ms365 policy
Use this command to configure Microsoft 365 scan policies. You must have domain administrator privileges to access Microsoft 365.
Syntax
config ms365 policy
edit <name>
set account <account_name>
set profile-antispam <name>
set profile-antivirus <name>
set profile-content <name>
set profile-dlp <name>
set recipient-ad-group-attr {custom | displayname | mail}
set recipient-ad-group-attr-name <string>
set recipient-ad-group-attr-value <string>
set recipient-domain <string>
set recipient-email-group <group_name>
set recipient-ldap-profile <profile_name>
set recipient-name <string>
set recipient-pattern-regex <string>
set recipient-type {ad-group | email-group | ldap-group | regex | wildcard}
set sender-ad-group-attr {custom | displayname | mail}
set sender-ad-group-attr-name <string>
set sender-ad-group-attr-value <string>
set sender-domain <string>
set sender-email-group <group_name>
set sender-ldap-profile <profile_name>
set sender-name <string>
set sender-pattern-regex <string>
set sender-type {ad-group | email-group | external | internal | ldap-group | regex | wildcard}
set source-ip-address <ipv4mask>
set source-type {geoip-group | ip-address | ip-group}
set status {enable | disable}
end
|
account <account_name>
|
Select a Microsoft 365 account.
|
|
| profile-antispam <name> |
Assign an antispam profile to the real-time scan policy. |
|
| profile-antivirus <name> |
Assign an antivirus profile to the real-time scan policy. |
|
| profile-content <name> |
Assign an content profile to the real-time scan policy. |
|
| profile-dlp <name> |
Assign an DLP profile to the real-time scan policy. |
|
|
recipient-ad-group-attr {custom | displayname | mail}
|
Note: This option is only available when recipient-type is set to ad-group.
Select the recipient Azure AD group attribute.
|
displayname
|
|
recipient-ad-group-attr-name <string>
|
Note: This option is only available when recipient-type is set to ad-group and recipient-ad-group-attr is set to custom.
Enter the custom recipient Azure AD group attribute name.
|
|
|
recipient-ad-group-attr-value <string>
|
Note: This option is only available when recipient-type is set to ad-group.
Enter the recipient Azure AD group attribute value.
|
|
| recipient-domain <string> |
Domain part of recipient email address. |
|
|
recipient-email-group <group_name>
|
Note: This option is only available when recipient-type is set to email-group.
Select an email group.
|
|
|
recipient-ldap-profile <profile_name>
|
Note: This option is only available when recipient-type is set to ldap-group.
Select an LDAP group profile.
|
|
| recipient-name <string> |
Note: This option is only available when recipient-type is set to wildcard.
Local part of recipient email address.
|
|
|
recipient-pattern-regex <string>
|
Note: This option is only available when recipient-type is set to regex.
Enter the sender email address regular expression pattern.
|
|
|
recipient-type {ad-group | email-group | ldap-group | regex | wildcard}
|
Define the recipient as one of the following:
-
ad-group: Azure AD group.
-
email-group: Email group.
-
ldap-group: LDAP group.
-
regex: User as regular expression.
-
wildcard: User as wildcard.
|
wildcard
|
|
sender-ad-group-attr {custom | displayname | mail}
|
Note: This option is only available when sender-type is set to ad-group.
Select the sender Azure AD group attribute.
|
displayname
|
|
sender-ad-group-attr-name <string>
|
Note: This option is only available when sender-type is set to ad-group and sender-ad-group-attr is set to custom.
Enter the custom sender Azure AD group attribute name.
|
|
|
sender-ad-group-attr-value <string>
|
Note: This option is only available when sender-type is set to ad-group.
Enter the sender Azure AD group attribute value.
|
|
| sender-domain <string> |
Domain part of sender email address. |
|
|
sender-email-group <group_name>
|
Note: This option is only available when sender-type is set to email-group.
Select an email group.
|
|
|
sender-ldap-profile <profile_name>
|
Note: This option is only available when sender-type is set to ldap-group.
Select an LDAP group profile.
|
|
| sender-name <string> |
Note: This option is only available when sender-type is set to wildcard.
Local part of sender email address.
|
|
|
sender-pattern-regex <string>
|
Note: This option is only available when sender-type is set to regex.
Enter the recipient email address regular expression pattern.
|
|
| sender-type {ad-group | email-group | external | internal | ldap-group | regex | wildcard} |
Define the sender as one of the following:
-
ad-group: Azure AD group.
-
email-group: Email group.
-
external: External sender.
-
internal: Internal sender.
-
ldap-group: LDAP group.
-
regex: User as regular expression.
-
wildcard: User as wildcard.
|
wildcard
|
| source-ip-address <ipv4mask> |
Client IP address and netmask. |
0.0.0.0/0
|
| source-type {geoip-group | ip-address | ip-group} |
Define the source as either GeoIP group, IP address and netmask, or IP group. |
ip-address
|
| status {enable | disable} |
Enable or disable the policy. |
disable
|
