Fortinet white logo
Fortinet white logo

CLI Reference

ms365 policy

ms365 policy

Use this command to configure Microsoft 365 scan policies. You must have domain administrator privileges to access Microsoft 365.

Syntax

config ms365 policy

edit <name>

set account <account_name>

set profile-antispam <name>

set profile-antivirus <name>

set profile-content <name>

set profile-dlp <name>

set recipient-ad-group-attr {custom | displayname | mail}

set recipient-ad-group-attr-name <string>

set recipient-ad-group-attr-value <string>

set recipient-domain <string>

set recipient-email-group <group_name>

set recipient-ldap-profile <profile_name>

set recipient-name <string>

set recipient-pattern-regex <string>

set recipient-type {ad-group | email-group | ldap-group | regex | wildcard}

set sender-ad-group-attr {custom | displayname | mail}

set sender-ad-group-attr-name <string>

set sender-ad-group-attr-value <string>

set sender-domain <string>

set sender-email-group <group_name>

set sender-ldap-profile <profile_name>

set sender-name <string>

set sender-pattern-regex <string>

set sender-type {ad-group | email-group | external | internal | ldap-group | regex | wildcard}

set source-ip-address <ipv4mask>

set source-type {geoip-group | ip-address | ip-group}

set status {enable | disable}

end

Variable

Description

Default

account <account_name>

Select a Microsoft 365 account.

profile-antispam <name> Assign an antispam profile to the real-time scan policy.

profile-antivirus <name> Assign an antivirus profile to the real-time scan policy.

profile-content <name> Assign an content profile to the real-time scan policy.

profile-dlp <name> Assign an DLP profile to the real-time scan policy.

recipient-ad-group-attr {custom | displayname | mail}

Note: This option is only available when recipient-type is set to ad-group.

Select the recipient Azure AD group attribute.

displayname

recipient-ad-group-attr-name <string>

Note: This option is only available when recipient-type is set to ad-group and recipient-ad-group-attr is set to custom.

Enter the custom recipient Azure AD group attribute name.

recipient-ad-group-attr-value <string>

Note: This option is only available when recipient-type is set to ad-group.

Enter the recipient Azure AD group attribute value.

recipient-domain <string> Domain part of recipient email address.

recipient-email-group <group_name>

Note: This option is only available when recipient-type is set to email-group.

Select an email group.

recipient-ldap-profile <profile_name>

Note: This option is only available when recipient-type is set to ldap-group.

Select an LDAP group profile.

recipient-name <string>

Note: This option is only available when recipient-type is set to wildcard.

Local part of recipient email address.

recipient-pattern-regex <string>

Note: This option is only available when recipient-type is set to regex.

Enter the sender email address regular expression pattern.

recipient-type {ad-group | email-group | ldap-group | regex | wildcard}

Define the recipient as one of the following:

  • ad-group: Azure AD group.

  • email-group: Email group.

  • ldap-group: LDAP group.

  • regex: User as regular expression.

  • wildcard: User as wildcard.

wildcard

sender-ad-group-attr {custom | displayname | mail}

Note: This option is only available when sender-type is set to ad-group.

Select the sender Azure AD group attribute.

displayname

sender-ad-group-attr-name <string>

Note: This option is only available when sender-type is set to ad-group and sender-ad-group-attr is set to custom.

Enter the custom sender Azure AD group attribute name.

sender-ad-group-attr-value <string>

Note: This option is only available when sender-type is set to ad-group.

Enter the sender Azure AD group attribute value.

sender-domain <string> Domain part of sender email address.

sender-email-group <group_name>

Note: This option is only available when sender-type is set to email-group.

Select an email group.

sender-ldap-profile <profile_name>

Note: This option is only available when sender-type is set to ldap-group.

Select an LDAP group profile.

sender-name <string>

Note: This option is only available when sender-type is set to wildcard.

Local part of sender email address.

sender-pattern-regex <string>

Note: This option is only available when sender-type is set to regex.

Enter the recipient email address regular expression pattern.

sender-type {ad-group | email-group | external | internal | ldap-group | regex | wildcard}

Define the sender as one of the following:

  • ad-group: Azure AD group.

  • email-group: Email group.

  • external: External sender.

  • internal: Internal sender.

  • ldap-group: LDAP group.

  • regex: User as regular expression.

  • wildcard: User as wildcard.

wildcard

source-ip-address <ipv4mask> Client IP address and netmask.

0.0.0.0/0

source-type {geoip-group | ip-address | ip-group} Define the source as either GeoIP group, IP address and netmask, or IP group.

ip-address

status {enable | disable} Enable or disable the policy.

disable

ms365 policy

ms365 policy

Use this command to configure Microsoft 365 scan policies. You must have domain administrator privileges to access Microsoft 365.

Syntax

config ms365 policy

edit <name>

set account <account_name>

set profile-antispam <name>

set profile-antivirus <name>

set profile-content <name>

set profile-dlp <name>

set recipient-ad-group-attr {custom | displayname | mail}

set recipient-ad-group-attr-name <string>

set recipient-ad-group-attr-value <string>

set recipient-domain <string>

set recipient-email-group <group_name>

set recipient-ldap-profile <profile_name>

set recipient-name <string>

set recipient-pattern-regex <string>

set recipient-type {ad-group | email-group | ldap-group | regex | wildcard}

set sender-ad-group-attr {custom | displayname | mail}

set sender-ad-group-attr-name <string>

set sender-ad-group-attr-value <string>

set sender-domain <string>

set sender-email-group <group_name>

set sender-ldap-profile <profile_name>

set sender-name <string>

set sender-pattern-regex <string>

set sender-type {ad-group | email-group | external | internal | ldap-group | regex | wildcard}

set source-ip-address <ipv4mask>

set source-type {geoip-group | ip-address | ip-group}

set status {enable | disable}

end

Variable

Description

Default

account <account_name>

Select a Microsoft 365 account.

profile-antispam <name> Assign an antispam profile to the real-time scan policy.

profile-antivirus <name> Assign an antivirus profile to the real-time scan policy.

profile-content <name> Assign an content profile to the real-time scan policy.

profile-dlp <name> Assign an DLP profile to the real-time scan policy.

recipient-ad-group-attr {custom | displayname | mail}

Note: This option is only available when recipient-type is set to ad-group.

Select the recipient Azure AD group attribute.

displayname

recipient-ad-group-attr-name <string>

Note: This option is only available when recipient-type is set to ad-group and recipient-ad-group-attr is set to custom.

Enter the custom recipient Azure AD group attribute name.

recipient-ad-group-attr-value <string>

Note: This option is only available when recipient-type is set to ad-group.

Enter the recipient Azure AD group attribute value.

recipient-domain <string> Domain part of recipient email address.

recipient-email-group <group_name>

Note: This option is only available when recipient-type is set to email-group.

Select an email group.

recipient-ldap-profile <profile_name>

Note: This option is only available when recipient-type is set to ldap-group.

Select an LDAP group profile.

recipient-name <string>

Note: This option is only available when recipient-type is set to wildcard.

Local part of recipient email address.

recipient-pattern-regex <string>

Note: This option is only available when recipient-type is set to regex.

Enter the sender email address regular expression pattern.

recipient-type {ad-group | email-group | ldap-group | regex | wildcard}

Define the recipient as one of the following:

  • ad-group: Azure AD group.

  • email-group: Email group.

  • ldap-group: LDAP group.

  • regex: User as regular expression.

  • wildcard: User as wildcard.

wildcard

sender-ad-group-attr {custom | displayname | mail}

Note: This option is only available when sender-type is set to ad-group.

Select the sender Azure AD group attribute.

displayname

sender-ad-group-attr-name <string>

Note: This option is only available when sender-type is set to ad-group and sender-ad-group-attr is set to custom.

Enter the custom sender Azure AD group attribute name.

sender-ad-group-attr-value <string>

Note: This option is only available when sender-type is set to ad-group.

Enter the sender Azure AD group attribute value.

sender-domain <string> Domain part of sender email address.

sender-email-group <group_name>

Note: This option is only available when sender-type is set to email-group.

Select an email group.

sender-ldap-profile <profile_name>

Note: This option is only available when sender-type is set to ldap-group.

Select an LDAP group profile.

sender-name <string>

Note: This option is only available when sender-type is set to wildcard.

Local part of sender email address.

sender-pattern-regex <string>

Note: This option is only available when sender-type is set to regex.

Enter the recipient email address regular expression pattern.

sender-type {ad-group | email-group | external | internal | ldap-group | regex | wildcard}

Define the sender as one of the following:

  • ad-group: Azure AD group.

  • email-group: Email group.

  • external: External sender.

  • internal: Internal sender.

  • ldap-group: LDAP group.

  • regex: User as regular expression.

  • wildcard: User as wildcard.

wildcard

source-ip-address <ipv4mask> Client IP address and netmask.

0.0.0.0/0

source-type {geoip-group | ip-address | ip-group} Define the source as either GeoIP group, IP address and netmask, or IP group.

ip-address

status {enable | disable} Enable or disable the policy.

disable