Transcription of PowerShell Quick Reference - Security and Compliance ...
1 PowerShell Quick Reference - Security and Compliance center ( )$LiveCred = Get-Credential$Session = New-PSSession -ConfigurationName -ConnectionUri -Credential $LiveCred -Authentication Basic -AllowRedirectionImport-PSSession $SessionMFA:Connect-IPPSS ession -UserPrincipalName HelpGet-Help <command>Get-Help <command> -ExamplesGet-Help <command> -FullExamplesGet-Help Set-ComplianceTagGet-Help Set-ComplianceTag -ExamplesGet-Help Set-ComplianceTag -FullDocumentation: and Compliance center Admin Page to Security and Compliance center (SCC)List all Commands for the Security and Compliance center $Name = (Get-Module | where {$ -eq 'Script'}).
2 NameGet-Command | Where {$ -eq $Name}Listing Cmdlets for the SCCGet-TeamsRetentionCompliancePolicyGet -TeamsRetentionComplianceRuleNew-TeamsRe tentionCompliancePolicyNew-TeamsRetentio nComplianceRuleRemove-TeamsRetentionComp liancePolicyRemove-TeamsRetentionComplia nceRuleSet-TeamsRetentionCompliancePolic ySet-TeamsRetentionComplianceRuleTeams Compliance Policy (SCC)eDiscovery Admin - eDiscovery Admins create searches/holds on mailboxes, SharePoint Sites and OneDrive locations. They also manage/create eDiscovery case, content searches and add members to handle these current eDiscovery Admins There are zero in a greenfield Office 365 TenantGet-eDiscoveryCaseAdmin New eDiscovery Case AdminAdd-eDiscoveryCaseAdmin -User an eDiscovery AdminRemove-eDiscoveryCaseAdmin -User Current eDiscovery AdminUpdate-eDiscoveryCaseAdmin -Users AdminRole Group Cmdlets.
3 Get-RoleGroup User Get-RoleGroup | FL to get a detailed list of accounts in the SCCNew-RoleGroup Add a custom group, with specific roles in the SCCR emove-RoleGroup Remove only custom and not built-in Role GroupsSet-RoleGroup Modify settings on existing Role GroupsCmdlet Usage:Get-RoleGroup | Where {$ -like *admin*'} | FtNew-RoleGroup 'View-Only Auditor' -Roles 'View-Only Audit Logs' -Members GeorgeRemove-RoleGroup -Name 'View-Only Auditor'Set-RoleGroup -Name 'View-Only Auditor' -Description Users with View Only Auditing $CSV = Import-CSV Foreach ($Group in $CSV)
4 {Set-RoleGroup -Name $ -Description $ }Role Groups in the SCCS ecurity and Compliance cmdletsCmdlet Changes in 2018 Add User to Role GroupAdd-RoleGroupMember -Identity Reviewer -Member DamianAdd-RoleGroupMember -Identity ComplianceAdministrator -Member John Smith Add-RoleGroupMember -Identity eDiscoveryManager -Member Scott Schnoll Verify Users in Role GroupGet-RoleGroupMember -Identity ReviewerGet-RoleGroupMember -Identity ComplianceAdministratorGet-RoleGroupMemb er -Identity eDiscoveryManagerRemove Users from Role GroupRemove-RoleGroupMember -IdentityReviewer -Member Greg Taylor Remove-RoleGroupMember -Identity ComplianceAdministrator -Member Van Hybrid Remove-RoleGroupMember -Identity eDiscoveryManager -Member Jason Sherry Update Role Group MemberShipUpdate-RoleGroupMember -Identity Reviewer -Members Damian , Dave PowerShell Quick Reference - Security and Compliance center ( )Damian ScolesMicrosoft MVPBook @PPowerShellCreated By.
5 Tab through parameters to see all availableCheck for latest module versionRead the latest Microsoft Docs for SCC Read Teams MVP blogs for more tipsUse MFA for better securityNeed Help Get-Help Read cmdlet Synopsis for functionalityHelpful Tips Windows PowerShell Tips of the Team On PowerShellGet-DlpCompliancePolicyGet-Dlp ComplianceRuleGet-DlpComplianceRuleV2 Get-DlpDetectionsReportGet-DlpKeywordDic tionaryGet-DlpSensitiveInformationTypeGe t-DlpSensitiveInformationTypeRulePackage Get-DlpSiDetectionsReportMigrate-DlpFing erprintNew-DlpCompliancePolicyNew-DlpCom plianceRuleNew-DlpComplianceRuleV2 New-DlpFingerprintNew-DlpKeywordDictiona ryNew-DlpSensitiveInformationTypeNew-Dlp SensitiveInformationTypeRulePackageRemov e-DlpCompliancePolicyRemove-DlpComplianc eRuleRemove-DlpComplianceRuleV2
6 Remove-DlpKeywordDictionaryRemove-DlpSen sitiveInformationTypeRemove-DlpSensitive InformationTypeRulePackageSet-DlpComplia ncePolicySet-DlpComplianceRuleSet-DlpCom plianceRuleV2 Set-DlpKeywordDictionarySet-DlpSensitive InformationTypeSet-DlpSensitiveInformati onTypeRulePackageDLP CMDLETSGet-ProtectionAlert MalwareAlertNew-ProtectionAlert -Category Others -Name MalwareAlert -NotifyUser -ThreatType Malware -Threshold 20 -TimeWindow 61 Remove-ProtectionAlert MalwareAlertSet-ProtectionAlert MalwareAlert -TimeWindow 90 Protection AlertingGet-SCInsights provides user totals per workloads ExO, Archive, SharePoint, OneDrive and moreCmdlet HighlightTo use Device Management cmdlets Enable MDM for tenant first.
7 Device Rule Tenant Wide, Less OptionsNew-DeviceTenantRuleNew Device Rule Very Specific Configuration, More OptionsNew-DeviceConfigurationRule** Note the two cmdlet above have Set, Get and Remove Verbs as wellDevice Rules can be used in conjunction with Conditional AccessGet-DeviceConditionalAccessPolicyG et-DeviceConditionalAccessRuleNew-Device ConditionalAccessPolicyNew-DeviceConditi onalAccessRuleRemove-DeviceConditionalAc cessPolicyRemove-DeviceConditionalAccess RuleSet-DeviceConditionalAccessPolicySet -DeviceConditionalAccessRuleTo use Device Management cmdlets Enable MDM for tenant first.
8 Device Rule Tenant Wide, Less OptionsNew-DeviceTenantRuleNew Device Rule Very Specific Configuration, More OptionsNew-DeviceConfigurationRule** Note the two cmdlet above have Set, Get and Remove Verbs as wellDevice Rules can be used in conjunction with Conditional AccessGet-DeviceConditionalAccessPolicyG et-DeviceConditionalAccessRuleNew-Device ConditionalAccessPolicyNew-DeviceConditi onalAccessRuleRemove-DeviceConditionalAc cessPolicyRemove-DeviceConditionalAccess RuleSet-DeviceConditionalAccessPolicySet -DeviceConditionalAccessRuleDevice ComplianceComing Soon in CmdletsREGEX Testing / ReferenceRegEx RegEx Quick Reference - Security and Compliance center ( )
9 Create New CaseNew-ComplianceCase -Name Case # 4302-1 -Description Legal Case R&D 10-2018 Add Compliance Case MembersAdd-ComplianceCaseMember -Case Case # 4302-1 -Member -Case Case # 4302-1 -Member Searches and Holds to the CaseNew-CaseHoldPolicy -Name "Hold - Damian" -Case "Case # 4302-1" -ExchangeLocation "John New-ComplianceSearch -Name Secret Meetings -ExchangeLocation Damian -ContentMatchQuery "subject:Secret Meettings" Start the Search and apply a Search ActionStart-ComplianceSearch -Identity Secret Meetings New-ComplianceSearchAction -SearchName Secret Meetings -Export View Existing Compliance CasesGet-ComplianceCaseWorking with Compliance CasesCreate a new Compliance tag.
10 New-ComplianceTag -Name "R&D" -RetentionAction Delete -RetentionDuration 365 -RetentionType TaggedAgeInDaysList all current Compliance TagsGet-ComplianceTagRemoving and existing Compliance TagRemove-ComplianceTag-Name "R&D"Modifying an existing tag by adding a reviewerSet-ComplianceTag -Name "R&D" -Reviewer create a Hold Compliance PolicyNew-HoldCompliancePolicy -Name Case 5412-10 -ExchangeLocation create one or more Hold Compliance RulesNew-HoldComplianceRule -Policy Case 5412-10 -Name Hold 2017 -ContentDateFrom 01/01/2017 -ContentDateTo 12/31/17 Removing policies or rulesRemove-HoldCompliancePolicy Case 5412-10 Remove-HoldComplianceRule Hold 2017 Modify existing rules or policies.
