Public/TenantConfiguration/Baseline/Add-EOPPolicies.ps1

function Add-EOPPolicies {
    param(
        [Parameter(Mandatory)]
        [string]$TenantId
    )

    try {
        Connect-CustomerExchange -CustomerTenantId $TenantId

        # Quarantine Policies and notifications
        $QuarantinePolicies = Get-QuarantinePolicy
        $QuarantinePolicyFiles = Get-ChildItem -Path "$PSScriptRoot\EOPPolicies\QuarantinePolicies" -Filter *.json
        foreach($QuarantinePolicyFile in $QuarantinePolicyFiles) {
            $QuarantinePolicy = Get-Content -Path $QuarantinePolicyFile.FullName | ConvertFrom-Json -Depth 100 -AsHashtable
            if($QuarantinePolicies.Identity -contains $QuarantinePolicy.Name) {
                Write-Host "Quarantine policy '$($QuarantinePolicy.Name)' already exists, not creating.." -ForegroundColor Yellow
            }
            else {
                # If "DefaultGlobalTag" (used for global settings)
                if($QuarantinePolicyFile.BaseName -eq "GlobalQuarantinePolicy") {
                    $DefaultDomainName = Get-AcceptedDomain | Where-Object { $_.Default -eq $true } | Select-Object -ExpandProperty DomainName
                    $QuarantinePolicy.EndUserSpamNotificationCustomFromAddress = "quarantine@$($DefaultDomainName)"
                    $GlobalQuarantinePolicy = Get-QuarantinePolicy -QuarantinePolicyType GlobalQuarantinePolicy
                    if(!$GlobalQuarantinePolicy) {
                        Write-Host "Please open https://security.microsoft.com/quarantinePolicies and press 'Global Settings'. Enter a random value for 'End user spam notification custom from address and press 'Save'." -ForegroundColor Yellow
                        Read-Host "Press ENTER when you have saved the settings.."
                        Write-Host "Sleeping 10 seconds to allow the settings to propagate.."
                        Start-Sleep -Seconds 10
                        $GlobalQuarantinePolicy = Get-QuarantinePolicy -QuarantinePolicyType GlobalQuarantinePolicy
                    }
                    $GlobalQuarantinePolicy | Set-QuarantinePolicy @QuarantinePolicy
                    Write-Host "Updated global quarantine policy." -ForegroundColor Green
                } else {
                    # Parse the quarantine permissions
                    $RegexMatches = [regex]::Matches($QuarantinePolicy.EndUserQuarantinePermissions, '\b(\w+)\s*:\s*(\w+)\b')
                    $QuarantinePermissions = @{}
                    foreach ($match in $RegexMatches) {
                        $key = $match.Groups[1].Value.TrimStart('n')
                        $value = if ($match.Groups[2].Value -eq "True") { $true } else { $false }
                        $QuarantinePermissions[$key] = $value
                    }              
                    $QuarantinePolicy.EndUserQuarantinePermissions = New-QuarantinePermissions @QuarantinePermissions
                    $QuarantinePolicy = New-QuarantinePolicy @QuarantinePolicy
                    Write-Host "Created quarantine policy '$($QuarantinePolicy.Name)'." -ForegroundColor Green
                }
            }
        }

        # Anti-phishing policies
        $AntiPhishingPolicies = Get-AntiPhishPolicy
        $AntiPhishingPolicyFiles = Get-ChildItem -Path "$PSScriptRoot\EOPPolicies\AntiPhishingPolicies" -Filter *.json
        foreach($AntiPhishingPolicyFile in $AntiPhishingPolicyFiles) {
            $AntiPhishingPolicy = Get-Content -Path $AntiPhishingPolicyFile.FullName | ConvertFrom-Json -Depth 100 -AsHashtable
            if($AntiPhishingPolicies.Identity -contains $AntiPhishingPolicy.Name) {
                Write-Host "Anti-phishing policy '$($AntiPhishingPolicy.Name)' already exists, not creating.." -ForegroundColor Yellow
            }
            else {
                $AntiPhishingPolicy = New-AntiPhishPolicy @AntiPhishingPolicy
                Write-Host "Created anti-phishing policy '$($AntiPhishingPolicy.Name)'." -ForegroundColor Green
            }
        }

        # Anti-spam (inbound) policies
        $AntiSpamInboundPolicies = Get-HostedContentFilterPolicy
        $AntiSpamInboundPolicyFiles = Get-ChildItem -Path "$PSScriptRoot\EOPPolicies\AntiSpamInboundPolicies" -Filter *.json

        foreach($AntiSpamInboundPolicyFile in $AntiSpamInboundPolicyFiles) {
            $AntiSpamInboundPolicy = Get-Content -Path $AntiSpamInboundPolicyFile.FullName | ConvertFrom-Json -Depth 100 -AsHashtable
            if($AntiSpamInboundPolicies.Identity -contains $AntiSpamInboundPolicy.Name) {
                Write-Host "Anti-spam (inbound) policy '$($AntiSpamInboundPolicy.Name)' already exists, not creating.." -ForegroundColor Yellow
            }
            else {
                $AntiSpamInboundPolicy = New-HostedContentFilterPolicy @AntiSpamInboundPolicy
                $AntiSpamInboundPolicy | Set-HostedContentFilterPolicy -MakeDefault:$true
                Write-Host "Created anti-spam (inbound) policy '$($AntiSpamInboundPolicy.Name)'." -ForegroundColor Green
            }
        }

        # Anti-spam (outbound) policies
        $AntiSpamOutboundPolicies = Get-HostedOutboundSpamFilterPolicy
        $AntiSpamOutboundPolicyFiles = Get-ChildItem -Path "$PSScriptRoot\EOPPolicies\AntiSpamOutboundPolicies" -Filter *.json

        foreach($AntiSpamOutboundPolicyFile in $AntiSpamOutboundPolicyFiles) {
            $AntiSpamOutboundPolicy = Get-Content -Path $AntiSpamOutboundPolicyFile.FullName | ConvertFrom-Json -Depth 100 -AsHashtable
            if($AntiSpamOutboundPolicies.Identity -contains $AntiSpamOutboundPolicy.Name) {
                Write-Host "Anti-spam (outbound) policy '$($AntiSpamOutboundPolicy.Name)' already exists, not creating.." -ForegroundColor Yellow
            }
            else {
                # New can't be created, does not work correctly. Have to edit the default one.
                $DefaultAntiSpamOutboundPolicy = Get-HostedOutboundSpamFilterPolicy -Identity "Default"
                $DefaultAntiSpamOutboundPolicy | Set-HostedOutboundSpamFilterPolicy @AntiSpamOutboundPolicy
                Write-Host "Modified default anti-spam (outbound) policy '$($DefaultAntiSpamOutboundPolicy.Name)'." -ForegroundColor Green
            }
        }

    }
    catch {
        throw "Failed to create Exchange Online Protection (EOP) policies: $_"
    }
}