EXOSafeAttachmentPolicy¶

Parameters¶

Parameter	Attribute	DataType	Description	Allowed Values
Identity	Key	String	The Identity parameter specifies the name of the SafeAttachmentpolicy that you want to modify.
Action	Write	String	The Action parameter specifies the action for the Safe Attachments policy.	`Block`, `Replace`, `Allow`, `DynamicDelivery`
ActionOnError	Write	Boolean	The ActionOnError parameter specifies the error handling option for Safe Attachments scanning (what to do if scanning times out or an error occurs). Valid values are: $true: The action specified by the Action parameter is applied to messages even when the attachments aren't successfully scanned. $false: The action specified by the Action parameter isn't applied to messages when the attachments aren't successfully scanned. This is the default value.
AdminDisplayName	Write	String	The AdminDisplayName parameter specifies a description for the policy.
Enable	Write	Boolean	Specify if this policy should be enabled. Default is $true.
QuarantineTag	Write	String	The QuarantineTag specifies the quarantine policy that's used on messages that are quarantined as malware by Safe Attachments.
Redirect	Write	Boolean	The Redirect parameter specifies whether to send detected malware attachments to another email address. Valid values are: $true: Malware attachments are sent to the email address specified by the RedirectAddress parameter. $false: Malware attachments aren't sent to another email address. This is the default value.
RedirectAddress	Write	String	The RedirectAddress parameter specifies the email address where detected malware attachments are sent when the Redirect parameter is set to the value $true.
Ensure	Write	String	Specify if this policy should exist or not.	`Present`, `Absent`
Credential	Write	PSCredential	Credentials of the Exchange Global Admin
ApplicationId	Write	String	Id of the Azure Active Directory application to authenticate with.
TenantId	Write	String	Id of the Azure Active Directory tenant used for authentication.
CertificateThumbprint	Write	String	Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
CertificatePassword	Write	PSCredential	Username can be made up to anything but password will be used for CertificatePassword
CertificatePath	Write	String	Path to certificate used in service principal usually a PFX file.
ManagedIdentity	Write	Boolean	Managed ID being used for authentication.
AccessTokens	Write	StringArray[]	Access token used for authentication.

Description¶

This resource configures the settings of the Safe Attachments policies in your cloud-based organization.

Permissions¶

Exchange¶

To authenticate with Microsoft Exchange, this resource required the following permissions:

Roles¶

Transport Hygiene, Security Admin, View-Only Configuration, Security Reader

Role Groups¶

Organization Management

Examples¶

Example 1¶

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    $Domain = $Credscredential.Username.Split('@')[1]
    node localhost
    {
        EXOSafeAttachmentPolicy 'ConfigureSafeAttachmentPolicy'
        {
            Identity             = "Marketing Block Attachments"
            Enable               = $True
            Redirect             = $True
            RedirectAddress      = "admin@$Domain"
            Ensure               = "Present"
            Credential           = $Credscredential
        }
    }
}

Example 2¶

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    $Domain = $Credscredential.Username.Split('@')[1]
    node localhost
    {
        EXOSafeAttachmentPolicy 'ConfigureSafeAttachmentPolicy'
        {
            Identity             = "Marketing Block Attachments"
            Enable               = $False # Updated Property
            Redirect             = $True
            RedirectAddress      = "admin@$Domain"
            Ensure               = "Present"
            Credential           = $Credscredential
        }
    }
}

Example 3¶

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    $Domain = $Credscredential.Username.Split('@')[1]
    node localhost
    {
        EXOSafeAttachmentPolicy 'ConfigureSafeAttachmentPolicy'
        {
            Identity             = "Marketing Block Attachments"
            Enable               = $False # Updated Property
            Ensure               = "Absent"
            Credential           = $Credscredential
        }
    }
}