnomalousAggregation. Valid values are: - -- SingleUser (This is the default value) -- AllUsers - -```yaml -Type: AlertScopeLevel -Parameter Sets: AnomalousOperationAuditAlert, SimpleAggregationAuditAlert -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Severity -The Severity parameter specifies a severity level for the activity alert. Valid values are: - -- None -- Low (This is the default value) -- Medium -- High - -```yaml -Type: RuleSeverity -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -UserId -The UserId parameter specifies who you want to monitor. - -- If you specify a user's email address, you'll receive an email notification when the user performs the specified activity. You can specify multiple email addresses separated by commas. -- If this parameter is blank ($null), you'll receive an email notification when any user in your organization performs the specified activity. - -You can only use this parameter with the Type parameter values Custom or ElevationOfPrivilege. - -```yaml -Type: MultiValuedProperty -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -WhatIf -The WhatIf switch doesn't work in Security & Compliance PowerShell. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/New-AuditConfigurationPolicy.md b/exchange/exchange-ps/exchange/New-AuditConfigurationPolicy.md deleted file mode 100644 index a12fd702b9..0000000000 --- a/exchange/exchange-ps/exchange/New-AuditConfigurationPolicy.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/new-auditconfigurationpolicy -applicable: Security & Compliance -title: New-AuditConfigurationPolicy -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# New-AuditConfigurationPolicy - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -Use the New-AuditConfigurationPolicy cmdlet to create audit configuration policies. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -``` -New-AuditConfigurationPolicy -Workload - [-Confirm] - [-DomainController ] - [-WhatIf] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -New-AuditConfigurationPolicy -Workload SharePoint -``` - -This example creates an audit configuration policy for Microsoft SharePoint Online. - -## PARAMETERS - -### -Workload -The Workload parameter specifies where auditing is allowed. Valid values are: - -- Exchange -- OneDriveForBusiness -- SharePoint - -```yaml -Type: Workload -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. - -- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. -- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -DomainController -This parameter is reserved for internal Microsoft use. - -```yaml -Type: Fqdn -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -WhatIf -The WhatIf switch doesn't work in Security & Compliance PowerShell. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/New-AuditConfigurationRule.md b/exchange/exchange-ps/exchange/New-AuditConfigurationRule.md deleted file mode 100644 index 6970a6584f..0000000000 --- a/exchange/exchange-ps/exchange/New-AuditConfigurationRule.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/new-auditconfigurationrule -applicable: Security & Compliance -title: New-AuditConfigurationRule -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# New-AuditConfigurationRule - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -Use the New-AuditConfigurationRule cmdlet to create audit configuration rules. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -``` -New-AuditConfigurationRule -AuditOperation -Workload - [-Confirm] - [-DomainController ] - [-WhatIf] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -New-AuditConfigurationRule -Workload SharePoint -AuditOperation Delete -``` - -This example creates a new audit configuration rule for Microsoft SharePoint Online that audits delete operations. - -## PARAMETERS - -### -AuditOperation -The AuditOperation parameter specifies the operations that are audited by the rule. Valid values are: - -- Administrate -- CheckIn -- CheckOut -- Count -- CreateUpdate -- Delete -- Forward -- MoveCopy -- PermissionChange -- ProfileChange -- SchemaChange -- Search -- SendAsOthers -- View -- Workflow - -You can specify multiple values separated by commas. - -```yaml -Type: MultiValuedProperty -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Workload -The Workload parameter specifies where the audit configuration policy applies. Valid values are: - -- Exchange -- OneDriveForBusiness -- SharePoint - -```yaml -Type: Workload -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. - -- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. -- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -DomainController -This parameter is reserved for internal Microsoft use. - -```yaml -Type: Fqdn -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -WhatIf -The WhatIf switch doesn't work in Security & Compliance PowerShell. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/Remove-ActivityAlert.md b/exchange/exchange-ps/exchange/Remove-ActivityAlert.md deleted file mode 100644 index b2fb529c09..0000000000 --- a/exchange/exchange-ps/exchange/Remove-ActivityAlert.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/remove-activityalert -applicable: Security & Compliance -title: Remove-ActivityAlert -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# Remove-ActivityAlert - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -**Note**: Activity alerts have been effectively replaced by alert policies and the corresponding **\*-ProtectionAlert** cmdlets. For more information about alert policies, see [Alert policies in Microsoft 365](https://learn.microsoft.com/purview/alert-policies). - -Use the Remove-ActivityAlert cmdlet to remove activity alerts. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -``` -Remove-ActivityAlert [-Identity] - [-Confirm] - [-ForceDeletion] - [-WhatIf] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Defender portal](https://learn.microsoft.com/defender-office-365/mdo-portal-permissions) or [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -Remove-ActivityAlert -Identity "All Mailbox Activities" -``` - -This example removes the activity alert named All Mailbox Activities. - -## PARAMETERS - -### -Identity -The Identity parameter specifies the activity alert that you want to remove. You can use any value that uniquely identifies the activity alert. For example: - -- Name -- Distinguished name (DN) -- GUID - -```yaml -Type: PolicyIdParameter -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: 1 -Default value: None -Accept pipeline input: True -Accept wildcard characters: False -``` - -### -Confirm -The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. - -- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. -- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -ForceDeletion -This parameter is reserved for internal Microsoft use. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -WhatIf -The WhatIf switch doesn't work in Security & Compliance PowerShell. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/Remove-AuditConfigurationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuditConfigurationPolicy.md deleted file mode 100644 index d5dddc1b9a..0000000000 --- a/exchange/exchange-ps/exchange/Remove-AuditConfigurationPolicy.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/remove-auditconfigurationpolicy -applicable: Security & Compliance -title: Remove-AuditConfigurationPolicy -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# Remove-AuditConfigurationPolicy - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -Use the Remove-AuditConfigurationPolicy cmdlet to remove audit configuration policies. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -``` -Remove-AuditConfigurationPolicy [-Identity] - [-Confirm] - [-DomainController ] - [-WhatIf] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -Remove-AuditConfigurationPolicy -Identity 8d4d2060-ee8e-46a8-8d72-24922956fba5 -``` - -This example removes the audit configuration policy named 8d4d2060-ee8e-46a8-8d72-24922956fba5. - -## PARAMETERS - -### -Identity -The Identity parameter specifies the audit configuration policy that you want to remove. The name of the policy is a GUID value. For example, 8d4d2060-ee8e-46a8-8d72-24922956fba5. You can find the name value by running the following command: Get-AuditConfigurationPolicy | Format-List Name,Enabled,Workload,Priority,\*Location. - -```yaml -Type: PolicyIdParameter -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: 1 -Default value: None -Accept pipeline input: True -Accept wildcard characters: False -``` - -### -Confirm -The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. - -- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. -- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -DomainController -This parameter is reserved for internal Microsoft use. - -```yaml -Type: Fqdn -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -WhatIf -The WhatIf switch doesn't work in Security & Compliance PowerShell. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/Remove-AuditConfigurationRule.md b/exchange/exchange-ps/exchange/Remove-AuditConfigurationRule.md deleted file mode 100644 index c56bf2a3cf..0000000000 --- a/exchange/exchange-ps/exchange/Remove-AuditConfigurationRule.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/remove-auditconfigurationrule -applicable: Exchange Online, Security & Compliance -title: Remove-AuditConfigurationRule -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# Remove-AuditConfigurationRule - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -Use the Remove-AuditConfigurationRule cmdlet to remove audit configuration rules. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -``` -Remove-AuditConfigurationRule [-Identity] - [-Confirm] - [-DomainController ] - [-WhatIf] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -Remove-AuditConfigurationRule 989a3a6c-dc40-4fa4-8307-beb3ece992e9 -``` - -This example removes the audit configuration rule named 989a3a6c-dc40-4fa4-8307-beb3ece992e9. - -## PARAMETERS - -### -Identity -The Identity parameter specifies the audit configuration rule that you want to remove. The name of the rule is a GUID value. For example, 989a3a6c-dc40-4fa4-8307-beb3ece992e9. You can find the name value by running the following command: Get-AuditConfigurationRule | Format-List Name,Workload,AuditOperation,Policy. - -```yaml -Type: PolicyIdParameter -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: 1 -Default value: None -Accept pipeline input: True -Accept wildcard characters: False -``` - -### -Confirm -The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. - -- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. -- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -DomainController -This parameter is reserved for internal Microsoft use. - -```yaml -Type: Fqdn -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -WhatIf -The WhatIf switch doesn't work in Security & Compliance PowerShell. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/Set-ActivityAlert.md b/exchange/exchange-ps/exchange/Set-ActivityAlert.md deleted file mode 100644 index 899cf0f8be..0000000000 --- a/exchange/exchange-ps/exchange/Set-ActivityAlert.md +++ /dev/null @@ -1,408 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/set-activityalert -applicable: Security & Compliance -title: Set-ActivityAlert -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# Set-ActivityAlert - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -**Note**: Activity alerts have been effectively replaced by alert policies and the corresponding **\*-ProtectionAlert** cmdlets. For more information about alert policies, see [Alert policies in Microsoft 365](https://learn.microsoft.com/purview/alert-policies). - -Use the Set-ActivityAlert cmdlet to modify activity alerts. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -``` -Set-ActivityAlert [-Identity] - [-Category ] - [-Condition ] - [-Confirm] - [-Description ] - [-Disabled ] - [-EmailCulture ] - [-Multiplier ] - [-NotifyUser ] - [-Operation ] - [-RecordType ] - [-ScopeLevel ] - [-Severity ] - [-Threshold ] - [-TimeWindow ] - [-UserId ] - [-WhatIf] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Defender portal](https://learn.microsoft.com/defender-office-365/mdo-portal-permissions) or [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -$NU = Get-ActivityAlert "Contoso Elevation of Privilege" - -$NU.NotifyUser.Add("chris@fabrikam.com") - -Set-ActivityAlert "Contoso Elevation of Privilege" -NotifyUser $NU.NotifyUser -``` - -This example adds the external user chris@fabrikam.com to the list of recipients that email notifications are sent to for the activity alert named Contoso Elevation of Privilege. - -**Note**: To remove an existing email address from the list of recipients, change the value NotifyUser.Add to NotifyUser.Remove. - -### Example 2 -```powershell -Set-ActivityAlert -Identity "External Sharing Alert" -Disabled $true -``` - -This example disables the existing activity alert named External Sharing Alert. - -## PARAMETERS - -### -Identity -The Identity parameter specifies the activity alert that you want to modify. You can use any value that uniquely identifies the activity alert. For example: - -- Name -- Distinguished name (DN) -- GUID - -```yaml -Type: ComplianceRuleIdParameter -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: 1 -Default value: None -Accept pipeline input: True -Accept wildcard characters: False -``` - -### -Category -The Category parameter specifies a category for the activity alert. Valid values are: - -- None (This is the default value) -- DataLossPrevention -- ThreatManagement -- DataGovernance -- AccessGovernance -- Others - -```yaml -Type: AlertRuleCategory -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Condition -The Condition parameter specifies filter conditions for event aggregation. - -```yaml -Type: String -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. - -- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. -- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Description -The Description parameter specifies an optional description for the activity alert. If the value contains spaces, enclose the value in quotation marks ("). - -```yaml -Type: String -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Disabled -The Disabled parameter specifies whether the activity alert is enabled or disabled. Valid values are: - -- $true: The activity alert is disabled. -- $false: The activity alert is enabled. This is the default value. - -```yaml -Type: Boolean -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -EmailCulture -The EmailCulture parameter specifies the language of the notification email message. - -Valid input for this parameter is a supported culture code value from the Microsoft .NET Framework CultureInfo class. For example, da-DK for Danish or ja-JP for Japanese. For more information, see [CultureInfo Class](https://learn.microsoft.com/dotnet/api/system.globalization.cultureinfo). - -```yaml -Type: CultureInfo -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Multiplier -The Multiplier parameter specifies the number of events that trigger an activity alert. The value of this parameter indicates a multiplier from a baseline value. - -You can only use this parameter on activity alerts that have the Type property value AnomalousAggregation. - -```yaml -Type: Double -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -NotifyUser -The NotifyUser parameter specifies the email address of the recipients who will receive the notification emails. You can specify internal and external email addresses. - -You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"Value1","Value2",..."ValueN"`. - -To modify the existing list of recipients, see the Examples section. - -```yaml -Type: MultiValuedProperty -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Operation -The Operation parameter specifies the activities that trigger activity alerts. - -A valid value for this parameter is an activity that's available in the Microsoft 365 audit log. For a description of these activities, see [Audited activities](https://learn.microsoft.com/purview/audit-log-activities). - -You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"Value1","Value2",..."ValueN"`. - -For the syntax that you use to modify an existing list of Operations values, see the Examples section. - -```yaml -Type: MultiValuedProperty -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -RecordType -The RecordType parameter specifies a record type label for the activity alert. For details about the available values, see [AuditLogRecordType](https://learn.microsoft.com/office/office-365-management-api/office-365-management-activity-api-schema#auditlogrecordtype). - -You can't use this parameter when the value of the Type parameter is ElevationOfPrivilege. - -```yaml -Type: AuditRecordType -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -ScopeLevel -The ScopeLevel parameter specifies the scope for activity alerts that use the Type parameter values SimpleAggregation or AnomalousAggregation. Valid values are: - -- SingleUser (This is the default value) -- AllUsers - -```yaml -Type: AlertScopeLevel -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Severity -The Severity parameter specifies a severity level for the activity alert. Valid values are: - -- None -- Low (This is the default value) -- Medium -- High - -```yaml -Type: RuleSeverity -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Threshold -The Threshold parameter specifies the number of events that trigger an activity alert in the time interval that's specified by the TimeWindow parameter. The minimum value for this parameter is 3. - -You can only use this parameter on activity alerts that have the Type property value SimpleAggregation. - -```yaml -Type: Int32 -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -TimeWindow -The TimeWindow parameter specifies the time window in minutes that's used by the Threshold parameter. - -You can only use this parameter on activity alerts that have the Type property value SimpleAggregation. - -```yaml -Type: Int32 -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -UserId -The UserId parameter specifies who you want to monitor. - -- If you specify a user's email address, you'll receive an email notification when the user performs the specified activity. You can specify multiple email addresses separated by commas. -- If this parameter is blank ($null), you'll receive an email notification when any user in your organization performs the specified activity. - -You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"Value1","Value2",..."ValueN"`. - -You can only use this parameter on activity alerts that have the Type property values Custom or ElevationOfPrivilege. - -For the syntax that you use to modify an existing list of UserId values, see the Examples section. - -```yaml -Type: MultiValuedProperty -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -WhatIf -The WhatIf switch doesn't work in Security & Compliance PowerShell. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/Set-AuditConfigurationRule.md b/exchange/exchange-ps/exchange/Set-AuditConfigurationRule.md deleted file mode 100644 index a265423f12..0000000000 --- a/exchange/exchange-ps/exchange/Set-AuditConfigurationRule.md +++ /dev/null @@ -1,155 +0,0 @@ ---- -external help file: Microsoft.Exchange.TransportMailflow-Help.xml -online version: https://learn.microsoft.com/powershell/module/exchange/set-auditconfigurationrule -applicable: Security & Compliance -title: Set-AuditConfigurationRule -schema: 2.0.0 -author: chrisda -ms.author: chrisda -ms.reviewer: ---- - -# Set-AuditConfigurationRule - -## SYNOPSIS -This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). - -Use the Set-AuditConfigurationRule cmdlet to modify audit configuration rules. - -For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). - -## SYNTAX - -``` -Set-AuditConfigurationRule [-Identity] -AuditOperation - [-Confirm] - [-DomainController ] - [-WhatIf] - [] -``` - -## DESCRIPTION -To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). - -## EXAMPLES - -### Example 1 -```powershell -Set-AuditConfigurationRule 989a3a6c-dc40-4fa4-8307-beb3ece992e9 -AuditOperation @{Add="CheckOut"} -``` - -This example modifies an existing SharePoint auditing rule. The check-out operation is added to the rule without affecting the existing operations that are already being audited. - -## PARAMETERS - -### -Identity -The Identity parameter specifies the audit configuration rule that you want to modify. The name of the rule is a GUID value. For example, 989a3a6c-dc40-4fa4-8307-beb3ece992e9. You can find the name value by running the following command: Get-AuditConfigurationRule | Format-List Name,Workload,AuditOperation,Policy. - -```yaml -Type: ComplianceRuleIdParameter -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: 1 -Default value: None -Accept pipeline input: True -Accept wildcard characters: False -``` - -### -AuditOperation -The AuditOperation parameter specifies the operations that are audited by the rule. Valid values are: - -- Administrate -- CheckIn -- CheckOut -- Count -- CreateUpdate -- Delete -- Forward -- MoveCopy -- PermissionChange -- ProfileChange -- SchemaChange -- Search -- SendAsOthers -- View -- Workflow - -You can specify multiple values separated by commas. - -```yaml -Type: MultiValuedProperty -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. - -- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. -- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -DomainController -This parameter is reserved for internal Microsoft use. - -```yaml -Type: Fqdn -Parameter Sets: (All) -Aliases: -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -WhatIf -The WhatIf switch doesn't work in Security & Compliance PowerShell. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi -Applicable: Security & Compliance - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). - -## INPUTS - -## OUTPUTS - -## NOTES - -## RELATED LINKS diff --git a/exchange/exchange-ps/exchange/exchange.md b/exchange/exchange-ps/exchange/exchange.md index 4abdcffe5b..872d053b3c 100644 --- a/exchange/exchange-ps/exchange/exchange.md +++ b/exchange/exchange-ps/exchange/exchange.md @@ -1749,8 +1749,6 @@ Exchange PowerShell is built on Windows PowerShell technology and provides a pow ### [Export-TransportRuleCollection](Export-TransportRuleCollection.md) -### [Get-ActivityAlert](Get-ActivityAlert.md) - ### [Get-AdministrativeUnit](Get-AdministrativeUnit.md) ### [Get-AutoSensitivityLabelPolicy](Get-AutoSensitivityLabelPolicy.md) @@ -1805,8 +1803,6 @@ Exchange PowerShell is built on Windows PowerShell technology and provides a pow ### [Invoke-ComplianceSecurityFilterAction](Invoke-ComplianceSecurityFilterAction.md) -### [New-ActivityAlert](New-ActivityAlert.md) - ### [New-AutoSensitivityLabelPolicy](New-AutoSensitivityLabelPolicy.md) ### [New-AutoSensitivityLabelRule](New-AutoSensitivityLabelRule.md) @@ -1833,8 +1829,6 @@ Exchange PowerShell is built on Windows PowerShell technology and provides a pow ### [New-TransportRule](New-TransportRule.md) -### [Remove-ActivityAlert](Remove-ActivityAlert.md) - ### [Remove-AutoSensitivityLabelPolicy](Remove-AutoSensitivityLabelPolicy.md) ### [Remove-AutoSensitivityLabelRule](Remove-AutoSensitivityLabelRule.md) @@ -1861,8 +1855,6 @@ Exchange PowerShell is built on Windows PowerShell technology and provides a pow ### [Remove-TransportRule](Remove-TransportRule.md) -### [Set-ActivityAlert](Set-ActivityAlert.md) - ### [Set-AutoSensitivityLabelPolicy](Set-AutoSensitivityLabelPolicy.md) ### [Set-AutoSensitivityLabelRule](Set-AutoSensitivityLabelRule.md) @@ -1900,10 +1892,6 @@ Exchange PowerShell is built on Windows PowerShell technology and provides a pow ### [Get-AuditConfig](Get-AuditConfig.md) -### [Get-AuditConfigurationPolicy](Get-AuditConfigurationPolicy.md) - -### [Get-AuditConfigurationRule](Get-AuditConfigurationRule.md) - ### [Get-AuditLogSearch](Get-AuditLogSearch.md) ### [Get-MailboxAuditBypassAssociation](Get-MailboxAuditBypassAssociation.md) @@ -1912,18 +1900,10 @@ Exchange PowerShell is built on Windows PowerShell technology and provides a pow ### [New-AdminAuditLogSearch](New-AdminAuditLogSearch.md) -### [New-AuditConfigurationPolicy](New-AuditConfigurationPolicy.md) - -### [New-AuditConfigurationRule](New-AuditConfigurationRule.md) - ### [New-MailboxAuditLogSearch](New-MailboxAuditLogSearch.md) ### [New-UnifiedAuditLogRetentionPolicy](New-UnifiedAuditLogRetentionPolicy.md) -### [Remove-AuditConfigurationPolicy](Remove-AuditConfigurationPolicy.md) - -### [Remove-AuditConfigurationRule](Remove-AuditConfigurationRule.md) - ### [Remove-UnifiedAuditLogRetentionPolicy](Remove-UnifiedAuditLogRetentionPolicy.md) ### [Search-AdminAuditLog](Search-AdminAuditLog.md) @@ -1936,8 +1916,6 @@ Exchange PowerShell is built on Windows PowerShell technology and provides a pow ### [Set-AuditConfig](Set-AuditConfig.md) -### [Set-AuditConfigurationRule](Set-AuditConfigurationRule.md) - ### [Set-MailboxAuditBypassAssociation](Set-MailboxAuditBypassAssociation.md) ### [Set-UnifiedAuditLogRetentionPolicy](Set-UnifiedAuditLogRetentionPolicy.md) diff --git a/exchange/mapping/serviceMapping.json b/exchange/mapping/serviceMapping.json index ec41930629..cfc1918390 100644 --- a/exchange/mapping/serviceMapping.json +++ b/exchange/mapping/serviceMapping.json @@ -857,7 +857,6 @@ "Execute-AzureADLabelSync": "policy-and-compliance", "Export-JournalRuleCollection": "policy-and-compliance", "Export-TransportRuleCollection": "policy-and-compliance", - "Get-ActivityAlert": "policy-and-compliance", "Get-AdministrativeUnit": "policy-and-compliance", "Get-AutoSensitivityLabelPolicy": "policy-and-compliance", "Get-AutoSensitivityLabelRule": "policy-and-compliance", @@ -885,7 +884,6 @@ "Import-TransportRuleCollection": "policy-and-compliance", "Install-UnifiedCompliancePrerequisite": "policy-and-compliance", "Invoke-ComplianceSecurityFilterAction": "policy-and-compliance", - "New-ActivityAlert": "policy-and-compliance", "New-AutoSensitivityLabelPolicy": "policy-and-compliance", "New-AutoSensitivityLabelRule": "policy-and-compliance", "New-InformationBarrierPolicy": "policy-and-compliance", @@ -899,7 +897,6 @@ "New-SupervisoryReviewPolicyV2": "policy-and-compliance", "New-SupervisoryReviewRule": "policy-and-compliance", "New-TransportRule": "policy-and-compliance", - "Remove-ActivityAlert": "policy-and-compliance", "Remove-AutoSensitivityLabelPolicy": "policy-and-compliance", "Remove-AutoSensitivityLabelRule": "policy-and-compliance", "Remove-InformationBarrierPolicy": "policy-and-compliance", @@ -913,7 +910,6 @@ "Remove-RecordLabel": "policy-and-compliance", "Remove-SupervisoryReviewPolicyV2": "policy-and-compliance", "Remove-TransportRule": "policy-and-compliance", - "Set-ActivityAlert": "policy-and-compliance", "Set-AutoSensitivityLabelPolicy": "policy-and-compliance", "Set-AutoSensitivityLabelRule": "policy-and-compliance", "Set-InformationBarrierPolicy": "policy-and-compliance", @@ -932,25 +928,18 @@ "Test-ArchiveConnectivity": "policy-and-compliance", "Get-AdminAuditLogConfig": "policy-and-compliance-audit", "Get-AuditConfig": "policy-and-compliance-audit", - "Get-AuditConfigurationPolicy": "policy-and-compliance-audit", - "Get-AuditConfigurationRule": "policy-and-compliance-audit", "Get-AuditLogSearch": "policy-and-compliance-audit", "Get-MailboxAuditBypassAssociation": "policy-and-compliance-audit", "Get-UnifiedAuditLogRetentionPolicy": "policy-and-compliance-audit", "New-AdminAuditLogSearch": "policy-and-compliance-audit", - "New-AuditConfigurationPolicy": "policy-and-compliance-audit", - "New-AuditConfigurationRule": "policy-and-compliance-audit", "New-MailboxAuditLogSearch": "policy-and-compliance-audit", "New-UnifiedAuditLogRetentionPolicy": "policy-and-compliance-audit", - "Remove-AuditConfigurationPolicy": "policy-and-compliance-audit", - "Remove-AuditConfigurationRule": "policy-and-compliance-audit", "Remove-UnifiedAuditLogRetentionPolicy": "policy-and-compliance-audit", "Search-AdminAuditLog": "policy-and-compliance-audit", "Search-MailboxAuditLog": "policy-and-compliance-audit", "Search-UnifiedAuditLog": "policy-and-compliance-audit", "Set-AdminAuditLogConfig": "policy-and-compliance-audit", "Set-AuditConfig": "policy-and-compliance-audit", - "Set-AuditConfigurationRule": "policy-and-compliance-audit", "Set-MailboxAuditBypassAssociation": "policy-and-compliance-audit", "Set-UnifiedAuditLogRetentionPolicy": "policy-and-compliance-audit", "Write-AdminAuditLog": "policy-and-compliance-audit", From a9516c83c93979e573c4e0e0fb21b897ca7518c6 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Tue, 13 May 2025 15:01:04 -0700 Subject: [PATCH 2/2] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 55 ++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 17253bd2f1..7c10f25855 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -7148,6 +7148,61 @@ "redirect_url": "/viva/feature-access-management", "redirect_document_id": false }, + { + "source_path": "exchange/virtual-folder/exchange/Get-AuditConfigurationPolicy.md", + "redirect_url": "/powershell/module/exchange/get-protectionalert", + "redirect_document_id": false + }, + { + "source_path": "exchange/virtual-folder/exchange/New-AuditConfigurationPolicy.md", + "redirect_url": "/powershell/module/exchange/new-protectionalert", + "redirect_document_id": false + }, + { + "source_path": "exchange/virtual-folder/exchange/Remove-AuditConfigurationPolicy.md", + "redirect_url": "/powershell/module/exchange/remove-protectionalert", + "redirect_document_id": false + }, + { + "source_path": "exchange/virtual-folder/exchange/Get-AuditConfigurationRule.md", + "redirect_url": "/powershell/module/exchange/get-protectionalert", + "redirect_document_id": false + }, + { + "source_path": "exchange/virtual-folder/exchange/New-AuditConfigurationRule.md", + "redirect_url": "/powershell/module/exchange/new-protectionalert", + "redirect_document_id": false + }, + { + "source_path": "exchange/virtual-folder/exchange/Remove-AuditConfigurationRule.md", + "redirect_url": "/powershell/module/exchange/remove-protectionalert", + "redirect_document_id": false + }, + { + "source_path": "exchange/virtual-folder/exchange/Set-AuditConfigurationRule.md", + "redirect_url": "/powershell/module/exchange/set-protectionalert", + "redirect_document_id": false + }, + { + "source_path": "exchange/virtual-folder/exchange/Get-ActivityAlert.md", + "redirect_url": "/powershell/module/exchange/get-protectionalert", + "redirect_document_id": false + }, + { + "source_path": "exchange/virtual-folder/exchange/New-ActivityAlert.md", + "redirect_url": "/powershell/module/exchange/new-protectionalert", + "redirect_document_id": false + }, + { + "source_path": "exchange/virtual-folder/exchange/Remove-ActivityAlert.md", + "redirect_url": "/powershell/module/exchange/remove-protectionalert", + "redirect_document_id": false + }, + { + "source_path": "exchange/virtual-folder/exchange/Set-ActivityAlert.md", + "redirect_url": "/powershell/module/exchange/set-protectionalert", + "redirect_document_id": false + }, { "source_path": "skype/virtual-folder/skype/Disable-CsOnlineSipDomain.md", "redirect_url": "/powershell/module/teams/Disable-CsOnlineSipDomain",