Sample-Reports/ScubaResults_21189b0e-f045-43ee-b9ba-653b32744e45.json
{
"MetaData": { "TenantId": "ca08493a-c9c8-4db0-a9e8-d3b4bafac269", "DisplayName": "tqhjy", "DomainName": "tqhjy.onmicrosoft.com", "ProductSuite": "Microsoft 365", "ProductsAssessed": [ "Azure Active Directory", "Microsoft 365 Defender", "Exchange Online", "Microsoft Power Platform", "SharePoint Online", "Microsoft Teams" ], "ProductAbbreviationMapping": { "Microsoft 365 Defender": "Defender", "SharePoint Online": "SharePoint", "Azure Active Directory": "AAD", "Microsoft Power Platform": "PowerPlatform", "Microsoft Teams": "Teams", "Exchange Online": "EXO" }, "Tool": "ScubaGear", "ToolVersion": "1.4.0", "TimestampZulu": "2024-08-02T19:25:11.166Z", "ReportUUID": "21189b0e-f045-43ee-b9ba-653b32744e45" }, "Summary": { "AAD": { "Failures": 12, "Errors": 0, "Passes": 11, "Warnings": 3, "Manual": 4, "Omits": 0 }, "Defender": { "Failures": 3, "Errors": 0, "Passes": 10, "Warnings": 3, "Manual": 4, "Omits": 0 }, "EXO": { "Failures": 3, "Errors": 0, "Passes": 9, "Warnings": 2, "Manual": 27, "Omits": 0 }, "PowerPlatform": { "Failures": 0, "Errors": 0, "Passes": 5, "Warnings": 1, "Manual": 2, "Omits": 0 }, "SharePoint": { "Failures": 0, "Errors": 0, "Passes": 5, "Warnings": 0, "Manual": 5, "Omits": 0 }, "Teams": { "Failures": 0, "Errors": 0, "Passes": 15, "Warnings": 0, "Manual": 6, "Omits": 0 } }, "Results": { "AAD": [ { "GroupName": "Legacy Authentication", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#1-legacy-authentication", "Controls": [ { "Control ID": "MS.AAD.1.1v1", "Requirement": "Legacy authentication SHALL be blocked.", "Result": "Pass", "Criticality": "Shall", "Details": "1 conditional access policy(s) found that meet(s) all requirements:<br/>MS.AAD.1.1v1 Legacy authentication SHALL be blocked. <a href='#caps'>View all CA policies</a>." } ] }, { "GroupName": "Risk Based Policies", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#2-risk-based-policies", "Controls": [ { "Control ID": "MS.AAD.2.1v1", "Requirement": "Users detected as high risk SHALL be blocked.", "Result": "Pass", "Criticality": "Shall", "Details": "1 conditional access policy(s) found that meet(s) all requirements:<br/>MS.AAD.2.1v1 Users detected as high risk SHALL be blocked. <a href='#caps'>View all CA policies</a>." }, { "Control ID": "MS.AAD.2.2v1", "Requirement": "A notification SHOULD be sent to the administrator when high-risk users are detected.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#msaad22v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" }, { "Control ID": "MS.AAD.2.3v1", "Requirement": "Sign-ins detected as high risk SHALL be blocked.", "Result": "Pass", "Criticality": "Shall", "Details": "1 conditional access policy(s) found that meet(s) all requirements:<br/>MS.AAD.2.3v1 Sign-ins detected as high risk SHALL be blocked. <a href='#caps'>View all CA policies</a>." } ] }, { "GroupName": "Strong Authentication and a Secure Registration Process", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#3-strong-authentication-and-a-secure-registration-process", "Controls": [ { "Control ID": "MS.AAD.3.1v1", "Requirement": "Phishing-resistant MFA SHALL be enforced for all users.", "Result": "Fail", "Criticality": "Shall", "Details": "0 conditional access policy(s) found that meet(s) all requirements. <a href='#caps'>View all CA policies</a>." }, { "Control ID": "MS.AAD.3.2v1", "Requirement": "If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users.", "Result": "Pass", "Criticality": "Shall", "Details": "1 conditional access policy(s) found that meet(s) all requirements:<br/>MS.AAD.3.2v1 If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users. <a href='#caps'>View all CA policies</a>." }, { "Control ID": "MS.AAD.3.3v1", "Requirement": "If phishing-resistant MFA has not been enforced and Microsoft Authenticator is enabled, it SHALL be configured to show login context information.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.AAD.3.4v1", "Requirement": "The Authentication Methods Manage Migration feature SHALL be set to Migration Complete.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" }, { "Control ID": "MS.AAD.3.5v1", "Requirement": "The authentication methods SMS, Voice Call, and Email One-Time Passcode (OTP) SHALL be disabled.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This policy is only applicable if the tenant has their Manage Migration feature set to Migration Complete. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#msaad34v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for more info" }, { "Control ID": "MS.AAD.3.6v1", "Requirement": "Phishing-resistant MFA SHALL be required for highly privileged roles.", "Result": "Fail", "Criticality": "Shall", "Details": "0 conditional access policy(s) found that meet(s) all requirements. <a href='#caps'>View all CA policies</a>." }, { "Control ID": "MS.AAD.3.7v1", "Requirement": "Managed devices SHOULD be required for authentication.", "Result": "Warning", "Criticality": "Should", "Details": "0 conditional access policy(s) found that meet(s) all requirements. <a href='#caps'>View all CA policies</a>." }, { "Control ID": "MS.AAD.3.8v1", "Requirement": "Managed Devices SHOULD be required to register MFA.", "Result": "Warning", "Criticality": "Should", "Details": "0 conditional access policy(s) found that meet(s) all requirements. <a href='#caps'>View all CA policies</a>." } ] }, { "GroupName": "Centralized Log Collection", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#4-centralized-log-collection", "Controls": [ { "Control ID": "MS.AAD.4.1v1", "Requirement": "Security logs SHALL be sent to the agency's security operations center for monitoring.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#msaad41v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" } ] }, { "GroupName": "Application Registration and Consent", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#5-application-registration-and-consent", "Controls": [ { "Control ID": "MS.AAD.5.1v1", "Requirement": "Only administrators SHALL be allowed to register applications.", "Result": "Pass", "Criticality": "Shall", "Details": "0 authorization policies found that allow non-admin users to register third-party applications" }, { "Control ID": "MS.AAD.5.2v1", "Requirement": "Only administrators SHALL be allowed to consent to applications.", "Result": "Fail", "Criticality": "Shall", "Details": "1 authorization policies found that allow non-admin users to consent to third-party applications:<br/>authorizationPolicy" }, { "Control ID": "MS.AAD.5.3v1", "Requirement": "An admin consent workflow SHALL be configured for applications.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" }, { "Control ID": "MS.AAD.5.4v1", "Requirement": "Group owners SHALL NOT be allowed to consent to applications.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" } ] }, { "GroupName": "Passwords", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#6-passwords", "Controls": [ { "Control ID": "MS.AAD.6.1v1", "Requirement": "User passwords SHALL NOT expire.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" } ] }, { "GroupName": "Highly Privileged User Access", "GroupNumber": "7", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#7-highly-privileged-user-access", "Controls": [ { "Control ID": "MS.AAD.7.1v1", "Requirement": "A minimum of two users and a maximum of eight users SHALL be provisioned with the Global Administrator role.", "Result": "Pass", "Criticality": "Shall", "Details": "2 global admin(s) found:<br/>Jane Doe, John Public" }, { "Control ID": "MS.AAD.7.2v1", "Requirement": "Privileged users SHALL be provisioned with finer-grained roles instead of Global Administrator.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met: Least Privilege Score = 2 (should be 1 or less)" }, { "Control ID": "MS.AAD.7.3v1", "Requirement": "Privileged users SHALL be provisioned cloud-only accounts separate from an on-premises directory or other federated identity providers.", "Result": "Pass", "Criticality": "Shall", "Details": "0 admin(s) that are not cloud-only found" }, { "Control ID": "MS.AAD.7.4v1", "Requirement": "Permanent active role assignments SHALL NOT be allowed for highly privileged roles.", "Result": "Fail", "Criticality": "Shall", "Details": "6 role(s) that contain users with permanent active assignment:<br/>Application Administrator, Exchange Administrator, Global Administrator, Privileged Role Administrator, SharePoint Administrator, User Administrator" }, { "Control ID": "MS.AAD.7.5v1", "Requirement": "Provisioning users to highly privileged roles SHALL NOT occur outside of a PAM system.", "Result": "Fail", "Criticality": "Shall", "Details": "4 role(s) assigned to users outside of PIM:<br/>Application Administrator, Global Administrator, Privileged Role Administrator, User Administrator" }, { "Control ID": "MS.AAD.7.6v1", "Requirement": "Activation of the Global Administrator role SHALL require approval.", "Result": "Fail", "Criticality": "Shall", "Details": "1 role(s) or group(s) allowing activation without approval found:<br/>Global Administrator(Directory Role)" }, { "Control ID": "MS.AAD.7.7v1", "Requirement": "Eligible and Active highly privileged role assignments SHALL trigger an alert.", "Result": "Fail", "Criticality": "Shall", "Details": "6 role(s) or group(s) without notification e-mail configured for role assignments found:<br/>Cloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Global Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)" }, { "Control ID": "MS.AAD.7.8v1", "Requirement": "User activation of the Global Administrator role SHALL trigger an alert.", "Result": "Pass", "Criticality": "Shall", "Details": "0 role(s) or group(s) without notification e-mail configured for Global Administrator activations found" }, { "Control ID": "MS.AAD.7.9v1", "Requirement": "User activation of other highly privileged roles SHOULD trigger an alert.", "Result": "Warning", "Criticality": "Should", "Details": "5 role(s) or group(s) without notification e-mail configured for role activations found:<br/>Cloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)" } ] }, { "GroupName": "Guest User Access", "GroupNumber": "8", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#8-guest-user-access", "Controls": [ { "Control ID": "MS.AAD.8.1v1", "Requirement": "Guest users SHOULD have limited or restricted access to Microsoft Entra ID directory objects.", "Result": "Pass", "Criticality": "Should", "Details": "Permission level set to \"Limited access\" (authorizationPolicy)" }, { "Control ID": "MS.AAD.8.2v1", "Requirement": "Only users with the Guest Inviter role SHOULD be able to invite guest users.", "Result": "Pass", "Criticality": "Should", "Details": "Permission level set to \"adminsAndGuestInviters\" (authorizationPolicy)" }, { "Control ID": "MS.AAD.8.3v1", "Requirement": "Guest invites SHOULD only be allowed to specific external domains that have been authorized by the agency for legitimate business purposes.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/aad.md#msaad83v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" } ] } ], "Defender": [ { "GroupName": "Preset Security Profiles", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#1-preset-security-profiles", "Controls": [ { "Control ID": "MS.DEFENDER.1.1v1", "Requirement": "The standard and strict preset security policies SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.1.2v1", "Requirement": "All users SHALL be added to Exchange Online Protection in either the standard or strict preset security policy.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.1.3v1", "Requirement": "All users SHALL be added to Defender for Office 365 protection in either the standard or strict preset security policy.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.1.4v1", "Requirement": "Sensitive accounts SHALL be added to Exchange Online Protection in the strict preset security policy.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" }, { "Control ID": "MS.DEFENDER.1.5v1", "Requirement": "Sensitive accounts SHALL be added to Defender for Office 365 protection in the strict preset security policy.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Impersonation Protection", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#2-impersonation-protection", "Controls": [ { "Control ID": "MS.DEFENDER.2.1v1", "Requirement": "User impersonation protection SHOULD be enabled for sensitive accounts in both the standard and strict preset policies.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.2.2v1", "Requirement": "Domain impersonation protection SHOULD be enabled for domains owned by the agency in both the standard and strict preset policies.", "Result": "Warning", "Criticality": "Should", "Details": "Not all agency domains are included for targeted protection in Strict or Standard policy." }, { "Control ID": "MS.DEFENDER.2.3v1", "Requirement": "Domain impersonation protection SHOULD be added for important partners in both the standard and strict preset policies.", "Result": "Warning", "Criticality": "Should", "Details": "Not all partner domains are included for targeted protection in Strict or Standard policy." } ] }, { "GroupName": "Safe Attachments", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#3-safe-attachments", "Controls": [ { "Control ID": "MS.DEFENDER.3.1v1", "Requirement": "Safe attachments SHOULD be enabled for SharePoint, OneDrive, and Microsoft Teams.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Data Loss Prevention", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#4-data-loss-prevention", "Controls": [ { "Control ID": "MS.DEFENDER.4.1v1", "Requirement": "A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.4.2v1", "Requirement": "The custom policy SHOULD be applied to Exchange, OneDrive, SharePoint, Teams chat, and Devices.", "Result": "Warning", "Criticality": "Should", "Details": "DLP custom policy applied to the following locations: Exchange, OneDrive, SharePoint, Teams. Custom policy protecting sensitive info types NOT applied to: Devices. Devices location requires DLP for Endpoint licensing and at least one registered device. For full policy details, see the ActualValue field in the results file: ./TestResults.json" }, { "Control ID": "MS.DEFENDER.4.3v1", "Requirement": "The action for the custom policy SHOULD be set to block sharing sensitive information with everyone.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.4.4v1", "Requirement": "Notifications to inform users and help educate them on the proper use of sensitive information SHOULD be enabled in the custom policy.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.4.5v1", "Requirement": "A list of apps that are restricted from accessing files protected by DLP policy SHOULD be defined.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#msdefender45v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" }, { "Control ID": "MS.DEFENDER.4.6v1", "Requirement": "The custom policy SHOULD include an action to block access to sensitive information by restricted apps and unwanted Bluetooth applications.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#msdefender46v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" } ] }, { "GroupName": "Alerts", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#5-alerts", "Controls": [ { "Control ID": "MS.DEFENDER.5.1v1", "Requirement": "At a minimum, the alerts required by the CISA M365 Security Configuration Baseline for Exchange Online SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.5.2v1", "Requirement": "The alerts SHOULD be sent to a monitored address or incorporated into a SIEM.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#msdefender52v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" } ] }, { "GroupName": "Audit Logging", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#6-audit-logging", "Controls": [ { "Control ID": "MS.DEFENDER.6.1v1", "Requirement": "Microsoft Purview Audit (Standard) logging SHALL be enabled.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" }, { "Control ID": "MS.DEFENDER.6.2v1", "Requirement": "Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met. 70 tenant users without M365 Advanced Auditing feature assigned. To review and assign users the Microsoft 365 Advanced Auditing feature, see <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#msdefender62v1\" target=\"_blank\">Secure Configuration Baseline policy</a>. To get a list of all users without the license feature run the following: Get-MgBetaUser -Filter \"not assignedPlans/any(a:a/servicePlanId eq 2f442157-a11c-46b9-ae5b-6e39ff4e5849 and a/capabilityStatus eq 'Enabled')\" -ConsistencyLevel eventual -Count UserCount -All | Select-Object DisplayName,UserPrincipalName" }, { "Control ID": "MS.DEFENDER.6.3v1", "Requirement": "Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/defender.md#msdefender63v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" } ] } ], "EXO": [ { "GroupName": "Automatic Forwarding to External Domains", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#1-automatic-forwarding-to-external-domains", "Controls": [ { "Control ID": "MS.EXO.1.1v1", "Requirement": "Automatic forwarding to external domains SHALL be disabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Sender Policy Framework", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#2-sender-policy-framework", "Controls": [ { "Control ID": "MS.EXO.2.2v2", "Requirement": "An SPF policy SHALL be published for each domain that fails all non-approved senders.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "DomainKeys Identified Mail", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#3-domainkeys-identified-mail", "Controls": [ { "Control ID": "MS.EXO.3.1v1", "Requirement": "DKIM SHOULD be enabled for all domains.", "Result": "Warning", "Criticality": "Should", "Details": "1 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com" } ] }, { "GroupName": "Domain-Based Message Authentication, Reporting, and Conformance (DMARC)", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#4-domain-based-message-authentication,-reporting,-and-conformance-(dmarc)", "Controls": [ { "Control ID": "MS.EXO.4.1v1", "Requirement": "A DMARC policy SHALL be published for every second-level domain.", "Result": "Fail", "Criticality": "Shall", "Details": "2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com" }, { "Control ID": "MS.EXO.4.2v1", "Requirement": "The DMARC message rejection option SHALL be p=reject.", "Result": "Fail", "Criticality": "Shall", "Details": "2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com" }, { "Control ID": "MS.EXO.4.3v1", "Requirement": "The DMARC point of contact for aggregate reports SHALL include `reports@dmarc.cyber.dhs.gov`.", "Result": "Fail", "Criticality": "Shall", "Details": "2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com" }, { "Control ID": "MS.EXO.4.4v1", "Requirement": "An agency point of contact SHOULD be included for aggregate and failure reports.", "Result": "Warning", "Criticality": "Should", "Details": "2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com" } ] }, { "GroupName": "Simple Mail Transfer Protocol Authentication", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#5-simple-mail-transfer-protocol-authentication", "Controls": [ { "Control ID": "MS.EXO.5.1v1", "Requirement": "SMTP AUTH SHALL be disabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Calendar and Contact Sharing", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#6-calendar-and-contact-sharing", "Controls": [ { "Control ID": "MS.EXO.6.1v1", "Requirement": "Contact folders SHALL NOT be shared with all domains.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.EXO.6.2v1", "Requirement": "Calendar details SHALL NOT be shared with all domains.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "External Sender Warnings", "GroupNumber": "7", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#7-external-sender-warnings", "Controls": [ { "Control ID": "MS.EXO.7.1v1", "Requirement": "External sender warnings SHALL be implemented.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Data Loss Prevention Solutions", "GroupNumber": "8", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#8-data-loss-prevention-solutions", "Controls": [ { "Control ID": "MS.EXO.8.1v2", "Requirement": "A DLP solution SHALL be used.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo81v2\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.8.2v2", "Requirement": "The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo82v2\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.8.3v1", "Requirement": "The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo83v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.8.4v1", "Requirement": "At a minimum, the DLP solution SHALL restrict sharing credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) via email.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo84v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] }, { "GroupName": "Attachment File Type", "GroupNumber": "9", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#9-attachment-file-type", "Controls": [ { "Control ID": "MS.EXO.9.1v2", "Requirement": "Emails SHALL be filtered by attachment file types.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo91v2\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.9.2v1", "Requirement": "The attachment filter SHOULD attempt to determine the true file type and assess the file extension.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo92v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.9.3v2", "Requirement": "Disallowed file types SHALL be determined and enforced.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo93v2\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.9.4v1", "Requirement": "Alternatively chosen filtering solutions SHOULD offer services comparable to Microsoft Defender's Common Attachment Filter.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo94v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.9.5v1", "Requirement": "At a minimum, click-to-run files SHOULD be blocked (e.g., .exe, .cmd, and .vbe).", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo95v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] }, { "GroupName": "Malware Scanning", "GroupNumber": "10", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#10-malware-scanning", "Controls": [ { "Control ID": "MS.EXO.10.1v1", "Requirement": "Emails SHALL be scanned for malware.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo101v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.10.2v1", "Requirement": "Emails identified as containing malware SHALL be quarantined or dropped.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo102v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.10.3v1", "Requirement": "Email scanning SHALL be capable of reviewing emails after delivery.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo103v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] }, { "GroupName": "Phishing Protections", "GroupNumber": "11", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#11-phishing-protections", "Controls": [ { "Control ID": "MS.EXO.11.1v1", "Requirement": "Impersonation protection checks SHOULD be used.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo111v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.11.2v1", "Requirement": "User warnings, comparable to the user safety tips included with EOP, SHOULD be displayed.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo112v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.11.3v1", "Requirement": "The phishing protection solution SHOULD include an AI-based phishing detection tool comparable to EOP Mailbox Intelligence.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo113v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] }, { "GroupName": "IP Allow Lists", "GroupNumber": "12", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#12-ip-allow-lists", "Controls": [ { "Control ID": "MS.EXO.12.1v1", "Requirement": "IP allow lists SHOULD NOT be created.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.EXO.12.2v1", "Requirement": "Safe lists SHOULD NOT be enabled.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Mailbox Auditing", "GroupNumber": "13", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#13-mailbox-auditing", "Controls": [ { "Control ID": "MS.EXO.13.1v1", "Requirement": "Mailbox auditing SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Inbound Anti-Spam Protections", "GroupNumber": "14", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#14-inbound-anti-spam-protections", "Controls": [ { "Control ID": "MS.EXO.14.1v2", "Requirement": "A spam filter SHALL be enabled.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo141v2\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.14.2v1", "Requirement": "Spam and high confidence spam SHALL be moved to either the junk email folder or the quarantine folder.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo142v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.14.3v1", "Requirement": "Allowed domains SHALL NOT be added to inbound anti-spam protection policies.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo143v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.14.4v1", "Requirement": "If a third-party party filtering solution is used, the solution SHOULD offer services comparable to the native spam filtering offered by Microsoft.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo144v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] }, { "GroupName": "Link Protection", "GroupNumber": "15", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#15-link-protection", "Controls": [ { "Control ID": "MS.EXO.15.1v1", "Requirement": "URL comparison with a block-list SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo151v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.15.2v1", "Requirement": "Direct download links SHOULD be scanned for malware.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo152v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.15.3v1", "Requirement": "User click tracking SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo153v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] }, { "GroupName": "Alerts", "GroupNumber": "16", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#16-alerts", "Controls": [ { "Control ID": "MS.EXO.16.1v1", "Requirement": "At a minimum, the following alerts SHALL be enabled:\na. <b>Suspicious email sending patterns detected.</b>\nb. <b>Suspicious Connector Activity.</b>\nc. <b>Suspicious Email Forwarding Activity.</b>\nd. <b>Messages have been delayed.</b>\ne. <b>Tenant restricted from sending unprovisioned email.</b>\nf. <b>Tenant restricted from sending email.</b>\ng. <b>A potentially malicious URL click was detected.</b>\n<!--Policy: MS.EXO.16.1v1; Criticality: SHALL -->", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo161v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.16.2v1", "Requirement": "The alerts SHOULD be sent to a monitored address or incorporated into a security information and event management (SIEM) system.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo162v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] }, { "GroupName": "Audit Logging", "GroupNumber": "17", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#17-audit-logging", "Controls": [ { "Control ID": "MS.EXO.17.1v1", "Requirement": "Microsoft Purview Audit (Standard) logging SHALL be enabled.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo171v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.17.2v1", "Requirement": "Microsoft Purview Audit (Premium) logging SHALL be enabled.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo172v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.EXO.17.3v1", "Requirement": "Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31 (Appendix C).", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/exo.md#msexo173v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] } ], "PowerPlatform": [ { "GroupName": "Creation of Power Platform Environments", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/powerplatform.md#1-creation-of-power-platform-environments", "Controls": [ { "Control ID": "MS.POWERPLATFORM.1.1v1", "Requirement": "The ability to create production and sandbox environments SHALL be restricted to admins.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.POWERPLATFORM.1.2v1", "Requirement": "The ability to create trial environments SHALL be restricted to admins.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Power Platform Data Loss Prevention Policies", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/powerplatform.md#2-power-platform-data-loss-prevention-policies", "Controls": [ { "Control ID": "MS.POWERPLATFORM.2.1v1", "Requirement": "A DLP policy SHALL be created to restrict connector access in the default Power Platform environment.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.POWERPLATFORM.2.2v1", "Requirement": "Non-default environments SHOULD have at least one DLP policy affecting them.", "Result": "Warning", "Criticality": "Should", "Details": "1 Subsequent environments without DLP policies: 407cbeff-b477-e3b4-9ca7-097888a9ec4e" } ] }, { "GroupName": "Power Platform Tenant Isolation", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/powerplatform.md#3-power-platform-tenant-isolation", "Controls": [ { "Control ID": "MS.POWERPLATFORM.3.1v1", "Requirement": "Power Platform tenant isolation SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.POWERPLATFORM.3.2v1", "Requirement": "An inbound/outbound connection allowlist SHOULD be configured.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/powerplatform.md#mspowerplatform32v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" } ] }, { "GroupName": "Power Apps Content Security Policy", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/powerplatform.md#4-power-apps-content-security-policy", "Controls": [ { "Control ID": "MS.POWERPLATFORM.4.1v1", "Requirement": "Content Security Policy SHALL be enforced for model-driven and canvas Power Apps.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/powerplatform.md#mspowerplatform41v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" } ] }, { "GroupName": "Power Pages Creation", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/powerplatform.md#5-power-pages-creation", "Controls": [ { "Control ID": "MS.POWERPLATFORM.5.1v1", "Requirement": "The ability to create Power Pages sites SHOULD be restricted to admins.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] } ], "SharePoint": [ { "GroupName": "External Sharing", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/sharepoint.md#1-external-sharing", "Controls": [ { "Control ID": "MS.SHAREPOINT.1.1v1", "Requirement": "External sharing for SharePoint SHALL be limited to Existing guests or Only People in your organization.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.SHAREPOINT.1.2v1", "Requirement": "External sharing for OneDrive SHALL be limited to Existing guests or Only People in your organization.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.SHAREPOINT.1.3v1", "Requirement": "External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint13v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for more info" }, { "Control ID": "MS.SHAREPOINT.1.4v1", "Requirement": "Guest access SHALL be limited to the email the invitation was sent to.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint14v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for more info" } ] }, { "GroupName": "File and Folder Default Sharing Settings", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/sharepoint.md#2-file-and-folder-default-sharing-settings", "Controls": [ { "Control ID": "MS.SHAREPOINT.2.1v1", "Requirement": "File and folder default sharing scope SHALL be set to Specific people (only the people the user specifies).", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.SHAREPOINT.2.2v1", "Requirement": "File and folder default sharing permissions SHALL be set to View.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Securing Anyone Links and Verification Code Users", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/sharepoint.md#3-securing-anyone-links-and-verification-code-users", "Controls": [ { "Control ID": "MS.SHAREPOINT.3.1v1", "Requirement": "Expiration days for Anyone links SHALL be set to 30 days or less.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This policy is only applicable if External Sharing is set to any value other than Anyone. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint31v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for more info" }, { "Control ID": "MS.SHAREPOINT.3.2v1", "Requirement": "The allowable file and folder permissions for links SHALL be set to View only.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This policy is only applicable if External Sharing is set to any value other than Anyone. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint32v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for more info" }, { "Control ID": "MS.SHAREPOINT.3.3v1", "Requirement": "Reauthentication days for people who use a verification code SHALL be set to 30 days or less.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "External Sharing is set to Only People In Your Organization. This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization or Existing Guests. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint33v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for more info" } ] }, { "GroupName": "Custom Scripts", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/sharepoint.md#4-custom-scripts", "Controls": [ { "Control ID": "MS.SHAREPOINT.4.2v1", "Requirement": "Users SHALL be prevented from running custom scripts on self-service created sites.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] } ], "Teams": [ { "GroupName": "Meeting Policies", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#1-meeting-policies", "Controls": [ { "Control ID": "MS.TEAMS.1.1v1", "Requirement": "External meeting participants SHOULD NOT be enabled to request control of shared desktops or windows.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.2v1", "Requirement": "Anonymous users SHALL NOT be enabled to start meetings.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.3v1", "Requirement": "Anonymous users and dial-in callers SHOULD NOT be admitted automatically.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.4v1", "Requirement": "Internal users SHOULD be admitted automatically.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.5v1", "Requirement": "Dial-in users SHOULD NOT be enabled to bypass the lobby.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.6v1", "Requirement": "Meeting recording SHOULD be disabled.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.7v1", "Requirement": "Record an event SHOULD be set to Organizer can record.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "External User Access", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#2-external-user-access", "Controls": [ { "Control ID": "MS.TEAMS.2.1v1", "Requirement": "External access for users SHALL only be enabled on a per-domain basis.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.2.2v1", "Requirement": "Unmanaged users SHALL NOT be enabled to initiate contact with internal users.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.2.3v1", "Requirement": "Internal users SHOULD NOT be enabled to initiate contact with unmanaged users.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Skype Users", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#3-skype-users", "Controls": [ { "Control ID": "MS.TEAMS.3.1v1", "Requirement": "Contact with Skype users SHALL be blocked.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Teams Email Integration", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#4-teams-email-integration", "Controls": [ { "Control ID": "MS.TEAMS.4.1v1", "Requirement": "Teams email integration SHALL be disabled.", "Result": "Pass", "Criticality": "Shall", "Details": "N/A: Feature is unavailable in GCC environments" } ] }, { "GroupName": "App Management", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#5-app-management", "Controls": [ { "Control ID": "MS.TEAMS.5.1v1", "Requirement": "Agencies SHOULD only allow installation of Microsoft apps approved by the agency.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.5.2v1", "Requirement": "Agencies SHOULD only allow installation of third-party apps approved by the agency.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.5.3v1", "Requirement": "Agencies SHOULD only allow installation of custom apps approved by the agency.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Data Loss Prevention", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#6-data-loss-prevention", "Controls": [ { "Control ID": "MS.TEAMS.6.1v1", "Requirement": "A DLP solution SHALL be enabled. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#msteams61v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.TEAMS.6.2v1", "Requirement": "The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency. At a minimum, sharing of credit card numbers, taxpayer identification numbers (TINs), and Social Security numbers (SSNs) via email SHALL be restricted.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#msteams62v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] }, { "GroupName": "Malware Scanning", "GroupNumber": "7", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#7-malware-scanning", "Controls": [ { "Control ID": "MS.TEAMS.7.1v1", "Requirement": "Attachments included with Teams messages SHOULD be scanned for malware.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#msteams71v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.TEAMS.7.2v1", "Requirement": "Users SHOULD be prevented from opening or downloading files detected as malware.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#msteams72v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] }, { "GroupName": "Link Protection", "GroupNumber": "8", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#8-link-protection", "Controls": [ { "Control ID": "MS.TEAMS.8.1v1", "Requirement": "URL comparison with a blocklist SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#msteams81v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." }, { "Control ID": "MS.TEAMS.8.2v1", "Requirement": "User click tracking SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.4.0/PowerShell/ScubaGear/baselines/teams.md#msteams82v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on a manual check." } ] } ] }, "Raw": { "baseline_version": "1", "module_version": "1.4.0", "date": "08/02/2024 14:25:11 Central Daylight Time", "timestamp_zulu": "2024-08-02T19:25:11.166Z", "report_uuid": "21189b0e-f045-43ee-b9ba-653b32744e45", "tenant_details": [ { "AADAdditionalData": { "AssignedPlans": [ { "AssignedDateTime": "Date(1701807102000)", "CapabilityStatus": "Enabled", "Service": "CRM", "ServicePlanId": "1ddffef6-4f69-455e-89c7-d5d72105f915" }, { "AssignedDateTime": "Date(1701807102000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "922ba911-5694-4e99-a794-73aed9bfeec8" }, { "AssignedDateTime": "Date(1682823962000)", "CapabilityStatus": "Deleted", "Service": "exchange", "ServicePlanId": "113feb6c-3fe4-4440-bddc-54d774bf0318" }, { "AssignedDateTime": "Date(1676979479000)", "CapabilityStatus": "Deleted", "Service": "RMSOnline", "ServicePlanId": "6c57d4b6-3b23-47a5-9bc9-69f17b4947b3" }, { "AssignedDateTime": "Date(1676979478000)", "CapabilityStatus": "Deleted", "Service": "RMSOnline", "ServicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90" }, { "AssignedDateTime": "Date(1676979478000)", "CapabilityStatus": "Deleted", "Service": "RMSOnline", "ServicePlanId": "5689bec4-755d-4753-8b61-40975025187c" }, { "AssignedDateTime": "Date(1676979170000)", "CapabilityStatus": "Deleted", "Service": "Adallom", "ServicePlanId": "8c098270-9dd4-4350-9b30-ba4703f3b36b" }, { "AssignedDateTime": "Date(1674387225000)", "CapabilityStatus": "Enabled", "Service": "MIPExchangeSolutions", "ServicePlanId": "cd31b152-6326-4d1b-ae1b-997b625182e6" }, { "AssignedDateTime": "Date(1666375096000)", "CapabilityStatus": "Enabled", "Service": "RMSOnline", "ServicePlanId": "5400a66d-eaa5-427d-80f2-0f26d59d8fce" }, { "AssignedDateTime": "Date(1666375094000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "a6520331-d7d4-4276-95f5-15c0933bc757" }, { "AssignedDateTime": "Date(1666375094000)", "CapabilityStatus": "Enabled", "Service": "MicrosoftEndpointDLP", "ServicePlanId": "64bfac92-2b17-4482-b5e5-a0304429de3e" }, { "AssignedDateTime": "Date(1666375096000)", "CapabilityStatus": "Enabled", "Service": "RMSOnline", "ServicePlanId": "1b66aedf-8ca1-4f73-af76-ec76c6180f98" }, { "AssignedDateTime": "Date(1666375093000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "b74d57b2-58e9-484a-9731-aeccbba954f0" }, { "AssignedDateTime": "Date(1666375095000)", "CapabilityStatus": "Enabled", "Service": "Office365InsiderRisk", "ServicePlanId": "d587c7a3-bda9-4f99-8776-9bcf59c84f75" }, { "AssignedDateTime": "Date(1666375094000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "bf6f5520-59e3-4f82-974b-7dbbc4fd27c7" }, { "AssignedDateTime": "Date(1666375094000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "d2d51368-76c9-4317-ada2-a12c004c432f" }, { "AssignedDateTime": "Date(1666300549000)", "CapabilityStatus": "Enabled", "Service": "Bing", "ServicePlanId": "94065c59-bc8e-4e8b-89e5-5138d471eaff" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "617b097b-4b93-4ede-83de-5f075bb5fb2f" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "MicrosoftThreatProtection", "ServicePlanId": "bf28f719-7844-4079-9c78-c1307898e192" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "SharePoint", "ServicePlanId": "8f9f0f3b-ca90-406c-a842-95579171f8ec" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "2f442157-a11c-46b9-ae5b-6e39ff4e5849" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "CRM", "ServicePlanId": "a7d3fb37-b6df-4085-b509-50810d991a39" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "900018f1-0cdb-4ecb-94d4-90281760fdc6" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "493ff600-6a2b-4db6-ad37-a7d4eb214516" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "MicrosoftCommunicationsOnline", "ServicePlanId": "db23fce2-a974-42ef-9002-d78dd42a0f22" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "89b5d3b1-3855-49fe-b46c-87c66dbc1526" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "8c3069c0-ccdb-44be-ab77-986203a67df2" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "efb0351d-3b08-4503-993d-383af8de41e3" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "65cc641f-cccd-4643-97e0-a17e3045e541" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "SharePoint", "ServicePlanId": "153f85dd-d912-4762-af6c-d6e0fb4f6692" }, { "AssignedDateTime": "Date(1666300549000)", "CapabilityStatus": "Enabled", "Service": "WhiteboardServices", "ServicePlanId": "4a51bca5-1eff-43f5-878c-177680f191af" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "5136a095-5cf0-4aff-bec3-e84448b38ea5" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "OfficeForms", "ServicePlanId": "843da3a8-d2cc-4e7a-9e90-dc46019f964c" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "ProjectWorkManagement", "ServicePlanId": "5b4ef465-7ea1-459a-9f91-033317755a51" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "d1cbfb67-18a8-4792-b643-630b7f19aad1" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "MicrosoftOffice", "ServicePlanId": "de9234ff-6483-44d9-b15e-dca72fdd27af" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "M365CommunicationCompliance", "ServicePlanId": "a413a9ff-720c-4822-98ef-2f37c2a21f4c" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "M365LabelAnalytics", "ServicePlanId": "2b815d45-56e4-4e3a-b65c-66cb9175b560" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "199a5c09-e0ca-4e37-8f7c-b05d533e1ea2" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "208120d1-9adb-4daf-8c22-816bd5d237e7" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "TeamspaceAPI", "ServicePlanId": "304767db-7d23-49e8-a945-4a7eb65f9f28" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "c4801e8a-cb58-4c35-aca6-f2dcc106f287" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "MicrosoftStream", "ServicePlanId": "92c2089d-9a53-49fe-b1a6-9e6bdf959547" }, { "AssignedDateTime": "Date(1666300549000)", "CapabilityStatus": "Enabled", "Service": "To-Do", "ServicePlanId": "3fb82609-8c27-4f7b-bd51-30634711ee67" }, { "AssignedDateTime": "Date(1666300549000)", "CapabilityStatus": "Enabled", "Service": "ProjectProgramsAndPortfolios", "ServicePlanId": "9b7c50ec-cd50-44f2-bf48-d72de6f90717" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "PowerAppsServiceGCC", "ServicePlanId": "0eacfc38-458a-40d3-9eab-9671258f1a3e" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "MicrosoftCommunicationsOnline", "ServicePlanId": "a31ef4a2-f787-435e-8335-e47eb0cafc94" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "MicrosoftCommunicationsOnline", "ServicePlanId": "f544b08d-1645-4287-82de-8d91f37c02a1" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "6db1f1db-2b46-403f-be40-e39395f08dbb" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "Fairfax-MicrosoftPowerBI-WFE", "ServicePlanId": "944e9726-f011-4353-b654-5f7d2663db76" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "M365LabelAnalytics", "ServicePlanId": "d9fa6af4-e046-4c89-9226-729a0786685d" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "e26c2fcc-ab91-4a61-b35c-03cdc8dddf66" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "CRM", "ServicePlanId": "bce5e5ca-c2fd-4d53-8ee2-58dfffed4c10" }, { "AssignedDateTime": "Date(1666300551000)", "CapabilityStatus": "Enabled", "Service": "RMSOnline", "ServicePlanId": "6a76346d-5d6e-4051-9fe3-ed3f312b5597" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "6dc145d6-95dd-4191-b9c3-185575ee6f6b" }, { "AssignedDateTime": "Date(1666300550000)", "CapabilityStatus": "Enabled", "Service": "ProcessSimpleGCC", "ServicePlanId": "8055d84a-c172-42eb-b997-6c2ae4628246" }, { "AssignedDateTime": "Date(1666300529000)", "CapabilityStatus": "Enabled", "Service": "AzureAdvancedThreatAnalytics", "ServicePlanId": "14ab5db5-e6c4-4b20-b4bc-13e36fd2227f" }, { "AssignedDateTime": "Date(1666300529000)", "CapabilityStatus": "Enabled", "Service": "AADPremiumService", "ServicePlanId": "eec0eb4f-6444-4f95-aba0-50c24d67f998" }, { "AssignedDateTime": "Date(1666300530000)", "CapabilityStatus": "Enabled", "Service": "AADPremiumService", "ServicePlanId": "41781fb2-bc02-4b7c-bd55-b576c07bb09d" }, { "AssignedDateTime": "Date(1666300529000)", "CapabilityStatus": "Enabled", "Service": "MultiFactorService", "ServicePlanId": "8a256a2b-b617-496d-b51b-e76466e88db0" }, { "AssignedDateTime": "Date(1666300529000)", "CapabilityStatus": "Enabled", "Service": "Adallom", "ServicePlanId": "2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2" }, { "AssignedDateTime": "Date(1666300529000)", "CapabilityStatus": "Enabled", "Service": "SCO", "ServicePlanId": "c1ec4a95-1f05-45b3-a911-aa3fa01094f5" }, { "AssignedDateTime": "Date(1646945063000)", "CapabilityStatus": "Enabled", "Service": "WindowsAzure", "ServicePlanId": "fca3e605-0754-4279-8504-3f1229f29614" }, { "AssignedDateTime": "Date(1638885214000)", "CapabilityStatus": "Enabled", "Service": "WindowsDefenderATP", "ServicePlanId": "871d91ec-ec1a-452b-a83f-bd76c7d770ef" }, { "AssignedDateTime": "Date(1616437077000)", "CapabilityStatus": "Deleted", "Service": "SCO", "ServicePlanId": "882e1d05-acd1-4ccb-8708-6ee03664b117" }, { "AssignedDateTime": "Date(1614604981000)", "CapabilityStatus": "Deleted", "Service": "SCO", "ServicePlanId": "882e1d05-acd1-4ccb-8708-6ee03664b117" } ], "Branding": { "BackgroundColor": null, "BackgroundImage": null, "BackgroundImageRelativeUrl": null, "BannerLogo": null, "BannerLogoRelativeUrl": null, "CdnList": null, "ContentCustomization": { "AttributeCollection": null, "AttributeCollectionRelativeUrl": null }, "CustomAccountResetCredentialsUrl": null, "CustomCannotAccessYourAccountText": null, "CustomCannotAccessYourAccountUrl": null, "CustomCss": null, "CustomCssRelativeUrl": null, "CustomForgotMyPasswordText": null, "CustomPrivacyAndCookiesText": null, "CustomPrivacyAndCookiesUrl": null, "CustomResetItNowText": null, "CustomTermsOfUseText": null, "CustomTermsOfUseUrl": null, "Favicon": null, "FaviconRelativeUrl": null, "HeaderBackgroundColor": null, "HeaderLogo": null, "HeaderLogoRelativeUrl": null, "Id": null, "Localizations": null, "LoginPageLayoutConfiguration": { "IsFooterShown": null, "IsHeaderShown": null, "LayoutTemplateType": null }, "LoginPageTextVisibilitySettings": { "HideAccountResetCredentials": null, "HideCannotAccessYourAccount": null, "HideForgotMyPassword": null, "HidePrivacyAndCookies": null, "HideResetItNow": null, "HideTermsOfUse": null }, "SignInPageText": null, "SquareLogo": null, "SquareLogoDark": null, "SquareLogoDarkRelativeUrl": null, "SquareLogoRelativeUrl": null, "UsernameHintText": null }, "BusinessPhones": [ "1234567890" ], "CertificateBasedAuthConfiguration": null, "CertificateConnectorSetting": { "CertExpiryTime": null, "ConnectorVersion": null, "EnrollmentError": null, "LastConnectorConnectionTime": null, "LastUploadVersion": null, "Status": null }, "City": null, "Country": null, "CountryLetterCode": null, "CreatedDateTime": "Date(1613679244000)", "DefaultUsageLocation": null, "DeletedDateTime": null, "DirectorySizeQuota": { "Total": 300000, "Used": 1134 }, "DisplayName": "tqhjy", "Extensions": null, "Id": "3c19c757-3b55-411f-b03f-2bcc514a598d", "IsMultipleDataLocationsForServicesEnabled": null, "MarketingNotificationEmails": [ ], "MobileDeviceManagementAuthority": { }, "OnPremisesLastPasswordSyncDateTime": null, "OnPremisesLastSyncDateTime": "Date(1661362185000)", "OnPremisesSyncEnabled": true, "PartnerInformation": { "CommerceUrl": null, "CompanyName": null, "CompanyType": null, "HelpUrl": null, "PartnerTenantId": null, "SupportEmails": null, "SupportTelephones": null, "SupportUrl": null }, "PartnerTenantType": null, "PostalCode": null, "PreferredLanguage": "en", "PrivacyProfile": { "ContactEmail": "", "StatementUrl": "" }, "ProvisionedPlans": [ { "CapabilityStatus": "Deleted", "ProvisioningStatus": "Success", "Service": "RMSOnline" }, { "CapabilityStatus": "Deleted", "ProvisioningStatus": "Success", "Service": "RMSOnline" }, { "CapabilityStatus": "Deleted", "ProvisioningStatus": "Success", "Service": "RMSOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "RMSOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "RMSOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "SCO" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "SharePoint" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "SharePoint" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "MicrosoftCommunicationsOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "MicrosoftCommunicationsOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "MicrosoftCommunicationsOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "ProjectWorkManagement" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "Adallom" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "RMSOnline" } ], "SecurityComplianceNotificationMails": [ ], "SecurityComplianceNotificationPhones": [ ], "Settings": { "ContactInsights": { "DisabledForGroup": null, "Id": null, "IsEnabledInOrganization": null }, "Id": null, "ItemInsights": { "DisabledForGroup": null, "Id": null, "IsEnabledInOrganization": null }, "MicrosoftApplicationDataAccess": { "DisabledForGroup": null, "Id": null, "IsEnabledForAllMicrosoftApplications": null }, "PeopleInsights": { "DisabledForGroup": null, "Id": null, "IsEnabledInOrganization": null } }, "State": null, "Street": null, "TechnicalNotificationMails": [ "admin@example.com" ], "TenantType": "AAD", "VerifiedDomains": [ { "Capabilities": "Email, OfficeCommunicationsOnline", "IsDefault": true, "IsInitial": true, "Name": "tqhjy.onmicrosoft.com", "Type": "Managed" } ], "AdditionalProperties": { "onPremisesSyncStatus": [ "System.Collections.Generic.Dictionary`2[System.String,System.Object]" ] } }, "TenantId": "ca08493a-c9c8-4db0-a9e8-d3b4bafac269", "DisplayName": "tqhjy", "DomainName": "tqhjy.onmicrosoft.com" } ], "scuba_config": { }, "conditional_access_policies": [ { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "Date(1647536088205)", "Description": null, "DisplayName": "Live - Session Length SHALL be Limited", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": null, "CustomAuthenticationFactors": null, "Operator": null, "TermsOfUse": null }, "Id": "e430772e-f1c9-4618-9b68-4f125e80a288", "ModifiedDateTime": "Date(1717372277946)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": "primaryAndSecondaryAuthentication", "FrequencyInterval": "timeBased", "IsEnabled": true, "Type": "days", "Value": 4 } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "Date(1647536401180)", "Description": null, "DisplayName": "Live - Browser Sessions SHALL NOT be Persistent", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": null, "CustomAuthenticationFactors": null, "Operator": null, "TermsOfUse": null }, "Id": "75fd3dde-7974-4bbf-8912-19f36b9f054d", "ModifiedDateTime": "Date(1671042607797)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": true, "Mode": "never" }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "de77846f-88c8-4047-bb35-6e7ab962f0b3" ] } }, "CreatedDateTime": "Date(1651265768738)", "Description": null, "DisplayName": "Live - Managed Devices SHOULD be Required (limited users)", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "compliantDevice", "domainJoinedDevice" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "ff6e5e8c-8811-41a7-8514-ba4967723500", "ModifiedDateTime": "Date(1706641203745)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabledForReportingButNotEnforced", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "None" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ "64720f66-b5cc-41ae-aec7-562f90038952" ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "7a22bd70-341c-4903-a014-d8cfd5c1d75f" ] } }, "CreatedDateTime": "Date(1662149889905)", "Description": null, "DisplayName": "LIVE - Auth Strength (Limited Users)", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": [ "fido2", "x509CertificateMultiFactor", "temporaryAccessPassOneTime" ], "CombinationConfigurations": [ ], "CreatedDateTime": "Date(1662146338176)", "Description": "", "DisplayName": "CISA Auth Strength", "Id": "a7a09591-49c1-4f33-bb37-76f0b6abf067", "ModifiedDateTime": "Date(1662146338176)", "PolicyType": "custom", "RequirementsSatisfied": "mfa" }, "BuiltInControls": [ ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "7769140e-ec01-425d-a7c9-f4c602cf4ecb", "ModifiedDateTime": "Date(1706641389262)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabledForReportingButNotEnforced", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ "urn:user:registersecurityinfo" ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": [ "AllTrusted" ], "IncludeLocations": [ "All" ] }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "8da76570-8b48-44af-975b-4c377221735b" ] } }, "CreatedDateTime": "Date(1682299483531)", "Description": null, "DisplayName": "Live - MFA registration with temporary access pass (limited users)", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "mfa" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "3cec5953-bbc0-4fa6-877b-b3b1c84a0813", "ModifiedDateTime": "Date(1682473922692)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabledForReportingButNotEnforced", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ "urn:user:registersecurityinfo" ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": [ "AllTrusted" ], "IncludeLocations": [ "All" ] }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "8da76570-8b48-44af-975b-4c377221735b" ] } }, "CreatedDateTime": "Date(1682474221172)", "Description": null, "DisplayName": "Live - MFA registration from Trusted Location only (limited users)", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "block" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "76a7344f-e67a-4469-9ece-8969b249df87", "ModifiedDateTime": null, "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabledForReportingButNotEnforced", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ "urn:user:registersecurityinfo" ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": [ "AllTrusted" ], "IncludeLocations": [ "All" ] }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "8da76570-8b48-44af-975b-4c377221735b" ] } }, "CreatedDateTime": "Date(1682474402202)", "Description": null, "DisplayName": "Live - MFA registration from Managed Device or Trusted Location only (limited users)", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "compliantDevice", "domainJoinedDevice" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "3ec71c28-aa3f-44f6-af9d-e64dd55c4d82", "ModifiedDateTime": "Date(1683818519800)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabledForReportingButNotEnforced", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ "urn:user:registerdevice" ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "42dd60ea-57e9-47ea-8a43-a213d36a9cb0" ] } }, "CreatedDateTime": "Date(1682538128295)", "Description": null, "DisplayName": "Live - Device registration requires MFA (limited users)", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "mfa" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "3ad1e26d-8950-4376-8dd5-fd293389e3fa", "ModifiedDateTime": "Date(1683818557600)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabledForReportingButNotEnforced", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "cafc4ec1-f9e8-4718-942b-69e5b4c896e0" ] } }, "CreatedDateTime": "Date(1683145214503)", "Description": null, "DisplayName": "Live - Phishing Resistant MFA required (specific guest user)", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": [ "fido2", "x509CertificateMultiFactor", "temporaryAccessPassOneTime" ], "CombinationConfigurations": [ ], "CreatedDateTime": "Date(1662146338176)", "Description": "", "DisplayName": "CISA Auth Strength", "Id": "a7a09591-49c1-4f33-bb37-76f0b6abf067", "ModifiedDateTime": "Date(1662146338176)", "PolicyType": "custom", "RequirementsSatisfied": "mfa" }, "BuiltInControls": [ ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "1966019a-244f-4e73-b502-49ddd0d2b868", "ModifiedDateTime": "Date(1706641414810)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabledForReportingButNotEnforced", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "exchangeActiveSync", "other" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "Date(1698255149380)", "Description": null, "DisplayName": "MS.AAD.1.1v1 Legacy authentication SHALL be blocked", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "block" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "f56276cf-d30f-4e0f-9d73-d72f99370dcb", "ModifiedDateTime": "Date(1718828117667)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ "high" ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "Date(1698255528762)", "Description": null, "DisplayName": "MS.AAD.2.1v1 Users detected as high risk SHALL be blocked", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "block" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "0ca1b87a-357b-4835-8e10-d226267fa8ea", "ModifiedDateTime": "Date(1718828492397)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ "high" ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "Date(1698255635990)", "Description": null, "DisplayName": "MS.AAD.2.3v1 Sign-ins detected as high risk SHALL be blocked", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "block" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "d1ba2665-d4d5-4708-8f6b-b1ab5f2b2b0b", "ModifiedDateTime": null, "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "Date(1698255712623)", "Description": null, "DisplayName": "MS.AAD.3.2v1 If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "mfa" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "a205d789-8090-43d1-b42b-0d915b08fbfd", "ModifiedDateTime": null, "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "None" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "None" ] } }, "CreatedDateTime": "Date(1706130757851)", "Description": null, "DisplayName": "Terms of Use Policy", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ "99bf8fe7-2c57-4155-bcb5-d6b54de5cea7" ] }, "Id": "fe0bdee1-2fc2-4fe4-8e2b-eefc608c2c04", "ModifiedDateTime": null, "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabledForReportingButNotEnforced", "AdditionalProperties": { } } ], "cap_table_data": [ { "Name": "Live - Session Length SHALL be Limited", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Client apps included: all" ], "Block/Grant Access": "None", "Session Controls": [ "Sign-in frequency (every 4 days)" ] }, { "Name": "Live - Browser Sessions SHALL NOT be Persistent", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Client apps included: all" ], "Block/Grant Access": "None", "Session Controls": [ "Persistent browser session (never persistent)" ] }, { "Name": "Live - Managed Devices SHOULD be Required (limited users)", "State": "Report-only", "Users": [ "Users included: 1 specific user", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Client apps included: all" ], "Block/Grant Access": "Allow access but require device to be marked compliant, OR Hybrid Azure AD joined device", "Session Controls": [ "None" ] }, { "Name": "LIVE - Auth Strength (Limited Users)", "State": "Report-only", "Users": [ "Users included: 1 specific user, 1 specific group", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: None", "Apps excluded: None" ], "Conditions": [ "Client apps included: all" ], "Block/Grant Access": "Allow access but require authentication strength (tqhjy Auth Strength)", "Session Controls": [ "None" ] }, { "Name": "Live - MFA registration with temporary access pass (limited users)", "State": "Report-only", "Users": [ "Users included: 1 specific user", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: actions", "User action: Register security info" ], "Conditions": [ "Locations included: all locations", "Locations excluded: all trusted locations", "Client apps included: all" ], "Block/Grant Access": "Allow access but require multifactor authentication", "Session Controls": [ "None" ] }, { "Name": "Live - MFA registration from Trusted Location only (limited users)", "State": "Report-only", "Users": [ "Users included: 1 specific user", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: actions", "User action: Register security info" ], "Conditions": [ "Locations included: all locations", "Locations excluded: all trusted locations", "Client apps included: all" ], "Block/Grant Access": "Block access", "Session Controls": [ "None" ] }, { "Name": "Live - MFA registration from Managed Device or Trusted Location only (limited users)", "State": "Report-only", "Users": [ "Users included: 1 specific user", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: actions", "User action: Register security info" ], "Conditions": [ "Locations included: all locations", "Locations excluded: all trusted locations", "Client apps included: all" ], "Block/Grant Access": "Allow access but require device to be marked compliant, OR Hybrid Azure AD joined device", "Session Controls": [ "None" ] }, { "Name": "Live - Device registration requires MFA (limited users)", "State": "Report-only", "Users": [ "Users included: 1 specific user", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: actions", "User action: Register or join devices" ], "Conditions": [ "Client apps included: all" ], "Block/Grant Access": "Allow access but require multifactor authentication", "Session Controls": [ "None" ] }, { "Name": "Live - Phishing Resistant MFA required (specific guest user)", "State": "Report-only", "Users": [ "Users included: 1 specific user", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Client apps included: all" ], "Block/Grant Access": "Allow access but require authentication strength (tqhjy Auth Strength)", "Session Controls": [ "None" ] }, { "Name": "MS.AAD.1.1v1 Legacy authentication SHALL be blocked", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Client apps included: Exchange ActiveSync Clients, Other clients" ], "Block/Grant Access": "Block access", "Session Controls": [ "None" ] }, { "Name": "MS.AAD.2.1v1 Users detected as high risk SHALL be blocked", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "User risk levels: high", "Client apps included: all" ], "Block/Grant Access": "Block access", "Session Controls": [ "None" ] }, { "Name": "MS.AAD.2.3v1 Sign-ins detected as high risk SHALL be blocked", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Sign-in risk levels: high", "Client apps included: all" ], "Block/Grant Access": "Block access", "Session Controls": [ "None" ] }, { "Name": "MS.AAD.3.2v1 If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Client apps included: all" ], "Block/Grant Access": "Allow access but require multifactor authentication", "Session Controls": [ "None" ] } ], "authorization_policies": [ { "AllowEmailVerifiedUsersToJoinOrganization": true, "AllowInvitesFrom": "adminsAndGuestInviters", "AllowUserConsentForRiskyApps": false, "AllowedToSignUpEmailBasedSubscriptions": true, "AllowedToUseSspr": true, "BlockMsolPowerShell": false, "DefaultUserRoleOverrides": null, "DefaultUserRolePermissions": { "AllowedToCreateApps": false, "AllowedToCreateSecurityGroups": true, "AllowedToCreateTenants": true, "AllowedToReadBitlockerKeysForOwnedDevice": true, "AllowedToReadOtherUsers": true }, "DeletedDateTime": null, "Description": "Used to manage authorization related settings across the company.", "DisplayName": "Authorization Policy", "EnabledPreviewFeatures": [ ], "GuestUserRoleId": "10dae51f-b6af-4016-8d66-8c2a99b929b3", "Id": "authorizationPolicy", "PermissionGrantPolicyIdsAssignedToDefaultUserRole": [ "ManagePermissionGrantsForOwnedResource.microsoft-dynamically-managed-permissions-for-chat", "ManagePermissionGrantsForOwnedResource.microsoft-dynamically-managed-permissions-for-team", "ManagePermissionGrantsForSelf.microsoft-user-default-legacy" ] } ], "privileged_users": { "66b4d5c2-71c9-4644-8728-74e3a8324d81": { "DisplayName": "John Public", "roles": [ "Hybrid Identity Administrator", "Privileged Role Administrator", "Application Administrator", "Exchange Administrator", "User Administrator", "Cloud Application Administrator", "Global Administrator", "SharePoint Administrator" ], "OnPremisesImmutableId": null }, "b49c71b8-d1a0-4e36-8f6d-9e66fbb98f0d": { "DisplayName": "Jane Doe", "roles": [ "Exchange Administrator", "Global Administrator", "SharePoint Administrator" ], "OnPremisesImmutableId": null }, "1bdebb27-053d-48f2-9413-d836ebedf0e8": { "DisplayName": "John Doe", "roles": [ "Exchange Administrator", "SharePoint Administrator", "SharePoint Administrator" ], "OnPremisesImmutableId": null } }, "privileged_roles": [ { "DisplayName": "Global Administrator", "RoleTemplateId": "62e90394-69f5-4237-9190-012177145e10", "Assignments": [ { "startDateTime": "Date(1647533824543)", "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEOpg3ULpV-pHikOiE9NqnLA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "4616f5af-97e5-4849-b8a0-aa1111cee134", "id": "lAPpYvVpN0KRkAEhdxReEOpg3ULpV-pHikOiE9NqnLA-1", "principalId": "42dd60ea-57e9-47ea-8a43-a213d36a9cb0", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEKhQmi2IZutIhkaGrLdOLwU-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEKhQmi2IZutIhkaGrLdOLwU-1", "id": "lAPpYvVpN0KRkAEhdxReEKhQmi2IZutIhkaGrLdOLwU-1", "principalId": "2d9a50a8-6688-48eb-8646-86acb74e2f05", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEHwV0C627m1FobGeEeQDs5s-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEHwV0C627m1FobGeEeQDs5s-1", "id": "lAPpYvVpN0KRkAEhdxReEHwV0C627m1FobGeEeQDs5s-1", "principalId": "2ed0157c-eeb6-456d-a1b1-9e11e403b39b", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEJhnQWuyh4tNnSdUPpYIzLY-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEJhnQWuyh4tNnSdUPpYIzLY-1", "id": "lAPpYvVpN0KRkAEhdxReEJhnQWuyh4tNnSdUPpYIzLY-1", "principalId": "6b416798-87b2-4d8b-9d27-543e9608ccb6", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEJmFf5QA7f9MuOqpJcR6L98-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEJmFf5QA7f9MuOqpJcR6L98-1", "id": "lAPpYvVpN0KRkAEhdxReEJmFf5QA7f9MuOqpJcR6L98-1", "principalId": "947f8599-ed00-4cff-b8ea-a925c47a2fdf", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEBzmca5l9LZNjSZfPlK92AA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEBzmca5l9LZNjSZfPlK92AA-1", "id": "lAPpYvVpN0KRkAEhdxReEBzmca5l9LZNjSZfPlK92AA-1", "principalId": "ae71e61c-f465-4db6-8d26-5f3e52bdd800", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEHBXl8g9jO9DhGZnhYSjLeU-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEHBXl8g9jO9DhGZnhYSjLeU-1", "id": "lAPpYvVpN0KRkAEhdxReEHBXl8g9jO9DhGZnhYSjLeU-1", "principalId": "c8975770-8c3d-43ef-8466-678584a32de5", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P15D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P1D" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ { "@odata.type": "#microsoft.graph.singleUser", "isBackup": false, "id": "f2ac2257-956e-4892-8ced-ec29a4198321", "description": "John Doe" }, { "@odata.type": "#microsoft.graph.singleUser", "isBackup": false, "id": "42dd60ea-57e9-47ea-8a43-a213d36a9cb0", "description": "John Doe" } ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "User Administrator", "RoleTemplateId": "fe930be7-5e62-47db-91af-98c3a49a38b1", "Assignments": [ { "startDateTime": null, "roleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", "id": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", "principalId": "2ed0157c-eeb6-456d-a1b1-9e11e403b39b", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1" }, { "startDateTime": null, "roleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", "id": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", "principalId": "ae71e61c-f465-4db6-8d26-5f3e52bdd800", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P1D" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ { "@odata.type": "#microsoft.graph.groupMembers", "isBackup": false, "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", "description": "privileged escalation approvers" } ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "Exchange Administrator", "RoleTemplateId": "29232cdf-9323-42fd-ade2-1d097af3e4de", "Assignments": [ { "startDateTime": "Date(1698183755703)", "roleAssignmentOriginId": "3ywjKSOT_UKt4h0JevPk3kcVpbOMP1tHg_cxXsxBHwk-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "7c437a1e-806b-46b8-a292-492eb51b0b92", "id": "3ywjKSOT_UKt4h0JevPk3kcVpbOMP1tHg_cxXsxBHwk-1", "principalId": "b3a51547-3f8c-475b-83f7-315ecc411f09", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" }, { "startDateTime": "Date(1648659568260)", "roleAssignmentOriginId": "3ywjKSOT_UKt4h0JevPk3tZJ7dK1F15HuY1ERGMIh18-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "a7621401-7a86-4529-afa1-e8cf6c0b3803", "id": "3ywjKSOT_UKt4h0JevPk3tZJ7dK1F15HuY1ERGMIh18-1", "principalId": "d2ed49d6-17b5-475e-b98d-44446308875f", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" }, { "startDateTime": "Date(1698180928977)", "roleAssignmentOriginId": "3ywjKSOT_UKt4h0JevPk3oMvMiVDshdEgtyHzg12f7Q-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "ca75b166-6cda-4274-b0d1-f6c8d47f113c", "id": "3ywjKSOT_UKt4h0JevPk3oMvMiVDshdEgtyHzg12f7Q-1", "principalId": "25322f83-b243-4417-82dc-87ce0d767fb4", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" }, { "startDateTime": "Date(1698244327697)", "roleAssignmentOriginId": "3ywjKSOT_UKt4h0JevPk3l2qS3XYAxpAo9TCF4ysGtw-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "632babd2-76f8-48a1-8eae-ecfb0196a23b", "id": "3ywjKSOT_UKt4h0JevPk3l2qS3XYAxpAo9TCF4ysGtw-1", "principalId": "754baa5d-03d8-401a-a3d4-c2178cac1adc", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P1D" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": true, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ { "@odata.type": "#microsoft.graph.groupMembers", "isBackup": false, "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", "description": "Privileged Escalation Approvers" } ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "SharePoint Administrator", "RoleTemplateId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c", "Assignments": [ { "startDateTime": "Date(1704924054887)", "roleAssignmentOriginId": "UB-K8uf2cUWBi2oS8q9rbJETiLuPI4hAjEAgc_yTTNc-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "675049b9-096c-4fa9-843c-c466fe9b34da", "id": "UB-K8uf2cUWBi2oS8q9rbJETiLuPI4hAjEAgc_yTTNc-1", "principalId": "bb881391-238f-4088-8c40-2073fc934cd7", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" }, { "startDateTime": "Date(1698180323417)", "roleAssignmentOriginId": "UB-K8uf2cUWBi2oS8q9rbIMvMiVDshdEgtyHzg12f7Q-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "3b365172-71c2-4b13-a6c5-b6e3524aeba4", "id": "UB-K8uf2cUWBi2oS8q9rbIMvMiVDshdEgtyHzg12f7Q-1", "principalId": "25322f83-b243-4417-82dc-87ce0d767fb4", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P180D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P1D" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": true, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ { "@odata.type": "#microsoft.graph.groupMembers", "isBackup": false, "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", "description": "privileged escalation approvers" } ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "Application Administrator", "RoleTemplateId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3", "Assignments": [ { "startDateTime": "Date(1648587304797)", "roleAssignmentOriginId": "kl2Jm9Msx0SdAqasLV6lw7CVAgFZ8N5GoYOOHhyOzjA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "69f5b475-3595-4447-83ff-85b6d7132a0c", "id": "kl2Jm9Msx0SdAqasLV6lw7CVAgFZ8N5GoYOOHhyOzjA-1", "principalId": "010295b0-f059-46de-a183-8e1e1c8ece30", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3" }, { "startDateTime": null, "roleAssignmentOriginId": "kl2Jm9Msx0SdAqasLV6lw0bISuVaH_5KqmknO0LDsME-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "kl2Jm9Msx0SdAqasLV6lw0bISuVaH_5KqmknO0LDsME-1", "id": "kl2Jm9Msx0SdAqasLV6lw0bISuVaH_5KqmknO0LDsME-1", "principalId": "e54ac846-1f5a-4afe-aa69-273b42c3b0c1", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "PT2H" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "Privileged Role Administrator", "RoleTemplateId": "e8611ab8-c189-46e8-94e1-60213ab1f814", "Assignments": [ { "startDateTime": "Date(1647482863980)", "roleAssignmentOriginId": "uBph6InB6EaU4WAhOrH4FOpg3ULpV-pHikOiE9NqnLA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "b6624013-0364-471b-a861-00aad19e7415", "id": "uBph6InB6EaU4WAhOrH4FOpg3ULpV-pHikOiE9NqnLA-1", "principalId": "42dd60ea-57e9-47ea-8a43-a213d36a9cb0", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "e8611ab8-c189-46e8-94e1-60213ab1f814" }, { "startDateTime": null, "roleAssignmentOriginId": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", "id": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", "principalId": "0bdffa70-6120-4c17-9ed8-fc6f2332a149", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "e8611ab8-c189-46e8-94e1-60213ab1f814" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P1D" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ { "@odata.type": "#microsoft.graph.groupMembers", "isBackup": false, "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", "description": "privileged escalation approvers" } ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "Cloud Application Administrator", "RoleTemplateId": "158c047a-c907-4556-b7ef-446551a6b5f7", "Assignments": [ ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "PT8H" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "Hybrid Identity Administrator", "RoleTemplateId": "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2", "Assignments": [ ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "PT8H" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] } ], "service_plans": [ { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "922ba911-5694-4e99-a794-73aed9bfeec8", "ServicePlanName": "EXCHANGE_S_FOUNDATION_GOV", "AdditionalProperties": { } }, { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "1ddffef6-4f69-455e-89c7-d5d72105f915", "ServicePlanName": "CDS_DB_CAPACITY_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "cd31b152-6326-4d1b-ae1b-997b625182e6", "ServicePlanName": "MIP_S_Exchange", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "b74d57b2-58e9-484a-9731-aeccbba954f0", "ServicePlanName": "GRAPH_CONNECTORS_SEARCH_INDEX_TOPICEXP", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "a6520331-d7d4-4276-95f5-15c0933bc757", "ServicePlanName": "GRAPH_CONNECTORS_SEARCH_INDEX", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "bf6f5520-59e3-4f82-974b-7dbbc4fd27c7", "ServicePlanName": "SAFEDOCS", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "9b7c50ec-cd50-44f2-bf48-d72de6f90717", "ServicePlanName": "PROJECT_O365_P3_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "3fb82609-8c27-4f7b-bd51-30634711ee67", "ServicePlanName": "BPOS_S_TODO_3", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "4a51bca5-1eff-43f5-878c-177680f191af", "ServicePlanName": "WHITEBOARD_PLAN3", "AdditionalProperties": { } }, { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "94065c59-bc8e-4e8b-89e5-5138d471eaff", "ServicePlanName": "MICROSOFT_SEARCH", "AdditionalProperties": { } }, { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "2b815d45-56e4-4e3a-b65c-66cb9175b560", "ServicePlanName": "ContentExplorer_Standard", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "c4801e8a-cb58-4c35-aca6-f2dcc106f287", "ServicePlanName": "INFORMATION_BARRIERS", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "bce5e5ca-c2fd-4d53-8ee2-58dfffed4c10", "ServicePlanName": "CDS_O365_P3_GCC", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "a7d3fb37-b6df-4085-b509-50810d991a39", "ServicePlanName": "DYN365_CDS_O365_P3_GCC", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "d2d51368-76c9-4317-ada2-a12c004c432f", "ServicePlanName": "ML_CLASSIFICATION", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "64bfac92-2b17-4482-b5e5-a0304429de3e", "ServicePlanName": "MICROSOFTENDPOINTDLP", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "a31ef4a2-f787-435e-8335-e47eb0cafc94", "ServicePlanName": "MCOSTANDARD_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "153f85dd-d912-4762-af6c-d6e0fb4f6692", "ServicePlanName": "SHAREPOINTENTERPRISE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "617b097b-4b93-4ede-83de-5f075bb5fb2f", "ServicePlanName": "PREMIUM_ENCRYPTION", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "944e9726-f011-4353-b654-5f7d2663db76", "ServicePlanName": "BI_AZURE_P_2_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "8055d84a-c172-42eb-b997-6c2ae4628246", "ServicePlanName": "FLOW_O365_P3_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "0eacfc38-458a-40d3-9eab-9671258f1a3e", "ServicePlanName": "POWERAPPS_O365_P3_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "8f9f0f3b-ca90-406c-a842-95579171f8ec", "ServicePlanName": "SHAREPOINTWAC_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "5b4ef465-7ea1-459a-9f91-033317755a51", "ServicePlanName": "PROJECTWORKMANAGEMENT_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "d1cbfb67-18a8-4792-b643-630b7f19aad1", "ServicePlanName": "EQUIVIO_ANALYTICS_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "304767db-7d23-49e8-a945-4a7eb65f9f28", "ServicePlanName": "TEAMS_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "92c2089d-9a53-49fe-b1a6-9e6bdf959547", "ServicePlanName": "STREAM_O365_E5_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "65cc641f-cccd-4643-97e0-a17e3045e541", "ServicePlanName": "RECORDS_MANAGEMENT", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "208120d1-9adb-4daf-8c22-816bd5d237e7", "ServicePlanName": "EXCHANGE_ANALYTICS_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "c1ec4a95-1f05-45b3-a911-aa3fa01094f5", "ServicePlanName": "INTUNE_A", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "d587c7a3-bda9-4f99-8776-9bcf59c84f75", "ServicePlanName": "INSIDER_RISK", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "900018f1-0cdb-4ecb-94d4-90281760fdc6", "ServicePlanName": "THREAT_INTELLIGENCE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "493ff600-6a2b-4db6-ad37-a7d4eb214516", "ServicePlanName": "ATP_ENTERPRISE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "14ab5db5-e6c4-4b20-b4bc-13e36fd2227f", "ServicePlanName": "ATA", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "6db1f1db-2b46-403f-be40-e39395f08dbb", "ServicePlanName": "CUSTOMER_KEY", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "6dc145d6-95dd-4191-b9c3-185575ee6f6b", "ServicePlanName": "COMMUNICATIONS_DLP", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2", "ServicePlanName": "ADALLOM_S_STANDALONE", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "199a5c09-e0ca-4e37-8f7c-b05d533e1ea2", "ServicePlanName": "MICROSOFTBOOKINGS", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "8a256a2b-b617-496d-b51b-e76466e88db0", "ServicePlanName": "MFA_PREMIUM", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "db23fce2-a974-42ef-9002-d78dd42a0f22", "ServicePlanName": "MCOEV_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "bf28f719-7844-4079-9c78-c1307898e192", "ServicePlanName": "MTP", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "f544b08d-1645-4287-82de-8d91f37c02a1", "ServicePlanName": "MCOMEETADV_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "de9234ff-6483-44d9-b15e-dca72fdd27af", "ServicePlanName": "OFFICESUBSCRIPTION_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "2f442157-a11c-46b9-ae5b-6e39ff4e5849", "ServicePlanName": "M365_ADVANCED_AUDITING", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "a413a9ff-720c-4822-98ef-2f37c2a21f4c", "ServicePlanName": "MICROSOFT_COMMUNICATION_COMPLIANCE", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "5136a095-5cf0-4aff-bec3-e84448b38ea5", "ServicePlanName": "MIP_S_CLP1", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "efb0351d-3b08-4503-993d-383af8de41e3", "ServicePlanName": "MIP_S_CLP2", "AdditionalProperties": { } }, { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "d9fa6af4-e046-4c89-9226-729a0786685d", "ServicePlanName": "Content_Explorer", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "843da3a8-d2cc-4e7a-9e90-dc46019f964c", "ServicePlanName": "FORMS_GOV_E5", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "8c3069c0-ccdb-44be-ab77-986203a67df2", "ServicePlanName": "EXCHANGE_S_ENTERPRISE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "89b5d3b1-3855-49fe-b46c-87c66dbc1526", "ServicePlanName": "LOCKBOX_ENTERPRISE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "1b66aedf-8ca1-4f73-af76-ec76c6180f98", "ServicePlanName": "RMS_S_PREMIUM_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "5400a66d-eaa5-427d-80f2-0f26d59d8fce", "ServicePlanName": "RMS_S_PREMIUM2_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "6a76346d-5d6e-4051-9fe3-ed3f312b5597", "ServicePlanName": "RMS_S_ENTERPRISE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "eec0eb4f-6444-4f95-aba0-50c24d67f998", "ServicePlanName": "AAD_PREMIUM_P2", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "41781fb2-bc02-4b7c-bd55-b576c07bb09d", "ServicePlanName": "AAD_PREMIUM", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "e26c2fcc-ab91-4a61-b35c-03cdc8dddf66", "ServicePlanName": "INFO_GOVERNANCE", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "871d91ec-ec1a-452b-a83f-bd76c7d770ef", "ServicePlanName": "WINDEFATP", "AdditionalProperties": { } } ], "directory_settings": [ { "DisplayName": "Group.Unified", "Id": "5ce54204-ef8d-44c5-af88-dc8bd4c16069", "TemplateId": "62375ab9-6b52-47ed-826b-58e47e0e304b", "Values": [ { "Name": "NewUnifiedGroupWritebackDefault", "Value": "true" }, { "Name": "EnableMIPLabels", "Value": "False" }, { "Name": "CustomBlockedWordsList", "Value": "" }, { "Name": "EnableMSStandardBlockedWords", "Value": "False" }, { "Name": "ClassificationDescriptions", "Value": "" }, { "Name": "DefaultClassification", "Value": "" }, { "Name": "PrefixSuffixNamingRequirement", "Value": "" }, { "Name": "AllowGuestsToBeGroupOwner", "Value": "False" }, { "Name": "AllowGuestsToAccessGroups", "Value": "True" }, { "Name": "GuestUsageGuidelinesUrl", "Value": "" }, { "Name": "GroupCreationAllowedGroupId", "Value": "67f62883-f97a-4192-a300-8a1576af8056" }, { "Name": "AllowToAddGuests", "Value": "True" }, { "Name": "UsageGuidelinesUrl", "Value": "" }, { "Name": "ClassificationList", "Value": "" }, { "Name": "EnableGroupCreation", "Value": "False" } ], "AdditionalProperties": { } }, { "DisplayName": "Consent Policy Settings", "Id": "62c1305f-60f0-4096-8d72-e1f74e8627f5", "TemplateId": "dffd5d46-495d-40a9-8e21-954ff55e198a", "Values": [ { "Name": "BlockUserConsentForRiskyApps", "Value": "true" }, { "Name": "EnableAdminConsentRequests", "Value": "false" } ], "AdditionalProperties": { } } ], "authentication_method": [ { "authentication_method_feature_settings": [ { "ExcludeTargets": [ ], "Id": "Fido2", "State": "enabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration", "isSelfServiceRegistrationAllowed": true, "isAttestationEnforced": true, "defaultPasskeyProfile": "00000000-0000-0000-0000-000000000001", "keyRestrictions": { "isEnforced": true, "enforcementType": "allow", "aaGuids": [ "c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", "73bb0cd4-e502-49b8-9c6f-b59445bf720b", "85203421-48f9-4355-9bc8-8a53846e5083" ] }, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')/microsoft.graph.fido2AuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "e426e4a9-2045-48fe-9949-774a999f7972", "isRegistrationRequired": false, "allowedPasskeyProfiles": [ "00000000-0000-0000-0000-000000000001" ] } ], "passkeyProfiles": [ { "id": "00000000-0000-0000-0000-000000000001", "name": "FIDO2 default profile", "passkeyTypes": "deviceBound", "isAttestationEnforced": true, "keyRestrictions": { "isEnforced": true, "enforcementType": "allow", "aaGuids": [ "c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", "73bb0cd4-e502-49b8-9c6f-b59445bf720b", "85203421-48f9-4355-9bc8-8a53846e5083" ] } } ] } }, { "ExcludeTargets": [ ], "Id": "MicrosoftAuthenticator", "State": "enabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration", "isSoftwareOathEnabled": false, "featureSettings": { "companionAppAllowedState": { "state": "default", "includeTarget": { "targetType": "group", "id": "all_users" }, "excludeTarget": { "targetType": "group", "id": "00000000-0000-0000-0000-000000000000" } }, "numberMatchingRequiredState": { "state": "enabled", "includeTarget": { "targetType": "group", "id": "all_users" }, "excludeTarget": { "targetType": "group", "id": "00000000-0000-0000-0000-000000000000" } }, "displayAppInformationRequiredState": { "state": "enabled", "includeTarget": { "targetType": "group", "id": "all_users" }, "excludeTarget": { "targetType": "group", "id": "00000000-0000-0000-0000-000000000000" } }, "displayLocationInformationRequiredState": { "state": "enabled", "includeTarget": { "targetType": "group", "id": "all_users" }, "excludeTarget": { "targetType": "group", "id": "00000000-0000-0000-0000-000000000000" } } }, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')/microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false, "authenticationMode": "any" } ] } }, { "ExcludeTargets": [ ], "Id": "Sms", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.smsAuthenticationMethodConfiguration", "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Sms')/microsoft.graph.smsAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "user", "id": "42dd60ea-57e9-47ea-8a43-a213d36a9cb0", "isRegistrationRequired": false, "isUsableForSignIn": true } ] } }, { "ExcludeTargets": [ ], "Id": "TemporaryAccessPass", "State": "enabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration", "defaultLifetimeInMinutes": 60, "defaultLength": 8, "minimumLifetimeInMinutes": 10, "maximumLifetimeInMinutes": 120, "isUsableOnce": true, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('TemporaryAccessPass')/microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false } ] } }, { "ExcludeTargets": [ ], "Id": "HardwareOath", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.hardwareOathAuthenticationMethodConfiguration", "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('HardwareOath')/microsoft.graph.hardwareOathAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false } ] } }, { "ExcludeTargets": [ ], "Id": "SoftwareOath", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.softwareOathAuthenticationMethodConfiguration", "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('SoftwareOath')/microsoft.graph.softwareOathAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false } ] } }, { "ExcludeTargets": [ ], "Id": "Voice", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.voiceAuthenticationMethodConfiguration", "isOfficePhoneAllowed": false, "isCustomGreetingEnabled": false, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Voice')/microsoft.graph.voiceAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false } ] } }, { "ExcludeTargets": [ ], "Id": "Email", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.emailAuthenticationMethodConfiguration", "allowExternalIdToUseEmailOtp": "disabled", "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Email')/microsoft.graph.emailAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ ] } }, { "ExcludeTargets": [ ], "Id": "X509Certificate", "State": "enabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration", "certificateUserBindings": [ { "x509CertificateField": "PrincipalName", "userProperty": "certificateUserIds", "priority": 1, "trustAffinityLevel": "low" } ], "authenticationModeConfiguration": { "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor", "x509CertificateDefaultRequiredAffinityLevel": "low", "rules": { "x509CertificateRuleType": "policyOID", "identifier": "2.16.840.1.101.3.2.1.3.13", "x509CertificateAuthenticationMode": "x509CertificateMultiFactor", "x509CertificateRequiredAffinityLevel": "low", "policyOidIdentifier": "2.16.840.1.101.3.2.1.3.13" } }, "issuerHintsConfiguration": { "state": "disabled" }, "crlValidationConfiguration": { "state": "disabled", "exemptedCertificateAuthoritiesSubjectKeyIdentifiers": [ ] }, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('X509Certificate')/microsoft.graph.x509CertificateAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "64720f66-b5cc-41ae-aec7-562f90038952", "isRegistrationRequired": false }, { "targetType": "group", "id": "bf430dde-a18a-476d-977b-81796b4ab2c0", "isRegistrationRequired": false } ] } } ], "authentication_method_policy": { "Description": "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings", "DisplayName": "Authentication Methods Policy", "Id": "authenticationMethodsPolicy", "LastModifiedDateTime": "Date(1708376786872)", "PolicyMigrationState": "preMigration", "PolicyVersion": "1.5", "ReconfirmationInDays": null, "RegistrationEnforcement": { "AuthenticationMethodsRegistrationCampaign": { "EnforceRegistrationAfterAllowedSnoozes": true, "ExcludeTargets": [ { "Id": "64720f66-b5cc-41ae-aec7-562f90038952", "TargetType": "group" }, { "Id": "6066af10-d921-4de6-9ae4-7f01057ec372", "TargetType": "user" }, { "Id": "2bfd4ad1-66be-4952-9d8e-d80f228660a0", "TargetType": "user" }, { "Id": "7a22bd70-341c-4903-a014-d8cfd5c1d75f", "TargetType": "user" } ], "IncludeTargets": [ { "Id": "all_users", "TargetType": "group", "TargetedAuthenticationMethod": "microsoftAuthenticator" } ], "SnoozeDurationInDays": 1, "State": "disabled" } }, "ReportSuspiciousActivitySettings": { "IncludeTarget": { "Id": "all_users", "TargetType": "group" }, "State": "default", "VoiceReportingCode": 0 }, "SystemCredentialPreferences": { "ExcludeTargets": [ ], "IncludeTargets": [ { "Id": "all_users", "TargetType": "group" } ], "State": "default" }, "AdditionalProperties": { "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodsPolicy", "authenticationMethodConfigurations@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations" } } } ], "domain_settings": { "AuthenticationType": "Managed", "AvailabilityStatus": null, "DomainNameReferences": null, "FederationConfiguration": null, "Id": "tqhjy.onmicrosoft.com", "IsAdminManaged": true, "IsDefault": true, "IsInitial": true, "IsRoot": true, "IsVerified": true, "PasswordNotificationWindowInDays": 14, "PasswordValidityPeriodInDays": 2147483647, "ServiceConfigurationRecords": null, "SharedEmailDomainInvitations": null, "State": { "LastActionDateTime": null, "Operation": null, "Status": null }, "SupportedServices": [ "Email", "OfficeCommunicationsOnline" ], "VerificationDnsRecords": null, "AdditionalProperties": { } }, "license_information": [ { "SkuId": "eddf428b-da0e-4115-accf-b29eb0b83965", "SkuPartNumber": "CDS_DB_CAPACITY_GOV", "ConsumedUnits": 0, "PrepaidUnits": { "Enabled": 1, "LockedOut": 0, "Suspended": 0, "Warning": 0 } }, { "SkuId": "e2be619b-b125-455f-8660-fb503e431a5d", "SkuPartNumber": "M365_G5_GCC", "ConsumedUnits": 30, "PrepaidUnits": { "Enabled": 30, "LockedOut": 0, "Suspended": 0, "Warning": 0 } } ], "total_user_count": 88, "aad_successful_commands": [ "Get-MgBetaIdentityConditionalAccessPolicy", "Get-MgBetaSubscribedSku", "Get-PrivilegedUser", "Get-PrivilegedRole", "Get-MgBetaUserCount", "Get-MgBetaPolicyAuthorizationPolicy", "Get-MgBetaDirectorySetting", "Get-MgBetaPolicyAuthenticationMethodPolicy", "Get-MgBetaDomain" ], "aad_unsuccessful_commands": [ ], "protection_policy_rules": [ { "HostedContentFilterPolicy": "Strict Preset Security Policy1681329956650", "AntiPhishPolicy": "Strict Preset Security Policy1681329955447", "MalwareFilterPolicy": "Strict Preset Security Policy1681329957931", "State": "Disabled", "Priority": 0, "Comments": null, "Description": "Take the following actions:\r\n\tApply hosted content filter policy \"Strict Preset Security Policy1681329956650\"., Apply AntiPhish policy \"Strict Preset Security Policy1681329955447\"., Apply malware filter policy \"Strict Preset Security Policy1681329957931\".\r\n", "RuleVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "SentTo": null, "SentToMemberOf": null, "RecipientDomainIs": null, "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfRecipientDomainIs": null, "Conditions": null, "Exceptions": null, "Identity": "Strict Preset Security Policy", "DistinguishedName": "CN=Strict Preset Security Policy,CN=EOPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "9d0f5aee-cf8c-4239-9ec4-3560118c1b7e", "ImmutableId": "9d0f5aee-cf8c-4239-9ec4-3560118c1b7e", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Strict Preset Security Policy", "IsValid": true, "WhenChanged": "Date(1722573663000)", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" }, { "HostedContentFilterPolicy": "Standard Preset Security Policy1659535432883", "AntiPhishPolicy": "Standard Preset Security Policy1659535429826", "MalwareFilterPolicy": "Standard Preset Security Policy1659535435292", "State": "Enabled", "Priority": 1, "Comments": null, "Description": "Take the following actions:\r\n\tApply hosted content filter policy \"Standard Preset Security Policy1659535432883\"., Apply AntiPhish policy \"Standard Preset Security Policy1659535429826\"., Apply malware filter policy \"Standard Preset Security Policy1659535435292\".\r\n", "RuleVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "SentTo": null, "SentToMemberOf": null, "RecipientDomainIs": null, "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfRecipientDomainIs": null, "Conditions": null, "Exceptions": null, "Identity": "Standard Preset Security Policy", "DistinguishedName": "CN=Standard Preset Security Policy,CN=EOPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "83318c49-93e8-497b-8fd3-614b090e6103", "ImmutableId": "83318c49-93e8-497b-8fd3-614b090e6103", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Standard Preset Security Policy", "IsValid": true, "WhenChanged": "Date(1722573687000)", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" } ], "atp_policy_rules": [ { "SafeAttachmentPolicy": "Strict Preset Security Policy1681329958553", "SafeLinksPolicy": "Strict Preset Security Policy1681329959203", "State": "Enabled", "Priority": 0, "Comments": null, "Description": "Take the following actions:\r\n\tApply safe attachment policy \"Strict Preset Security Policy1681329958553\"., Apply safe links policy \"Strict Preset Security Policy1681329959203\".\r\n", "RuleVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "SentTo": null, "SentToMemberOf": null, "RecipientDomainIs": null, "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfRecipientDomainIs": null, "Conditions": null, "Exceptions": null, "Identity": "Strict Preset Security Policy", "DistinguishedName": "CN=Strict Preset Security Policy,CN=ATPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "92ea4876-f3bc-4f2f-9c6a-d4ad7bedc31e", "ImmutableId": "92ea4876-f3bc-4f2f-9c6a-d4ad7bedc31e", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Strict Preset Security Policy", "IsValid": true, "WhenChanged": "Date(1722573778000)", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" }, { "SafeAttachmentPolicy": "Standard Preset Security Policy1659535436109", "SafeLinksPolicy": "Standard Preset Security Policy1659535436756", "State": "Disabled", "Priority": 1, "Comments": null, "Description": "Take the following actions:\r\n\tApply safe attachment policy \"Standard Preset Security Policy1659535436109\"., Apply safe links policy \"Standard Preset Security Policy1659535436756\".\r\n", "RuleVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "SentTo": null, "SentToMemberOf": null, "RecipientDomainIs": null, "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfRecipientDomainIs": null, "Conditions": null, "Exceptions": null, "Identity": "Standard Preset Security Policy", "DistinguishedName": "CN=Standard Preset Security Policy,CN=ATPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "d6c7c877-13b8-4baf-a85c-bc1c008fa515", "ImmutableId": "d6c7c877-13b8-4baf-a85c-bc1c008fa515", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Standard Preset Security Policy", "IsValid": true, "WhenChanged": "Date(1722573687000)", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" } ], "dlp_compliance_policies": [ { "Mode": "Disable", "DisplayName": "PR Test Policy", "Type": "Dlp", "ExchangeLocation": [ "All" ], "SharePointLocation": [ "All" ], "SharePointLocationException": [ ], "OneDriveLocation": [ "All" ], "OneDriveLocationException": [ ], "ExchangeOnPremisesLocation": [ ], "SharePointOnPremisesLocation": [ ], "SharePointOnPremisesLocationException": [ ], "TeamsLocation": [ "All" ], "TeamsLocationException": [ ], "EndpointDlpLocation": [ ], "EndpointDlpLocationException": [ ], "ThirdPartyAppDlpLocation": [ "All" ], "ThirdPartyAppDlpLocationException": [ ], "OnPremisesScannerDlpLocation": [ ], "OnPremisesScannerDlpLocationException": [ ], "PowerBIDlpLocation": [ ], "PowerBIDlpLocationException": [ ], "Locations": "", "LocationInclusions": [ ], "LocationExclusions": [ ], "EndpointDlpExtendedLocations": "", "ExchangeSender": [ ], "ExchangeSenderException": [ ], "PolicyTemplateInfo": null, "MatchedItemsCount": null, "TotalItemsCount": null, "TopNLocationStatistics": null, "WorkloadStatistics": null, "IsSimulationPolicy": false, "SimulationStatus": null, "AutoEnableAfter": null, "IsFromSmartInsights": null, "IsColdDataSimulationPolicy": false, "ExtendedProperties": null, "Summary": false, "OneDriveSharedBy": [ ], "ExceptIfOneDriveSharedBy": [ ], "OneDriveSharedByMemberOf": [ ], "ExceptIfOneDriveSharedByMemberOf": [ ], "ExchangeSenderMemberOf": [ ], "ExchangeSenderMemberOfException": [ ], "ExchangeAdaptiveScopes": null, "ExchangeAdaptiveScopesException": null, "SharePointAdaptiveScopes": null, "SharePointAdaptiveScopesException": null, "OneDriveAdaptiveScopes": null, "OneDriveAdaptiveScopesException": null, "TeamsAdaptiveScopes": null, "TeamsAdaptiveScopesException": null, "EndpointDlpAdaptiveScopes": null, "EndpointDlpAdaptiveScopesException": null, "ExpectedLocations": 0, "CompletedLocations": 0, "FailedLocations": 0, "ItemStatistics": null, "RuleMatchBlob": null, "ErrorMetadata": null, "UserAdministrativeUnitMembershipMap": null, "ForceValidate": false, "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-10-20T13:50:12.6419467Z\"}", "ReusableComponentType": "Unknown", "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, ThirdPartyApps", "Priority": 0, "ObjectVersion": "43e3a212-d336-4f81-08c1-08dbfd7c3196", "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "ReadOnly": false, "ExternalIdentity": "", "Comment": "To be deleted after Emerald merge testing.", "Enabled": false, "DistributionStatus": "Pending", "DistributionSyncStatus": "Unknown", "DistributionResults": null, "LastStatusUpdateTime": null, "ModificationTimeUtc": "Date(1702673005273)", "CreationTimeUtc": "Date(1697743859187)", "PolicyRBACScopes": [ ], "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/PR Test Policy", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/PR Test Policy", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "PR Test Policy", "DistinguishedName": "CN=PR Test Policy,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedPolicy" ], "WhenChanged": "Date(1702651405000)", "WhenCreated": "Date(1697725859000)", "WhenChangedUTC": "Date(1702651405000)", "WhenCreatedUTC": "Date(1697725859000)", "ExchangeObjectId": "46f77b71-78a1-428f-a433-a7c8cca1c6e7", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "Guid": "46f77b71-78a1-428f-a433-a7c8cca1c6e7", "OriginatingServer": "", "ObjectState": "Changed" }, { "Mode": "Enable", "DisplayName": "Default Office 365 DLP policy", "Type": "Dlp", "ExchangeLocation": [ "All" ], "SharePointLocation": [ "All" ], "SharePointLocationException": [ ], "OneDriveLocation": [ "All" ], "OneDriveLocationException": [ ], "ExchangeOnPremisesLocation": [ ], "SharePointOnPremisesLocation": [ ], "SharePointOnPremisesLocationException": [ ], "TeamsLocation": [ "All" ], "TeamsLocationException": [ ], "EndpointDlpLocation": [ ], "EndpointDlpLocationException": [ ], "ThirdPartyAppDlpLocation": [ ], "ThirdPartyAppDlpLocationException": [ ], "OnPremisesScannerDlpLocation": [ "All" ], "OnPremisesScannerDlpLocationException": [ ], "PowerBIDlpLocation": [ ], "PowerBIDlpLocationException": [ ], "Locations": "", "LocationInclusions": [ ], "LocationExclusions": [ ], "EndpointDlpExtendedLocations": "", "ExchangeSender": [ ], "ExchangeSenderException": [ ], "PolicyTemplateInfo": { }, "MatchedItemsCount": null, "TotalItemsCount": null, "TopNLocationStatistics": null, "WorkloadStatistics": null, "IsSimulationPolicy": false, "SimulationStatus": null, "AutoEnableAfter": null, "IsFromSmartInsights": null, "IsColdDataSimulationPolicy": false, "ExtendedProperties": null, "Summary": false, "OneDriveSharedBy": [ ], "ExceptIfOneDriveSharedBy": [ ], "OneDriveSharedByMemberOf": [ ], "ExceptIfOneDriveSharedByMemberOf": [ ], "ExchangeSenderMemberOf": [ ], "ExchangeSenderMemberOfException": [ ], "ExchangeAdaptiveScopes": null, "ExchangeAdaptiveScopesException": null, "SharePointAdaptiveScopes": null, "SharePointAdaptiveScopesException": null, "OneDriveAdaptiveScopes": null, "OneDriveAdaptiveScopesException": null, "TeamsAdaptiveScopes": null, "TeamsAdaptiveScopesException": null, "EndpointDlpAdaptiveScopes": null, "EndpointDlpAdaptiveScopesException": null, "ExpectedLocations": 0, "CompletedLocations": 0, "FailedLocations": 0, "ItemStatistics": null, "RuleMatchBlob": null, "ErrorMetadata": null, "UserAdministrativeUnitMembershipMap": null, "ForceValidate": false, "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-10-05T17:47:20.3689468Z\"}", "ReusableComponentType": "Unknown", "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner", "Priority": 1, "ObjectVersion": "fe559c64-4f24-4f09-09f6-08dc7675e468", "CreatedBy": "", "LastModifiedBy": "John Doe", "ReadOnly": false, "ExternalIdentity": "", "Comment": "This policy detects the presence of credit card numbers in externally shared documents and emails. End users are notified of the detection with the suggestion to consider either removing the sensitive data or restricting the sharing.", "Enabled": true, "DistributionStatus": "Pending", "DistributionSyncStatus": "Unknown", "DistributionResults": null, "LastStatusUpdateTime": null, "ModificationTimeUtc": "Date(1715970789503)", "CreationTimeUtc": "Date(1614655720970)", "PolicyRBACScopes": [ ], "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default Office 365 DLP policy", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default Office 365 DLP policy", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Default Office 365 DLP policy", "DistinguishedName": "CN=Default Office 365 DLP policy,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedPolicy" ], "WhenChanged": "Date(1715952789000)", "WhenCreated": "Date(1617646100000)", "WhenChangedUTC": "Date(1715952789000)", "WhenCreatedUTC": "Date(1617646100000)", "ExchangeObjectId": "8cb4f574-1a54-45e1-bf58-73bbe023ebad", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "Guid": "8cb4f574-1a54-45e1-bf58-73bbe023ebad", "OriginatingServer": "", "ObjectState": "Changed" }, { "Mode": "Disable", "DisplayName": "tqhjy DLP Policy for PII", "Type": "Dlp", "ExchangeLocation": [ "All" ], "SharePointLocation": [ "All" ], "SharePointLocationException": [ ], "OneDriveLocation": [ "All" ], "OneDriveLocationException": [ ], "ExchangeOnPremisesLocation": [ ], "SharePointOnPremisesLocation": [ ], "SharePointOnPremisesLocationException": [ ], "TeamsLocation": [ "All" ], "TeamsLocationException": [ ], "EndpointDlpLocation": [ ], "EndpointDlpLocationException": [ ], "ThirdPartyAppDlpLocation": [ ], "ThirdPartyAppDlpLocationException": [ ], "OnPremisesScannerDlpLocation": [ ], "OnPremisesScannerDlpLocationException": [ ], "PowerBIDlpLocation": [ ], "PowerBIDlpLocationException": [ ], "Locations": "", "LocationInclusions": [ ], "LocationExclusions": [ ], "EndpointDlpExtendedLocations": "", "ExchangeSender": [ ], "ExchangeSenderException": [ ], "PolicyTemplateInfo": { }, "MatchedItemsCount": null, "TotalItemsCount": null, "TopNLocationStatistics": null, "WorkloadStatistics": null, "IsSimulationPolicy": false, "SimulationStatus": null, "AutoEnableAfter": null, "IsFromSmartInsights": null, "IsColdDataSimulationPolicy": false, "ExtendedProperties": null, "Summary": false, "OneDriveSharedBy": [ ], "ExceptIfOneDriveSharedBy": [ ], "OneDriveSharedByMemberOf": [ ], "ExceptIfOneDriveSharedByMemberOf": [ ], "ExchangeSenderMemberOf": [ ], "ExchangeSenderMemberOfException": [ ], "ExchangeAdaptiveScopes": null, "ExchangeAdaptiveScopesException": null, "SharePointAdaptiveScopes": null, "SharePointAdaptiveScopesException": null, "OneDriveAdaptiveScopes": null, "OneDriveAdaptiveScopesException": null, "TeamsAdaptiveScopes": null, "TeamsAdaptiveScopesException": null, "EndpointDlpAdaptiveScopes": null, "EndpointDlpAdaptiveScopesException": null, "ExpectedLocations": 0, "CompletedLocations": 0, "FailedLocations": 0, "ItemStatistics": null, "RuleMatchBlob": null, "ErrorMetadata": null, "UserAdministrativeUnitMembershipMap": null, "ForceValidate": false, "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-06-14T14:36:08.0311995Z\"}", "ReusableComponentType": "Unknown", "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Priority": 2, "ObjectVersion": "2100d11a-6dd8-4e2a-4776-08dbcf0f5618", "CreatedBy": "d459e626-e311-4242-bb40-263313097103", "LastModifiedBy": "John Doe", "ReadOnly": false, "ExternalIdentity": "", "Comment": "", "Enabled": false, "DistributionStatus": "Pending", "DistributionSyncStatus": "Unknown", "DistributionResults": null, "LastStatusUpdateTime": null, "ModificationTimeUtc": "Date(1697564897897)", "CreationTimeUtc": "Date(1618336038880)", "PolicyRBACScopes": [ ], "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/tqhjy DLP Policy for PII", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/tqhjy DLP Policy for PII", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "tqhjy DLP Policy for PII", "DistinguishedName": "CN=tqhjy DLP Policy for PII,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedPolicy" ], "WhenChanged": "Date(1697546897000)", "WhenCreated": "Date(1618318038000)", "WhenChangedUTC": "Date(1697546897000)", "WhenCreatedUTC": "Date(1618318038000)", "ExchangeObjectId": "b800d92f-a479-47a9-bcfa-306db665aaa1", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "Guid": "b800d92f-a479-47a9-bcfa-306db665aaa1", "OriginatingServer": "", "ObjectState": "Changed" }, { "Mode": "Disable", "DisplayName": "Defender Baseline Testing Policy", "Type": "Dlp", "ExchangeLocation": [ "All" ], "SharePointLocation": [ "All" ], "SharePointLocationException": [ ], "OneDriveLocation": [ "All" ], "OneDriveLocationException": [ ], "ExchangeOnPremisesLocation": [ ], "SharePointOnPremisesLocation": [ ], "SharePointOnPremisesLocationException": [ ], "TeamsLocation": [ "All" ], "TeamsLocationException": [ ], "EndpointDlpLocation": [ ], "EndpointDlpLocationException": [ ], "ThirdPartyAppDlpLocation": [ ], "ThirdPartyAppDlpLocationException": [ ], "OnPremisesScannerDlpLocation": [ ], "OnPremisesScannerDlpLocationException": [ ], "PowerBIDlpLocation": [ ], "PowerBIDlpLocationException": [ ], "Locations": "", "LocationInclusions": [ ], "LocationExclusions": [ ], "EndpointDlpExtendedLocations": "", "ExchangeSender": [ ], "ExchangeSenderException": [ ], "PolicyTemplateInfo": null, "MatchedItemsCount": null, "TotalItemsCount": null, "TopNLocationStatistics": null, "WorkloadStatistics": null, "IsSimulationPolicy": false, "SimulationStatus": null, "AutoEnableAfter": null, "IsFromSmartInsights": null, "IsColdDataSimulationPolicy": false, "ExtendedProperties": null, "Summary": false, "OneDriveSharedBy": [ ], "ExceptIfOneDriveSharedBy": [ ], "OneDriveSharedByMemberOf": [ ], "ExceptIfOneDriveSharedByMemberOf": [ ], "ExchangeSenderMemberOf": [ ], "ExchangeSenderMemberOfException": [ ], "ExchangeAdaptiveScopes": null, "ExchangeAdaptiveScopesException": null, "SharePointAdaptiveScopes": null, "SharePointAdaptiveScopesException": null, "OneDriveAdaptiveScopes": null, "OneDriveAdaptiveScopesException": null, "TeamsAdaptiveScopes": null, "TeamsAdaptiveScopesException": null, "EndpointDlpAdaptiveScopes": null, "EndpointDlpAdaptiveScopesException": null, "ExpectedLocations": 0, "CompletedLocations": 0, "FailedLocations": 0, "ItemStatistics": null, "RuleMatchBlob": null, "ErrorMetadata": null, "UserAdministrativeUnitMembershipMap": null, "ForceValidate": false, "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-10-05T19:44:40.6514701Z\"}", "ReusableComponentType": "Unknown", "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Priority": 3, "ObjectVersion": "5bdb82d0-e214-4408-d86f-08dbfd7c4380", "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "ReadOnly": false, "ExternalIdentity": "", "Comment": "Create a custom policy from scratch. You will choose the type of content to protect and how you want to protect it.", "Enabled": false, "DistributionStatus": "Pending", "DistributionSyncStatus": "Unknown", "DistributionResults": null, "LastStatusUpdateTime": null, "ModificationTimeUtc": "Date(1702673035333)", "CreationTimeUtc": "Date(1696547820523)", "PolicyRBACScopes": [ ], "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Defender Baseline Testing Policy", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Defender Baseline Testing Policy", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Defender Baseline Testing Policy", "DistinguishedName": "CN=Defender Baseline Testing Policy,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedPolicy" ], "WhenChanged": "Date(1702651435000)", "WhenCreated": "Date(1696529820000)", "WhenChangedUTC": "Date(1702651435000)", "WhenCreatedUTC": "Date(1696529820000)", "ExchangeObjectId": "8038a28b-7b5c-42a8-a852-4bb68707afec", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "Guid": "8038a28b-7b5c-42a8-a852-4bb68707afec", "OriginatingServer": "", "ObjectState": "Changed" }, { "Mode": "Disable", "DisplayName": "New DLP sensitive types policy", "Type": "Dlp", "ExchangeLocation": [ "All" ], "SharePointLocation": [ "All" ], "SharePointLocationException": [ ], "OneDriveLocation": [ "All" ], "OneDriveLocationException": [ ], "ExchangeOnPremisesLocation": [ ], "SharePointOnPremisesLocation": [ ], "SharePointOnPremisesLocationException": [ ], "TeamsLocation": [ "All" ], "TeamsLocationException": [ ], "EndpointDlpLocation": [ "All" ], "EndpointDlpLocationException": [ ], "ThirdPartyAppDlpLocation": [ ], "ThirdPartyAppDlpLocationException": [ ], "OnPremisesScannerDlpLocation": [ ], "OnPremisesScannerDlpLocationException": [ ], "PowerBIDlpLocation": [ ], "PowerBIDlpLocationException": [ ], "Locations": "", "LocationInclusions": [ ], "LocationExclusions": [ ], "EndpointDlpExtendedLocations": "", "ExchangeSender": [ ], "ExchangeSenderException": [ ], "PolicyTemplateInfo": null, "MatchedItemsCount": null, "TotalItemsCount": null, "TopNLocationStatistics": null, "WorkloadStatistics": null, "IsSimulationPolicy": false, "SimulationStatus": null, "AutoEnableAfter": null, "IsFromSmartInsights": null, "IsColdDataSimulationPolicy": false, "ExtendedProperties": null, "Summary": false, "OneDriveSharedBy": [ ], "ExceptIfOneDriveSharedBy": [ ], "OneDriveSharedByMemberOf": [ ], "ExceptIfOneDriveSharedByMemberOf": [ ], "ExchangeSenderMemberOf": [ ], "ExchangeSenderMemberOfException": [ ], "ExchangeAdaptiveScopes": null, "ExchangeAdaptiveScopesException": null, "SharePointAdaptiveScopes": null, "SharePointAdaptiveScopesException": null, "OneDriveAdaptiveScopes": null, "OneDriveAdaptiveScopesException": null, "TeamsAdaptiveScopes": null, "TeamsAdaptiveScopesException": null, "EndpointDlpAdaptiveScopes": null, "EndpointDlpAdaptiveScopesException": null, "ExpectedLocations": 0, "CompletedLocations": 0, "FailedLocations": 0, "ItemStatistics": null, "RuleMatchBlob": null, "ErrorMetadata": null, "UserAdministrativeUnitMembershipMap": null, "ForceValidate": false, "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-10-17T16:55:04.4321589Z\"}", "ReusableComponentType": "Unknown", "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", "Priority": 4, "ObjectVersion": "8e3da4eb-9e02-4edf-9a20-08dc76747de8", "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "ReadOnly": false, "ExternalIdentity": "", "Comment": "Create a custom policy from scratch. You will choose the type of content to protect and how you want to protect it.", "Enabled": false, "DistributionStatus": "Pending", "DistributionSyncStatus": "Unknown", "DistributionResults": null, "LastStatusUpdateTime": null, "ModificationTimeUtc": "Date(1715970188043)", "CreationTimeUtc": "Date(1696553516643)", "PolicyRBACScopes": [ ], "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/New DLP sensitive types policy", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/New DLP sensitive types policy", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "New DLP sensitive types policy", "DistinguishedName": "CN=New DLP sensitive types policy,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedPolicy" ], "WhenChanged": "Date(1715952188000)", "WhenCreated": "Date(1696535516000)", "WhenChangedUTC": "Date(1715952188000)", "WhenCreatedUTC": "Date(1696535516000)", "ExchangeObjectId": "d91d3f1f-9a8f-4074-a754-a21afdcf5a77", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "Guid": "d91d3f1f-9a8f-4074-a754-a21afdcf5a77", "OriginatingServer": "", "ObjectState": "Changed" }, { "Mode": "Disable", "DisplayName": "Info_TypeITIN_Missing", "Type": "Dlp", "ExchangeLocation": [ ], "SharePointLocation": [ ], "SharePointLocationException": [ ], "OneDriveLocation": [ ], "OneDriveLocationException": [ ], "ExchangeOnPremisesLocation": [ ], "SharePointOnPremisesLocation": [ ], "SharePointOnPremisesLocationException": [ ], "TeamsLocation": [ "All" ], "TeamsLocationException": [ ], "EndpointDlpLocation": [ ], "EndpointDlpLocationException": [ ], "ThirdPartyAppDlpLocation": [ ], "ThirdPartyAppDlpLocationException": [ ], "OnPremisesScannerDlpLocation": [ ], "OnPremisesScannerDlpLocationException": [ ], "PowerBIDlpLocation": [ ], "PowerBIDlpLocationException": [ ], "Locations": "", "LocationInclusions": [ ], "LocationExclusions": [ ], "EndpointDlpExtendedLocations": "", "ExchangeSender": [ ], "ExchangeSenderException": [ ], "PolicyTemplateInfo": null, "MatchedItemsCount": null, "TotalItemsCount": null, "TopNLocationStatistics": null, "WorkloadStatistics": null, "IsSimulationPolicy": false, "SimulationStatus": null, "AutoEnableAfter": null, "IsFromSmartInsights": null, "IsColdDataSimulationPolicy": false, "ExtendedProperties": null, "Summary": false, "OneDriveSharedBy": [ ], "ExceptIfOneDriveSharedBy": [ ], "OneDriveSharedByMemberOf": [ ], "ExceptIfOneDriveSharedByMemberOf": [ ], "ExchangeSenderMemberOf": [ ], "ExchangeSenderMemberOfException": [ ], "ExchangeAdaptiveScopes": null, "ExchangeAdaptiveScopesException": null, "SharePointAdaptiveScopes": null, "SharePointAdaptiveScopesException": null, "OneDriveAdaptiveScopes": null, "OneDriveAdaptiveScopesException": null, "TeamsAdaptiveScopes": null, "TeamsAdaptiveScopesException": null, "EndpointDlpAdaptiveScopes": null, "EndpointDlpAdaptiveScopesException": null, "ExpectedLocations": 0, "CompletedLocations": 0, "FailedLocations": 0, "ItemStatistics": null, "RuleMatchBlob": null, "ErrorMetadata": null, "UserAdministrativeUnitMembershipMap": null, "ForceValidate": false, "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-12-15T14:39:23.8092225Z\"}", "ReusableComponentType": "Unknown", "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Priority": 5, "ObjectVersion": "f704185a-b800-4c7f-4ff9-08dc5b00e6eb", "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "ReadOnly": false, "ExternalIdentity": "", "Comment": "Custom policy meets all requirements for DLP under baseline EXCEPT it is missing the ITIN and instead has UK passports listed.", "Enabled": false, "DistributionStatus": "Pending", "DistributionSyncStatus": "Unknown", "DistributionResults": null, "LastStatusUpdateTime": null, "ModificationTimeUtc": "Date(1712951861207)", "CreationTimeUtc": "Date(1702672630117)", "PolicyRBACScopes": [ ], "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Info_TypeITIN_Missing", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Info_TypeITIN_Missing", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Info_TypeITIN_Missing", "DistinguishedName": "CN=Info_TypeITIN_Missing,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedPolicy" ], "WhenChanged": "Date(1712933861000)", "WhenCreated": "Date(1702651030000)", "WhenChangedUTC": "Date(1712933861000)", "WhenCreatedUTC": "Date(1702651030000)", "ExchangeObjectId": "0362dd12-1c3e-484b-983a-3b600a6f9e2a", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "Guid": "0362dd12-1c3e-484b-983a-3b600a6f9e2a", "OriginatingServer": "", "ObjectState": "Changed" }, { "Mode": "Disable", "DisplayName": "DevicePolicy_CCOnly", "Type": "Dlp", "ExchangeLocation": [ ], "SharePointLocation": [ ], "SharePointLocationException": [ ], "OneDriveLocation": [ ], "OneDriveLocationException": [ ], "ExchangeOnPremisesLocation": [ ], "SharePointOnPremisesLocation": [ ], "SharePointOnPremisesLocationException": [ ], "TeamsLocation": [ ], "TeamsLocationException": [ ], "EndpointDlpLocation": [ "All" ], "EndpointDlpLocationException": [ ], "ThirdPartyAppDlpLocation": [ ], "ThirdPartyAppDlpLocationException": [ ], "OnPremisesScannerDlpLocation": [ ], "OnPremisesScannerDlpLocationException": [ ], "PowerBIDlpLocation": [ ], "PowerBIDlpLocationException": [ ], "Locations": "", "LocationInclusions": [ ], "LocationExclusions": [ ], "EndpointDlpExtendedLocations": "", "ExchangeSender": [ ], "ExchangeSenderException": [ ], "PolicyTemplateInfo": null, "MatchedItemsCount": null, "TotalItemsCount": null, "TopNLocationStatistics": null, "WorkloadStatistics": null, "IsSimulationPolicy": false, "SimulationStatus": null, "AutoEnableAfter": null, "IsFromSmartInsights": null, "IsColdDataSimulationPolicy": false, "ExtendedProperties": null, "Summary": false, "OneDriveSharedBy": [ ], "ExceptIfOneDriveSharedBy": [ ], "OneDriveSharedByMemberOf": [ ], "ExceptIfOneDriveSharedByMemberOf": [ ], "ExchangeSenderMemberOf": [ ], "ExchangeSenderMemberOfException": [ ], "ExchangeAdaptiveScopes": null, "ExchangeAdaptiveScopesException": null, "SharePointAdaptiveScopes": null, "SharePointAdaptiveScopesException": null, "OneDriveAdaptiveScopes": null, "OneDriveAdaptiveScopesException": null, "TeamsAdaptiveScopes": null, "TeamsAdaptiveScopesException": null, "EndpointDlpAdaptiveScopes": null, "EndpointDlpAdaptiveScopesException": null, "ExpectedLocations": 0, "CompletedLocations": 0, "FailedLocations": 0, "ItemStatistics": null, "RuleMatchBlob": null, "ErrorMetadata": null, "UserAdministrativeUnitMembershipMap": null, "ForceValidate": false, "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-12-15T14:42:23.5450374Z\"}", "ReusableComponentType": "Unknown", "Workload": "Exchange, SharePoint, OneDriveForBusiness, EndpointDevices", "Priority": 6, "ObjectVersion": "7e5fdbb1-1958-4d86-7808-08dc5b00c94d", "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "ReadOnly": false, "ExternalIdentity": "", "Comment": "Custom policy that protects devices by blocking access to credit card numbers only.", "Enabled": false, "DistributionStatus": "Pending", "DistributionSyncStatus": "Unknown", "DistributionResults": null, "LastStatusUpdateTime": null, "ModificationTimeUtc": "Date(1712951811520)", "CreationTimeUtc": "Date(1702672936403)", "PolicyRBACScopes": [ ], "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DevicePolicy_CCOnly", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DevicePolicy_CCOnly", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DevicePolicy_CCOnly", "DistinguishedName": "CN=DevicePolicy_CCOnly,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedPolicy" ], "WhenChanged": "Date(1712933811000)", "WhenCreated": "Date(1702651336000)", "WhenChangedUTC": "Date(1712933811000)", "WhenCreatedUTC": "Date(1702651336000)", "ExchangeObjectId": "2a4e7cb6-9da7-468f-a58e-42975ea7cd71", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "Guid": "2a4e7cb6-9da7-468f-a58e-42975ea7cd71", "OriginatingServer": "", "ObjectState": "Changed" }, { "Mode": "Disable", "DisplayName": "Escaped characters such as \\.\\O\\S\\T seem to be an issue.", "Type": "Dlp", "ExchangeLocation": [ "All" ], "SharePointLocation": [ "All" ], "SharePointLocationException": [ ], "OneDriveLocation": [ "All" ], "OneDriveLocationException": [ ], "ExchangeOnPremisesLocation": [ ], "SharePointOnPremisesLocation": [ ], "SharePointOnPremisesLocationException": [ ], "TeamsLocation": [ "All" ], "TeamsLocationException": [ ], "EndpointDlpLocation": [ "All" ], "EndpointDlpLocationException": [ ], "ThirdPartyAppDlpLocation": [ ], "ThirdPartyAppDlpLocationException": [ ], "OnPremisesScannerDlpLocation": [ ], "OnPremisesScannerDlpLocationException": [ ], "PowerBIDlpLocation": [ ], "PowerBIDlpLocationException": [ ], "Locations": "", "LocationInclusions": [ ], "LocationExclusions": [ ], "EndpointDlpExtendedLocations": "", "ExchangeSender": [ ], "ExchangeSenderException": [ ], "PolicyTemplateInfo": null, "MatchedItemsCount": null, "TotalItemsCount": null, "TopNLocationStatistics": null, "WorkloadStatistics": null, "IsSimulationPolicy": false, "SimulationStatus": null, "AutoEnableAfter": null, "IsFromSmartInsights": null, "IsColdDataSimulationPolicy": false, "ExtendedProperties": null, "Summary": false, "OneDriveSharedBy": [ ], "ExceptIfOneDriveSharedBy": [ ], "OneDriveSharedByMemberOf": [ ], "ExceptIfOneDriveSharedByMemberOf": [ ], "ExchangeSenderMemberOf": [ ], "ExchangeSenderMemberOfException": [ ], "ExchangeAdaptiveScopes": null, "ExchangeAdaptiveScopesException": null, "SharePointAdaptiveScopes": null, "SharePointAdaptiveScopesException": null, "OneDriveAdaptiveScopes": null, "OneDriveAdaptiveScopesException": null, "TeamsAdaptiveScopes": null, "TeamsAdaptiveScopesException": null, "EndpointDlpAdaptiveScopes": null, "EndpointDlpAdaptiveScopesException": null, "ExpectedLocations": 0, "CompletedLocations": 0, "FailedLocations": 0, "ItemStatistics": null, "RuleMatchBlob": null, "ErrorMetadata": null, "UserAdministrativeUnitMembershipMap": null, "ForceValidate": false, "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2024-03-22T18:48:33.329611Z\"}", "ReusableComponentType": "Unknown", "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", "Priority": 7, "ObjectVersion": "ef7591db-e36f-4b24-bf6d-08dc5b00ac70", "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "ReadOnly": false, "ExternalIdentity": "", "Comment": "What about here? Do \\. ]O \\S cause problems here?", "Enabled": false, "DistributionStatus": "Pending", "DistributionSyncStatus": "Unknown", "DistributionResults": null, "LastStatusUpdateTime": null, "ModificationTimeUtc": "Date(1712951763097)", "CreationTimeUtc": "Date(1711151229617)", "PolicyRBACScopes": [ ], "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Escaped characters such as \\\\.\\\\O\\\\S\\\\T seem to be an issue.", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Escaped characters such as \\\\.\\\\O\\\\S\\\\T seem to be an issue.", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Escaped characters such as \\.\\O\\S\\T seem to be an issue.", "DistinguishedName": "CN=Escaped characters such as \\\\.\\\\O\\\\S\\\\T seem to be an issue.,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedPolicy" ], "WhenChanged": "Date(1712933763000)", "WhenCreated": "Date(1711133229000)", "WhenChangedUTC": "Date(1712933763000)", "WhenCreatedUTC": "Date(1711133229000)", "ExchangeObjectId": "3e6ae832-d413-498e-9cc1-6b725713992b", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "Guid": "3e6ae832-d413-498e-9cc1-6b725713992b", "OriginatingServer": "", "ObjectState": "Changed" } ], "dlp_compliance_rules": [ { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": true, "BlockAccessScope": "All", "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "LastModifier" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "a7739b6b-9831-467a-a355-3ba7aab938bc", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "Info_TypeITIN_Missing", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"BadInfoTypes\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. / U.K. Passport Number\",\r\n \"Id\": \"178ec42a-18b4-47cc-85c7-d62c92fd67f8\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Missing_ITIN_Has_UKPassports", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": true, "ContentContainsSensitiveInformation": null, "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "e95437f3-7b8b-4055-9383-2686e02de873" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "6c63bd2e-3caf-4817-bab8-1794c388b8c8", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Policy": "0362dd12-1c3e-484b-983a-3b600a6f9e2a", "Comment": "Sensitive info types required except ITIN. Has additional UK Passports instead.", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "d1826caf-850a-4c5a-c335-08dbfd7bb17b", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Missing_ITIN_Has_UKPassports", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Missing_ITIN_Has_UKPassports", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Missing_ITIN_Has_UKPassports", "DistinguishedName": "CN=Missing_ITIN_Has_UKPassports,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1702651190000)", "WhenCreated": "Date(1702651039000)", "WhenChangedUTC": "Date(1702651190000)", "WhenCreatedUTC": "Date(1702651039000)", "ExchangeObjectId": "a7739b6b-9831-467a-a355-3ba7aab938bc", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": false, "BlockAccessScope": null, "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": [ { "setting": "CloudEgress", "defaultmessage": "none", "value": "Audit", "appgroup": "none" }, { "setting": "CopyPaste", "defaultmessage": "none", "value": "Audit", "appgroup": "none" }, { "setting": "RemovableMedia", "defaultmessage": "none", "value": "Audit", "appgroup": "none" }, { "setting": "NetworkShare", "defaultmessage": "none", "value": "Audit", "appgroup": "none" }, { "setting": "UnallowedApps", "defaultmessage": "none", "value": "Block", "appgroup": "none" }, { "setting": "Print", "defaultmessage": "none", "value": "Audit", "appgroup": "none" } ], "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "LastModifier" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "cb32ef11-441c-4536-a40e-a062000a55c5", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "DevicePolicy_CCOnly", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"CCOnly\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "CreditCardsOnly", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": true, "ContentContainsSensitiveInformation": null, "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "d46f69a5-6277-49fc-ad26-e0b701c034d0" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "37de612f-186b-4069-918f-b4c6f90037a8", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, EndpointDevices", "Policy": "2a4e7cb6-9da7-468f-a58e-42975ea7cd71", "Comment": "Rule that blocks access to credit card numbers on devices.", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "69df3855-a67f-4b5a-1b8a-08dbfd7c0c88", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/CreditCardsOnly", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/CreditCardsOnly", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "CreditCardsOnly", "DistinguishedName": "CN=CreditCardsOnly,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1702651343000)", "WhenCreated": "Date(1702651343000)", "WhenChangedUTC": "Date(1702651343000)", "WhenCreatedUTC": "Date(1702651343000)", "ExchangeObjectId": "cb32ef11-441c-4536-a40e-a062000a55c5", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": true, "BlockAccessScope": "All", "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": [ { "setting": "CloudEgress", "defaultmessage": "none", "value": "Audit", "appgroup": "none" }, { "setting": "CopyPaste", "defaultmessage": "none", "value": "Audit", "appgroup": "none" }, { "setting": "RemovableMedia", "defaultmessage": "none", "value": "Audit", "appgroup": "none" }, { "setting": "NetworkShare", "defaultmessage": "none", "value": "Audit", "appgroup": "none" }, { "setting": "UnallowedApps", "defaultmessage": "none", "value": "Block", "appgroup": "none" }, { "setting": "Print", "defaultmessage": "none", "value": "Audit", "appgroup": "none" } ], "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "LastModifier" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "33285a89-e80c-4522-9954-ef58ab4e383a", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "Escaped characters such as \\.\\O\\S\\T seem to be an issue.", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"Sensitive Info Types with escapes \\\\.\\\\O\\\\S\\\\T\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"Id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Are escaped rule names a problem", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": true, "ContentContainsSensitiveInformation": null, "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "96e8531f-40be-418f-8c4f-341009daf3bb" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "07fef34e-65b6-459f-a460-ec6d1ac8edb0", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", "Policy": "3e6ae832-d413-498e-9cc1-6b725713992b", "Comment": "Checking for issues with escapes in rule names.", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "e0cb8e78-e9f8-4aa3-2f31-08dc4aa0ac8c", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Are escaped rule names a problem", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Are escaped rule names a problem", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Are escaped rule names a problem", "DistinguishedName": "CN=Are escaped rule names a problem,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1711133312000)", "WhenCreated": "Date(1711133312000)", "WhenChangedUTC": "Date(1711133312000)", "WhenCreatedUTC": "Date(1711133312000)", "ExchangeObjectId": "33285a89-e80c-4522-9954-ef58ab4e383a", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": false, "BlockAccessScope": null, "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": null, "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": null, "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": null, "NotifyPolicyTipDisplayOption": null, "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "53b168f2-012b-4d2f-a15c-1e05bedae10d", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "PR Test Policy", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Social Security Number (SSN)\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n },\r\n {\r\n \"id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"Credit Card Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"85\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"High\"\r\n },\r\n {\r\n \"id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "PII-temp", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": false, "ContentContainsSensitiveInformation": [ { "maxconfidence": "100", "confidencelevel": "Medium", "id": "a44669fe-0d48-453d-a9b1-2cc83f2cba77", "minconfidence": "75", "classifiertype": "Content", "name": "U.S. Social Security Number (SSN)", "mincount": "1", "maxcount": "-1" }, { "maxconfidence": "100", "confidencelevel": "High", "id": "50842eb7-edc8-4019-85dd-5a5c1f2bb085", "minconfidence": "85", "classifiertype": "Content", "name": "Credit Card Number", "mincount": "1", "maxcount": "-1" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "e55e2a32-f92d-4985-a35d-a0b269eb687b", "minconfidence": "75", "classifiertype": "Content", "name": "U.S. Individual Taxpayer Identification Number (ITIN)", "mincount": "1", "maxcount": "-1" } ], "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "48c87377-6fdd-45d7-91a6-bbbebd3d99f8" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "8328f2c9-860e-4bbd-9f5c-1ef615a64947", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, ThirdPartyApps", "Policy": "46f77b71-78a1-428f-a433-a7c8cca1c6e7", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "a1351454-19ea-4b35-14d0-08dbd1737c02", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/PII-temp", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/PII-temp", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "PII-temp", "DistinguishedName": "CN=PII-temp,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1697809813000)", "WhenCreated": "Date(1697725866000)", "WhenChangedUTC": "Date(1697809813000)", "WhenCreatedUTC": "Date(1697725866000)", "ExchangeObjectId": "53b168f2-012b-4d2f-a15c-1e05bedae10d", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": true, "BlockAccessScope": "All", "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": null, "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": null, "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": null, "NotifyPolicyTipDisplayOption": null, "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "b01a6475-0529-411d-8d00-53cb06de1804", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "Defender Baseline Testing Policy", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"Default\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"Id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Default", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": true, "ContentContainsSensitiveInformation": null, "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "7d53937e-b4f5-45d0-9bd8-7ea0305553bb" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "5090ec10-3b5b-464b-b789-4e65bc6b5e3e", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Policy": "8038a28b-7b5c-42a8-a852-4bb68707afec", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "3b836b63-457d-441d-dd73-08dbc5db81c6", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Default", "DistinguishedName": "CN=Default,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1696535076000)", "WhenCreated": "Date(1696535076000)", "WhenChangedUTC": "Date(1696535076000)", "WhenCreatedUTC": "Date(1696535076000)", "ExchangeObjectId": "b01a6475-0529-411d-8d00-53cb06de1804", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": true, "BlockAccessScope": "All", "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "LastModifier" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "74f600e2-dccc-4d6f-a748-7bff5ed5da69", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "Default Office 365 DLP policy", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n },\r\n {\r\n \"id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"Credit Card Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"85\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"High\"\r\n },\r\n {\r\n \"id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Social Security Number (SSN)\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Baseline Rule", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": false, "ContentContainsSensitiveInformation": [ { "maxconfidence": "100", "confidencelevel": "Medium", "id": "e55e2a32-f92d-4985-a35d-a0b269eb687b", "minconfidence": "75", "classifiertype": "Content", "name": "U.S. Individual Taxpayer Identification Number (ITIN)", "mincount": "1", "maxcount": "-1" }, { "maxconfidence": "100", "confidencelevel": "High", "id": "50842eb7-edc8-4019-85dd-5a5c1f2bb085", "minconfidence": "85", "classifiertype": "Content", "name": "Credit Card Number", "mincount": "1", "maxcount": "-1" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "a44669fe-0d48-453d-a9b1-2cc83f2cba77", "minconfidence": "75", "classifiertype": "Content", "name": "U.S. Social Security Number (SSN)", "mincount": "1", "maxcount": "-1" } ], "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "b314399f-5d64-4c49-98c3-06deb1be2b6f" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "2e3f0308-5340-46ac-9f8d-d54f208a8024", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner", "Policy": "8cb4f574-1a54-45e1-bf58-73bbe023ebad", "Comment": "Blocks the minimum items prescribed in the baseline: credit card numbers, TIN numbers, and SSN numbers.", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "f0bf389d-c2df-49af-e933-08dbc5cb3521", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Baseline Rule", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Baseline Rule", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Baseline Rule", "DistinguishedName": "CN=Baseline Rule,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1696528076000)", "WhenCreated": "Date(1651250001000)", "WhenChangedUTC": "Date(1696528076000)", "WhenCreatedUTC": "Date(1651250001000)", "ExchangeObjectId": "74f600e2-dccc-4d6f-a748-7bff5ed5da69", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": false, "BlockAccessScope": null, "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": null, "GenerateAlert": [ ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "SiteAdmin", "LastModifier", "Owner" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "f2e78982-66b6-488a-a43a-e921800f6304", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "tqhjy DLP Policy for PII", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"AccessScope\",\r\n \"Value\": \"NotInOrganization\"\r\n },\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"Credit Card Number\",\r\n \"maxcount\": \"9\",\r\n \"minconfidence\": \"85\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"High\"\r\n },\r\n {\r\n \"id\": \"a2ce32a8-f935-4bb6-8e96-2a5157672e2c\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Bank Account Number\",\r\n \"maxcount\": \"9\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n },\r\n {\r\n \"id\": \"cb353f78-2b72-4c3c-8827-92ebe4f69fdf\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"ABA Routing Number\",\r\n \"maxcount\": \"9\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Low volume of content detected tqhjy DLP Policy for PII", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": false, "ContentContainsSensitiveInformation": [ { "maxconfidence": "100", "confidencelevel": "High", "id": "50842eb7-edc8-4019-85dd-5a5c1f2bb085", "minconfidence": "85", "classifiertype": "Content", "name": "Credit Card Number", "mincount": "1", "maxcount": "9" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "a2ce32a8-f935-4bb6-8e96-2a5157672e2c", "minconfidence": "75", "classifiertype": "Content", "name": "U.S. Bank Account Number", "mincount": "1", "maxcount": "9" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf", "minconfidence": "75", "classifiertype": "Content", "name": "ABA Routing Number", "mincount": "1", "maxcount": "9" } ], "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": "NotInOrganization", "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "3dc18322-891b-436e-8240-755f95fef33c", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Policy": "b800d92f-a479-47a9-bcfa-306db665aaa1", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "f6f7ec90-c0aa-4ae4-e784-08dafa37f4cf", "MaximumBlobRuleLength": 0, "CreatedBy": "d459e626-e311-4242-bb40-263313097103", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Low volume of content detected tqhjy DLP Policy for PII", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Low volume of content detected tqhjy DLP Policy for PII", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Low volume of content detected tqhjy DLP Policy for PII", "DistinguishedName": "CN=Low volume of content detected tqhjy DLP Policy for PII,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1674144746000)", "WhenCreated": "Date(1618318043000)", "WhenChangedUTC": "Date(1674144746000)", "WhenCreatedUTC": "Date(1618318043000)", "ExchangeObjectId": "f2e78982-66b6-488a-a43a-e921800f6304", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": false, "BlockAccessScope": null, "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": null, "GenerateAlert": [ ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "LastModifier", "SiteAdmin", "Owner" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "8c40d462-f7c0-434d-bd37-d35c083c297a", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "tqhjy DLP Policy for PII", "ReportSeverityLevel": "High", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"AccessScope\",\r\n \"Value\": \"NotInOrganization\"\r\n },\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"Credit Card Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"85\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"10\",\r\n \"confidencelevel\": \"High\"\r\n },\r\n {\r\n \"id\": \"a2ce32a8-f935-4bb6-8e96-2a5157672e2c\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Bank Account Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"10\",\r\n \"confidencelevel\": \"Medium\"\r\n },\r\n {\r\n \"id\": \"cb353f78-2b72-4c3c-8827-92ebe4f69fdf\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"ABA Routing Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"10\",\r\n \"confidencelevel\": \"Medium\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "High volume of content detected tqhjy DLP Policy for PII", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": false, "ContentContainsSensitiveInformation": [ { "maxconfidence": "100", "confidencelevel": "High", "id": "50842eb7-edc8-4019-85dd-5a5c1f2bb085", "minconfidence": "85", "classifiertype": "Content", "name": "Credit Card Number", "mincount": "10", "maxcount": "-1" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "a2ce32a8-f935-4bb6-8e96-2a5157672e2c", "minconfidence": "75", "classifiertype": "Content", "name": "U.S. Bank Account Number", "mincount": "10", "maxcount": "-1" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf", "minconfidence": "75", "classifiertype": "Content", "name": "ABA Routing Number", "mincount": "10", "maxcount": "-1" } ], "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": "NotInOrganization", "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "b933b4dd-4152-4d9a-b4b5-0376f8b57d6d", "Priority": 1, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Policy": "b800d92f-a479-47a9-bcfa-306db665aaa1", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "daf9a24d-19dd-4978-51b9-08dafa37f6c9", "MaximumBlobRuleLength": 0, "CreatedBy": "d459e626-e311-4242-bb40-263313097103", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/High volume of content detected tqhjy DLP Policy for PII", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/High volume of content detected tqhjy DLP Policy for PII", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "High volume of content detected tqhjy DLP Policy for PII", "DistinguishedName": "CN=High volume of content detected tqhjy DLP Policy for PII,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1674144749000)", "WhenCreated": "Date(1618318041000)", "WhenChangedUTC": "Date(1674144749000)", "WhenCreatedUTC": "Date(1618318041000)", "ExchangeObjectId": "8c40d462-f7c0-434d-bd37-d35c083c297a", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": true, "BlockAccessScope": "All", "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "LastModifier" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "6198a220-b7ac-4308-aeb4-fd520a263121", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "New DLP sensitive types policy", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"Default\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"Id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Restrict sensitive info types", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": true, "ContentContainsSensitiveInformation": null, "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "44b57ad0-aaf5-4cf5-ab12-db2ff27ea8b6" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "af0870b6-6d6d-4bed-95e5-60529f32f325", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", "Policy": "d91d3f1f-9a8f-4074-a754-a21afdcf5a77", "Comment": "New baseline rule to restrict access to sensitive data types", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "000b9c42-97fe-4529-30e1-08dbcf31cf97", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Restrict sensitive info types", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Restrict sensitive info types", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Restrict sensitive info types", "DistinguishedName": "CN=Restrict sensitive info types,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1697561704000)", "WhenCreated": "Date(1696535522000)", "WhenChangedUTC": "Date(1697561704000)", "WhenCreatedUTC": "Date(1696535522000)", "ExchangeObjectId": "6198a220-b7ac-4308-aeb4-fd520a263121", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false } ], "anti_phish_policies": [ { "Enabled": true, "ImpersonationProtectionState": "Automatic", "EnableTargetedUserProtection": true, "EnableMailboxIntelligenceProtection": true, "EnableTargetedDomainsProtection": true, "EnableOrganizationDomainsProtection": true, "EnableMailboxIntelligence": true, "EnableFirstContactSafetyTips": true, "EnableSimilarUsersSafetyTips": true, "EnableSimilarDomainsSafetyTips": true, "EnableUnusualCharactersSafetyTips": true, "TargetedUserProtectionAction": "Quarantine", "TargetedUserQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "MailboxIntelligenceProtectionAction": "Quarantine", "MailboxIntelligenceQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "TargetedDomainProtectionAction": "Quarantine", "TargetedDomainQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "AuthenticationFailAction": "Quarantine", "SpoofQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "EnableSpoofIntelligence": true, "EnableViaTag": true, "EnableUnauthenticatedSender": true, "EnableSuspiciousSafetyTip": true, "HonorDmarcPolicy": true, "DmarcRejectAction": "Reject", "DmarcQuarantineAction": "Quarantine", "PhishThresholdLevel": 4, "TargetedUsersToProtect": [ ], "TargetedUserActionRecipients": [ ], "MailboxIntelligenceProtectionActionRecipients": [ ], "TargetedDomainsToProtect": [ "goodparnter.com" ], "TargetedDomainActionRecipients": [ ], "ExcludedDomains": [ ], "ExcludedSenders": [ "johndoe@example.com" ], "ExcludedSubDomains": [ ], "IsDefault": false, "AdminDisplayName": "", "PolicyTag": "", "RecommendedPolicyType": "Strict", "Identity": "Strict Preset Security Policy1681329955447", "Id": "Strict Preset Security Policy1681329955447", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Strict Preset Security Policy1681329955447", "DistinguishedName": "CN=Strict Preset Security Policy1681329955447,CN=AntiPhish,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "Date(1722574143000)", "WhenCreated": "Date(1681329956000)", "WhenChangedUTC": "Date(1722574143000)", "WhenCreatedUTC": "Date(1681329956000)", "ExchangeObjectId": "dd855979-da0e-4109-b218-cebf593d1771", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "dd855979-da0e-4109-b218-cebf593d1771", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" }, { "Enabled": true, "ImpersonationProtectionState": "Manual", "EnableTargetedUserProtection": true, "EnableMailboxIntelligenceProtection": true, "EnableTargetedDomainsProtection": true, "EnableOrganizationDomainsProtection": true, "EnableMailboxIntelligence": true, "EnableFirstContactSafetyTips": true, "EnableSimilarUsersSafetyTips": true, "EnableSimilarDomainsSafetyTips": true, "EnableUnusualCharactersSafetyTips": true, "TargetedUserProtectionAction": "Quarantine", "TargetedUserQuarantineTag": "DefaultFullAccessPolicy", "MailboxIntelligenceProtectionAction": "Quarantine", "MailboxIntelligenceQuarantineTag": "DefaultFullAccessPolicy", "TargetedDomainProtectionAction": "Quarantine", "TargetedDomainQuarantineTag": "DefaultFullAccessPolicy", "AuthenticationFailAction": "Quarantine", "SpoofQuarantineTag": "DefaultFullAccessPolicy", "EnableSpoofIntelligence": true, "EnableViaTag": true, "EnableUnauthenticatedSender": true, "EnableSuspiciousSafetyTip": false, "HonorDmarcPolicy": true, "DmarcRejectAction": "Reject", "DmarcQuarantineAction": "Quarantine", "PhishThresholdLevel": 2, "TargetedUsersToProtect": [ "John Doe; johndoe@example.com" ], "TargetedUserActionRecipients": [ ], "MailboxIntelligenceProtectionActionRecipients": [ ], "TargetedDomainsToProtect": [ "tqhjy.mail.onmicrosoft.com" ], "TargetedDomainActionRecipients": [ ], "ExcludedDomains": [ ], "ExcludedSenders": [ ], "ExcludedSubDomains": [ ], "IsDefault": true, "AdminDisplayName": "", "PolicyTag": "", "RecommendedPolicyType": "Custom", "Identity": "Office365 AntiPhish Default", "Id": "Office365 AntiPhish Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Office365 AntiPhish Default", "DistinguishedName": "CN=Office365 AntiPhish Default,CN=AntiPhish,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "Date(1661272562000)", "WhenCreated": "Date(1619484591000)", "WhenChangedUTC": "Date(1661272562000)", "WhenCreatedUTC": "Date(1619484591000)", "ExchangeObjectId": "84178a51-0850-4bd4-873c-b8eea28e304c", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "1c36a79e-281c-41ac-adf0-441a9ef992c3", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" }, { "Enabled": true, "ImpersonationProtectionState": "Automatic", "EnableTargetedUserProtection": true, "EnableMailboxIntelligenceProtection": true, "EnableTargetedDomainsProtection": true, "EnableOrganizationDomainsProtection": true, "EnableMailboxIntelligence": true, "EnableFirstContactSafetyTips": true, "EnableSimilarUsersSafetyTips": true, "EnableSimilarDomainsSafetyTips": true, "EnableUnusualCharactersSafetyTips": true, "TargetedUserProtectionAction": "Quarantine", "TargetedUserQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "MailboxIntelligenceProtectionAction": "MoveToJmf", "MailboxIntelligenceQuarantineTag": "DefaultFullAccessPolicy", "TargetedDomainProtectionAction": "Quarantine", "TargetedDomainQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "AuthenticationFailAction": "MoveToJmf", "SpoofQuarantineTag": "DefaultFullAccessPolicy", "EnableSpoofIntelligence": true, "EnableViaTag": true, "EnableUnauthenticatedSender": true, "EnableSuspiciousSafetyTip": false, "HonorDmarcPolicy": true, "DmarcRejectAction": "Reject", "DmarcQuarantineAction": "Quarantine", "PhishThresholdLevel": 3, "TargetedUsersToProtect": [ ], "TargetedUserActionRecipients": [ ], "MailboxIntelligenceProtectionActionRecipients": [ ], "TargetedDomainsToProtect": [ "goodparnter.com" ], "TargetedDomainActionRecipients": [ ], "ExcludedDomains": [ ], "ExcludedSenders": [ ], "ExcludedSubDomains": [ ], "IsDefault": false, "AdminDisplayName": "", "PolicyTag": "", "RecommendedPolicyType": "Standard", "Identity": "Standard Preset Security Policy1659535429826", "Id": "Standard Preset Security Policy1659535429826", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Standard Preset Security Policy1659535429826", "DistinguishedName": "CN=Standard Preset Security Policy1659535429826,CN=AntiPhish,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "Date(1722574143000)", "WhenCreated": "Date(1659535432000)", "WhenChangedUTC": "Date(1722574143000)", "WhenCreatedUTC": "Date(1659535432000)", "ExchangeObjectId": "c039f211-68f7-43e8-822f-91c1e0e018f7", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "c039f211-68f7-43e8-822f-91c1e0e018f7", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], "protection_alerts": [ { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleMode": "Enable", "DlpRuleId": "2e3f0308-5340-46ac-9f8d-d54f208a8024" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "b314399f-5d64-4c49-98c3-06deb1be2b6f", "Priority": 0, "Workload": "AuditAlerting", "Policy": "3b7a951e-cfb8-4c75-ae74-f93079e0f31a", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "6a796a7d-d170-433a-266f-08dc7675e3e0", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "b314399f-5d64-4c49-98c3-06deb1be2b6f", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Baseline Rule", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Baseline Rule", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-Baseline Rule", "DistinguishedName": "CN=DLP-Baseline Rule,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1715952788000)", "WhenCreated": "Date(1651249999000)", "WhenChangedUTC": "Date(1715952788000)", "WhenCreatedUTC": "Date(1651249999000)", "ExchangeObjectId": "b314399f-5d64-4c49-98c3-06deb1be2b6f", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleMode": "Disable", "DlpRuleId": "6c63bd2e-3caf-4817-bab8-1794c388b8c8" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "e95437f3-7b8b-4055-9383-2686e02de873", "Priority": 0, "Workload": "AuditAlerting", "Policy": "56610fdb-910b-4b3f-b971-6695377c6a0c", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "f1bdcd22-6090-46ee-31eb-08dc5b00e60b", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "e95437f3-7b8b-4055-9383-2686e02de873", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Missing_ITIN_Has_UKPassports", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Missing_ITIN_Has_UKPassports", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-Missing_ITIN_Has_UKPassports", "DistinguishedName": "CN=DLP-Missing_ITIN_Has_UKPassports,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1712933859000)", "WhenCreated": "Date(1702651035000)", "WhenChangedUTC": "Date(1712933859000)", "WhenCreatedUTC": "Date(1702651035000)", "ExchangeObjectId": "e95437f3-7b8b-4055-9383-2686e02de873", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleMode": "Disable", "EndpointDlpRestrictiveOperations": "FileUploadedToCloud,FileCopiedToClipboard,FileCopiedToRemovableMedia,FileCopiedToNetworkShare,FileAccessedByUnallowedApp,FilePrinted", "DlpRuleId": "07fef34e-65b6-459f-a460-ec6d1ac8edb0" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "96e8531f-40be-418f-8c4f-341009daf3bb", "Priority": 0, "Workload": "AuditAlerting", "Policy": "18f8c433-451d-4618-9e66-064a666d098a", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "36ba8930-6dea-4556-2acc-08dc5b00ab9a", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "96e8531f-40be-418f-8c4f-341009daf3bb", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Are escaped rule names a problem", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Are escaped rule names a problem", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-Are escaped rule names a problem", "DistinguishedName": "CN=DLP-Are escaped rule names a problem,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1712933761000)", "WhenCreated": "Date(1711133310000)", "WhenChangedUTC": "Date(1712933761000)", "WhenCreatedUTC": "Date(1711133310000)", "ExchangeObjectId": "96e8531f-40be-418f-8c4f-341009daf3bb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleId": "5090ec10-3b5b-464b-b789-4e65bc6b5e3e" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "7d53937e-b4f5-45d0-9bd8-7ea0305553bb", "Priority": 0, "Workload": "AuditAlerting", "Policy": "103a453b-e796-452b-b929-d7afdda9b29e", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "c0b8d300-ed1a-43f4-2dff-08dbc5db80ab", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "7d53937e-b4f5-45d0-9bd8-7ea0305553bb", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Default", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-Default", "DistinguishedName": "CN=DLP-Default,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1696535075000)", "WhenCreated": "Date(1696535075000)", "WhenChangedUTC": "Date(1696535075000)", "WhenCreatedUTC": "Date(1696535075000)", "ExchangeObjectId": "7d53937e-b4f5-45d0-9bd8-7ea0305553bb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleId": "8328f2c9-860e-4bbd-9f5c-1ef615a64947" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "48c87377-6fdd-45d7-91a6-bbbebd3d99f8", "Priority": 0, "Workload": "AuditAlerting", "Policy": "2e29a8b0-df60-4ddf-9de3-f716e9d8633e", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "a7964802-5249-449c-2b40-08dbd1737aad", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "48c87377-6fdd-45d7-91a6-bbbebd3d99f8", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-PII-temp", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-PII-temp", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-PII-temp", "DistinguishedName": "CN=DLP-PII-temp,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1697809811000)", "WhenCreated": "Date(1697725863000)", "WhenChangedUTC": "Date(1697809811000)", "WhenCreatedUTC": "Date(1697725863000)", "ExchangeObjectId": "48c87377-6fdd-45d7-91a6-bbbebd3d99f8", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleMode": "Disable", "DlpRuleId": "af0870b6-6d6d-4bed-95e5-60529f32f325" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "44b57ad0-aaf5-4cf5-ab12-db2ff27ea8b6", "Priority": 0, "Workload": "AuditAlerting", "Policy": "9b8c3d58-e563-4eff-80d9-19088b4ad717", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "ebf0c03b-4d8c-43ba-28aa-08dc76747b41", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "44b57ad0-aaf5-4cf5-ab12-db2ff27ea8b6", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Restrict sensitive info types", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Restrict sensitive info types", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-Restrict sensitive info types", "DistinguishedName": "CN=DLP-Restrict sensitive info types,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1715952186000)", "WhenCreated": "Date(1696535520000)", "WhenChangedUTC": "Date(1715952186000)", "WhenCreatedUTC": "Date(1696535520000)", "ExchangeObjectId": "44b57ad0-aaf5-4cf5-ab12-db2ff27ea8b6", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleMode": "Disable", "EndpointDlpRestrictiveOperations": "FileUploadedToCloud,FileCopiedToClipboard,FileCopiedToRemovableMedia,FileCopiedToNetworkShare,FileAccessedByUnallowedApp,FilePrinted", "DlpRuleId": "37de612f-186b-4069-918f-b4c6f90037a8" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "d46f69a5-6277-49fc-ad26-e0b701c034d0", "Priority": 0, "Workload": "AuditAlerting", "Policy": "e7e89169-b24e-4e43-8d5c-6b5ebf236245", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "2c2a1a4c-4b60-40b3-319a-08dc5b00c885", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "d46f69a5-6277-49fc-ad26-e0b701c034d0", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-CreditCardsOnly", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-CreditCardsOnly", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-CreditCardsOnly", "DistinguishedName": "CN=DLP-CreditCardsOnly,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1712933810000)", "WhenCreated": "Date(1702651340000)", "WhenChangedUTC": "Date(1712933810000)", "WhenCreatedUTC": "Date(1702651340000)", "ExchangeObjectId": "d46f69a5-6277-49fc-ad26-e0b701c034d0", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "MipAutoLabelSimulationCompletion" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "dac59cbc-1d3b-4f5e-91e0-02d780c53915", "Priority": 0, "Workload": "AuditAlerting", "Policy": "dac59cbc-1d3b-4f5e-91e0-02d780c53915", "Comment": "AutoLabel policy simulation has been completed. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "38ef539d-4bbc-403b-ba71-08d8e31643f7", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "dac59cbc-1d3b-4f5e-91e0-02d780c53915", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/MIP AutoLabel simulation completed", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/MIP AutoLabel simulation completed", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "MIP AutoLabel simulation completed", "DistinguishedName": "CN=MIP AutoLabel simulation completed,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1615306404000)", "WhenCreated": "Date(1615306404000)", "WhenChangedUTC": "Date(1615306404000)", "WhenCreatedUTC": "Date(1615306404000)", "ExchangeObjectId": "dac59cbc-1d3b-4f5e-91e0-02d780c53915", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "-not (Activity.User.Tags -like 'hve')", "Operation": [ "CompromisedWarningAccount" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1720043833050)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "be215649-fba8-4339-9ddd-05991a43b948", "Priority": 0, "Workload": "AuditAlerting", "Policy": "105a3254-0eca-4a3d-8686-a66115a99235", "Comment": "User has been detected as sending suspicious messages outside the organization and will be restricted if this activity continues. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "6ab41379-a75a-4432-6909-08d7b68de580", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "be215649-fba8-4339-9ddd-05991a43b948", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious email sending patterns detected", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious email sending patterns detected", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Suspicious email sending patterns detected", "DistinguishedName": "CN=Suspicious email sending patterns detected,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1582262485000)", "WhenCreated": "Date(1556224605000)", "WhenChangedUTC": "Date(1582262485000)", "WhenCreatedUTC": "Date(1556224605000)", "ExchangeObjectId": "be215649-fba8-4339-9ddd-05991a43b948", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.IsMailZAPSuccessful -eq 1) -and (Mail.IsGenericZapped -eq 1) -and (Mail.TenantPolicyFinalVerdictSource -ne 'PhishEdu') -and (Mail.TenantPolicyFinalVerdictSource -ne 'SecOps') -and (Mail.TenantPolicyFinalVerdictSource -ne 'ThirdPartyFiltering')", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malicious", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "b8f6b088-5487-4c70-037c-08d8d71a43fe", "Priority": 0, "Workload": "AuditAlerting", "Policy": "a1f563cc-fb1f-466b-1fb5-08d8d71a3050", "Comment": "Malicious emails were delivered and later removed -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "9f756b13-a826-4e49-bb3e-08da1c767a9f", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "b8f6b088-5487-4c70-037c-08d8d71a43fe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages removed after delivery?", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages removed after delivery?", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages removed after delivery?", "DistinguishedName": "CN=Email messages removed after delivery?,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1649762441000)", "WhenCreated": "Date(1620114418000)", "WhenChangedUTC": "Date(1649762441000)", "WhenCreatedUTC": "Date(1620114418000)", "ExchangeObjectId": "b8f6b088-5487-4c70-037c-08d8d71a43fe", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.IsMailZAPSuccessful -eq 1) -and Mail.IsCampaignZapped -eq 1 -and (Mail.TenantPolicyFinalVerdictSource -ne 'PhishEdu') -and (Mail.TenantPolicyFinalVerdictSource -ne 'SecOps') -and (Mail.TenantPolicyFinalVerdictSource -ne 'ThirdPartyFiltering')", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malicious", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "c8522cbb-9368-4e25-4ee9-08d8d899dfab", "Priority": 0, "Workload": "AuditAlerting", "Policy": "ef850570-5624-42b2-ff0a-08d8d899d578", "Comment": "Emails messages from a campaign were delivered and later removed -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "be3e023e-6cff-4e27-926d-08da1c767be1", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "c8522cbb-9368-4e25-4ee9-08d8d899dfab", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages from a campaign removed after delivery?", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages from a campaign removed after delivery?", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages from a campaign removed after delivery?", "DistinguishedName": "CN=Email messages from a campaign removed after delivery?,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1649762443000)", "WhenCreated": "Date(1620114417000)", "WhenChangedUTC": "Date(1649762443000)", "WhenCreatedUTC": "Date(1620114417000)", "ExchangeObjectId": "c8522cbb-9368-4e25-4ee9-08d8d899dfab", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.AirItemType -eq 'User'", "Operation": [ "AirManualInvestigation" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "845686e4-f843-42cf-36d7-08d8e2eca19c", "Priority": 0, "Workload": "AuditAlerting", "Policy": "fbb0585f-318a-4e26-eec9-08d8e2ec980c", "Comment": "This alert is triggered because an admin triggered investigation of a user -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "9ea1637e-f98f-4a7f-a6ae-08d9565f1334", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "845686e4-f843-42cf-36d7-08d8e2eca19c", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Admin triggered user compromise investigation", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Admin triggered user compromise investigation", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Admin triggered user compromise investigation", "DistinguishedName": "CN=Admin triggered user compromise investigation,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1627982059000)", "WhenCreated": "Date(1627982059000)", "WhenChangedUTC": "Date(1627982059000)", "WhenCreatedUTC": "Date(1627982059000)", "ExchangeObjectId": "845686e4-f843-42cf-36d7-08d8e2eca19c", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Click.IsSystemBlockOverriden -eq 1) -or (Click.IsTenantBlockOverriden -eq 1)", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "None", "ThreatType": "MaliciousUrlClick", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "MaliciousUrlClick", "Scenario": "MaliciousUrlClick", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "5453b67e-6c81-4a46-b96c-08d97b58d4ac", "Priority": 0, "Workload": "AuditAlerting", "Policy": "e7fec753-4e4b-491c-2152-08d97b58ad34", "Comment": "We have detected that one of your users has recently clicked through on a link that was found to be malicious. -V1.0.0.3", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "5634e57e-6702-4cdd-f4a0-08da42ee473d", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "5453b67e-6c81-4a46-b96c-08d97b58d4ac", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A user clicked through to a potentially malicious URL?", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A user clicked through to a potentially malicious URL?", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "A user clicked through to a potentially malicious URL?", "DistinguishedName": "CN=A user clicked through to a potentially malicious URL?,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1653992039000)", "WhenCreated": "Date(1653992039000)", "WhenChangedUTC": "Date(1653992039000)", "WhenCreatedUTC": "Date(1653992039000)", "ExchangeObjectId": "5453b67e-6c81-4a46-b96c-08d97b58d4ac", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "ConnectorAbuse" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1720043833876)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "8bb9c6c8-dc12-40e1-5bb8-08da05b13393", "Priority": 0, "Workload": "AuditAlerting", "Policy": "d1de9ca1-fcd8-4ce1-f041-08da05b11773", "Comment": "Connector has been restricted from sending messages due to potential compromise activity. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "df6b603b-1b0b-4b0a-7440-08da326d8875", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "8bb9c6c8-dc12-40e1-5bb8-08da05b13393", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious connector activity", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious connector activity", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Suspicious connector activity", "DistinguishedName": "CN=Suspicious connector activity,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1652177524000)", "WhenCreated": "Date(1652177524000)", "WhenChangedUTC": "Date(1652177524000)", "WhenCreatedUTC": "Date(1652177524000)", "ExchangeObjectId": "8bb9c6c8-dc12-40e1-5bb8-08da05b13393", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "UploadDataCompleted" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1647063363913)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "55272906-f9a5-4adf-9395-0abeec18aee1", "Priority": 0, "Workload": "AuditAlerting", "Policy": "8d58b459-63cd-4b73-aca0-f24ed896f018", "Comment": "New sensitive information was uploaded and is ready to be protected. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "a6a5ec5d-6e43-43c3-420c-08d8d285b1f9", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "55272906-f9a5-4adf-9395-0abeec18aee1", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Successful exact data match upload", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Successful exact data match upload", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Successful exact data match upload", "DistinguishedName": "CN=Successful exact data match upload,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1613485093000)", "WhenCreated": "Date(1613485093000)", "WhenChangedUTC": "Date(1613485093000)", "WhenCreatedUTC": "Date(1613485093000)", "ExchangeObjectId": "55272906-f9a5-4adf-9395-0abeec18aee1", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "GrantAdminPermission" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "AccessGovernance", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "17d51759-88e1-40c1-8df3-20bcf2e43057", "Priority": 0, "Workload": "AuditAlerting", "Policy": "ae6108c1-8814-4a00-bf93-22396aad4bd8", "Comment": "This alert is triggered when someone in your organization becomes an Exchange admin or gets new Exchange admin permissions -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "18bb7a7d-0b75-4033-cc22-08d6bdf100e3", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "17d51759-88e1-40c1-8df3-20bcf2e43057", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Elevation of Exchange admin privilege", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Elevation of Exchange admin privilege", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Elevation of Exchange admin privilege", "DistinguishedName": "CN=Elevation of Exchange admin privilege,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1554927211000)", "WhenCreated": "Date(1554927211000)", "WhenChangedUTC": "Date(1554927211000)", "WhenCreatedUTC": "Date(1554927211000)", "ExchangeObjectId": "17d51759-88e1-40c1-8df3-20bcf2e43057", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Message.Verdict -eq 'Block'", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": 1, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "None", "ThreatType": "MailFlow", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "MailFlow", "Scenario": "MailFlowProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "CustomAggregation", "Category": "MailFlow", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "ce504573-4841-4e45-81e2-21e8a11ba221", "Priority": 0, "Workload": "AuditAlerting", "Policy": "497d08c4-ecce-4a94-b8f4-bcce7de01389", "Comment": "This alert is triggered when a reply-all storm is detected and at least one reply-all to the mail thread has been blocked. See the Reply-all Storm Protection mail flow report for more information. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "aa3a74f5-6e4a-4d2b-4e02-08dcb323b56e", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "ce504573-4841-4e45-81e2-21e8a11ba221", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Reply-all storm detected", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Reply-all storm detected", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Reply-all storm detected", "DistinguishedName": "CN=Reply-all storm detected,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1722624512000)", "WhenCreated": "Date(1722624512000)", "WhenChangedUTC": "Date(1722624512000)", "WhenCreatedUTC": "Date(1722624512000)", "ExchangeObjectId": "ce504573-4841-4e45-81e2-21e8a11ba221", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Mail.IsSystemZappedMalware -eq 1 -and (-not (Mail.Recipients.Tags -like 'hve')) -and (-not (Mail.Sender.Tags -like 'hve')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering')) -and ((Mail.IsGenericZapped -ne 1) -and (Mail.IsGenericZapped -ne 0)) -and ((Mail.IsCampaignZapped -ne 1) -and (Mail.IsCampaignZapped -ne 0))", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malware", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1659553635493)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "0179b3f7-3fda-40c3-8f24-278563978dbb", "Priority": 0, "Workload": "AuditAlerting", "Policy": "b7d4272b-96c3-4514-b9bd-e4d4c051d162", "Comment": "Emails with malware that were delivered and later removed -V1.0.0.8", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "bd13b65f-ccaf-4fd4-669b-08d90ed0cca9", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "0179b3f7-3fda-40c3-8f24-278563978dbb", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malware removed after delivery", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malware removed after delivery", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages containing malware removed after delivery", "DistinguishedName": "CN=Email messages containing malware removed after delivery,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1620114419000)", "WhenCreated": "Date(1554927210000)", "WhenChangedUTC": "Date(1620114419000)", "WhenCreatedUTC": "Date(1554927210000)", "ExchangeObjectId": "0179b3f7-3fda-40c3-8f24-278563978dbb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.IsMailZAPSuccessful -eq 1) -and Mail.IsSystemZappedByURLs -eq 1 -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering')) -and (Mail.IsCampaignZapped -ne 1)", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malicious", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1659553631883)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "8e6ba277-ef39-404e-aaf1-294f6d9a2b88", "Priority": 0, "Workload": "AuditAlerting", "Policy": "435ca8f9-fb3b-4514-9bec-52fed47d84f9", "Comment": "Emails with malicious URL that were delivered and later removed -V1.0.0.3", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "3f3a9e91-d013-4e37-4a62-08da1c767922", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "8e6ba277-ef39-404e-aaf1-294f6d9a2b88", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malicious URL removed after delivery?", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malicious URL removed after delivery?", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages containing malicious URL removed after delivery?", "DistinguishedName": "CN=Email messages containing malicious URL removed after delivery?,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1649762439000)", "WhenCreated": "Date(1612829713000)", "WhenChangedUTC": "Date(1649762439000)", "WhenCreatedUTC": "Date(1612829713000)", "ExchangeObjectId": "8e6ba277-ef39-404e-aaf1-294f6d9a2b88", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "UserRestrictedByDistributingForms" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1618345350470)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "f86c81d5-272e-4825-a957-366e964f702c", "Priority": 0, "Workload": "AuditAlerting", "Policy": "29af60e8-9eae-4962-ba2e-a030fc6f7661", "Comment": "Microsoft Forms identified repeated phishing attempts by a user in your tenant. This user is now blocked from sharing forms and collecting responses. -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "b0409299-daa4-491d-20f0-08d8d285b2c2", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "f86c81d5-272e-4825-a957-366e964f702c", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User restricted from sharing forms and collecting responses", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User restricted from sharing forms and collecting responses", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "User restricted from sharing forms and collecting responses", "DistinguishedName": "CN=User restricted from sharing forms and collecting responses,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1613485094000)", "WhenCreated": "Date(1613485094000)", "WhenChangedUTC": "Date(1613485094000)", "WhenCreatedUTC": "Date(1613485094000)", "ExchangeObjectId": "f86c81d5-272e-4825-a957-366e964f702c", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Activity.SubmissionType -eq 'Phish') -or (Activity.SubmissionType -eq 'Malware')", "Operation": [ "UserSubmission" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1659553621173)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "b26a5770-0c38-434a-9380-3a3c2c27bbb3", "Priority": 0, "Workload": "AuditAlerting", "Policy": "d326019d-b122-450c-a96e-de82aaf46ab9", "Comment": "This alert is triggered when any email message is reported as malware or phish by users -V1.0.0.3", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "63e2710c-398f-46dd-e621-08d909846bab", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "b26a5770-0c38-434a-9380-3a3c2c27bbb3", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as malware or phish", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as malware or phish", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email reported by user as malware or phish", "DistinguishedName": "CN=Email reported by user as malware or phish,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1619531859000)", "WhenCreated": "Date(1554927209000)", "WhenChangedUTC": "Date(1619531859000)", "WhenCreatedUTC": "Date(1554927209000)", "ExchangeObjectId": "b26a5770-0c38-434a-9380-3a3c2c27bbb3", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "RetentionAutoLabelSimulationCompletion" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "a8f4ff90-ee7d-4813-a629-42c9db2204dd", "Priority": 0, "Workload": "AuditAlerting", "Policy": "404fd903-ef34-43df-8362-ac45c1bb2a1c", "Comment": "Retention auto-labeling policy simulation has been completed. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "2ad7b104-a45f-4b35-896a-08da6efbe6cf", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "a8f4ff90-ee7d-4813-a629-42c9db2204dd", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Retention Auto-labeling Policy Simulation Completed", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Retention Auto-labeling Policy Simulation Completed", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Retention Auto-labeling Policy Simulation Completed", "DistinguishedName": "CN=Retention Auto-labeling Policy Simulation Completed,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1658835741000)", "WhenCreated": "Date(1658835741000)", "WhenChangedUTC": "Date(1658835741000)", "WhenCreatedUTC": "Date(1658835741000)", "ExchangeObjectId": "a8f4ff90-ee7d-4813-a629-42c9db2204dd", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.AirItemType -eq 'Email'", "Operation": [ "AirManualInvestigation" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1618363921020)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "cfb0af3a-7410-445c-a872-45f95c45f0de", "Priority": 0, "Workload": "AuditAlerting", "Policy": "8aa5392e-0533-4a43-9952-b25fcea4af4b", "Comment": "This alert is triggered because an admin triggered manual investigation of an Email from explorer -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "9f5f9152-5833-4255-a2b6-08d88b0fc747", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "cfb0af3a-7410-445c-a872-45f95c45f0de", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Admin triggered manual investigation of email", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Admin triggered manual investigation of email", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Admin triggered manual investigation of email", "DistinguishedName": "CN=Admin triggered manual investigation of email,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1605627915000)", "WhenCreated": "Date(1605627915000)", "WhenChangedUTC": "Date(1605627915000)", "WhenCreatedUTC": "Date(1605627915000)", "ExchangeObjectId": "cfb0af3a-7410-445c-a872-45f95c45f0de", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "eDiscoverySearchStartedOrExported" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1618363996727)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "6fdc5710-3998-47f0-afbb-57cefd7378ae", "Priority": 0, "Workload": "AuditAlerting", "Policy": "f39d84d4-568b-47d2-8f6d-b4ae9d4aba97", "Comment": "The alert is triggered when users start content searches or eDiscovery searches or when search results are downloaded or exported -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "a2b6879c-35c4-4147-7c67-08d909846d2b", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "6fdc5710-3998-47f0-afbb-57cefd7378ae", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/eDiscovery search started or exported", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/eDiscovery search started or exported", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "eDiscovery search started or exported", "DistinguishedName": "CN=eDiscovery search started or exported,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1619531862000)", "WhenCreated": "Date(1554927214000)", "WhenChangedUTC": "Date(1619531862000)", "WhenCreatedUTC": "Date(1554927214000)", "ExchangeObjectId": "6fdc5710-3998-47f0-afbb-57cefd7378ae", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "QuarantineRequestReleaseMessage" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "34116cef-7761-4cdf-a30b-5aa944d93d74", "Priority": 0, "Workload": "AuditAlerting", "Policy": "c633eeaf-090e-4dc2-ad59-770158128390", "Comment": "A user has requested to release an email from quarantine. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "e57d8c5b-83f6-4c92-bf85-08d9a96de94d", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "34116cef-7761-4cdf-a30b-5aa944d93d74", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User requested to release a quarantined message", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User requested to release a quarantined message", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "User requested to release a quarantined message", "DistinguishedName": "CN=User requested to release a quarantined message,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1637114378000)", "WhenCreated": "Date(1637114378000)", "WhenChangedUTC": "Date(1637114378000)", "WhenCreatedUTC": "Date(1637114378000)", "ExchangeObjectId": "34116cef-7761-4cdf-a30b-5aa944d93d74", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.IsMailZAPSuccessful -eq 1) -and Mail.IsSystemZappedByFiles -eq 1 -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering')) -and (Mail.IsCampaignZapped -ne 1)", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malicious", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1659553600637)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "4b1820ec-39dc-45f3-abf6-5ee80df51fd2", "Priority": 0, "Workload": "AuditAlerting", "Policy": "c056ed0c-0a2c-4c2f-989e-c32681100d63", "Comment": "Emails with malicious file that were delivered and later removed -V1.0.0.3", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "bdbe591f-7207-4f25-9ea0-08da1c767b27", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "4b1820ec-39dc-45f3-abf6-5ee80df51fd2", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malicious file removed after delivery?", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malicious file removed after delivery?", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages containing malicious file removed after delivery?", "DistinguishedName": "CN=Email messages containing malicious file removed after delivery?,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1649762442000)", "WhenCreated": "Date(1612829714000)", "WhenChangedUTC": "Date(1649762442000)", "WhenCreatedUTC": "Date(1612829714000)", "ExchangeObjectId": "4b1820ec-39dc-45f3-abf6-5ee80df51fd2", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.Operation -eq 'MSTICNationStateNotification'", "Operation": [ "MSTICNationStateNotification" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "3b3085a4-553a-4b61-bbf1-691fa4e0bf76", "Priority": 0, "Workload": "AuditAlerting", "Policy": "3942e844-78a9-4110-9f47-9f6c1e1d1c99", "Comment": "Microsoft Threat Intelligence Center detected an attempt to compromise accounts from your tenant. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "9b5ff5c6-ff67-43a3-31ab-08d9a96de846", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "3b3085a4-553a-4b61-bbf1-691fa4e0bf76", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Potential Nation-State Activity", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Potential Nation-State Activity", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Potential Nation-State Activity", "DistinguishedName": "CN=Potential Nation-State Activity,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1637114376000)", "WhenCreated": "Date(1637114376000)", "WhenChangedUTC": "Date(1637114376000)", "WhenCreatedUTC": "Date(1637114376000)", "ExchangeObjectId": "3b3085a4-553a-4b61-bbf1-691fa4e0bf76", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "EmailSendingLimitExceeded" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1618364067210)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "2cc44934-4d16-420b-b4e8-74a77fd0ab24", "Priority": 0, "Workload": "AuditAlerting", "Policy": "66420b7c-b772-4749-8e23-01672295fcc2", "Comment": "User has exceeded their email sending limit and the action defined within the Outbound Spam policy has been applied. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "31f20d68-c10f-47b4-20ea-08d74b7e0175", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "2cc44934-4d16-420b-b4e8-74a77fd0ab24", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email sending limit exceeded", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email sending limit exceeded", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email sending limit exceeded", "DistinguishedName": "CN=Email sending limit exceeded,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1570490885000)", "WhenCreated": "Date(1570490885000)", "WhenChangedUTC": "Date(1570490885000)", "WhenCreatedUTC": "Date(1570490885000)", "ExchangeObjectId": "2cc44934-4d16-420b-b4e8-74a77fd0ab24", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Activity.AirAdminActionType -eq 'MailAction' -or Activity.AirAdminActionType -eq 'BlockUrlAction' -or Activity.AirAdminActionType -eq 'BlockSenderAction')", "Operation": [ "AirAdminActionInvestigation" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1659553593130)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "39c5b427-a54f-4c38-a799-8541c5a105a8", "Priority": 0, "Workload": "AuditAlerting", "Policy": "bcafb035-406a-4a14-b5c3-67396c524edc", "Comment": "This alert is triggered when an admin takes remediation action on the selected entity -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "846b7457-58a3-439c-1d0e-08d88b0fc808", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "39c5b427-a54f-4c38-a799-8541c5a105a8", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Remediation action taken by admin on emails or URL or sender", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Remediation action taken by admin on emails or URL or sender", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Remediation action taken by admin on emails or URL or sender", "DistinguishedName": "CN=Remediation action taken by admin on emails or URL or sender,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1605627917000)", "WhenCreated": "Date(1605627917000)", "WhenChangedUTC": "Date(1605627917000)", "WhenCreatedUTC": "Date(1605627917000)", "ExchangeObjectId": "39c5b427-a54f-4c38-a799-8541c5a105a8", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "MailRedirect" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "d59a8fd4-1272-41ee-9408-86f7bcf72479", "Priority": 0, "Workload": "AuditAlerting", "Policy": "bc59a7c1-2cfd-49da-b762-f643f204babe", "Comment": "This alert is triggered when someone in your organization sets up auto-forwarding, email forwarding, redirect rule or a mail flow rule -V1.0.0.5", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "0d925ec2-9609-4c1b-cea4-08d909846c4c", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "d59a8fd4-1272-41ee-9408-86f7bcf72479", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Creation of forwarding\redirect rule", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Creation of forwarding\redirect rule", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Creation of forwarding/redirect rule", "DistinguishedName": "CN=Creation of forwarding/redirect rule,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1619531860000)", "WhenCreated": "Date(1554927211000)", "WhenChangedUTC": "Date(1619531860000)", "WhenCreatedUTC": "Date(1554927211000)", "ExchangeObjectId": "d59a8fd4-1272-41ee-9408-86f7bcf72479", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "-not (Activity.User.Tags -like 'hve')", "Operation": [ "CompromisedAccount" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1618345398657)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "7a4e7306-bbcb-401f-b112-8ca5f798a230", "Priority": 0, "Workload": "AuditAlerting", "Policy": "743af9b5-f679-418a-88e9-77360cd02fce", "Comment": "User has been restricted from sending messages outside the organization due to potential compromised activity. -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "2ba121d0-5190-4209-d909-08d7b68de683", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "7a4e7306-bbcb-401f-b112-8ca5f798a230", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User restricted from sending email", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User restricted from sending email", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "User restricted from sending email", "DistinguishedName": "CN=User restricted from sending email,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1582262487000)", "WhenCreated": "Date(1554927215000)", "WhenChangedUTC": "Date(1582262487000)", "WhenCreatedUTC": "Date(1554927215000)", "ExchangeObjectId": "7a4e7306-bbcb-401f-b112-8ca5f798a230", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.EventId -eq '12'", "Operation": [ "TenantAllowBlockListItemRemoved" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "d0d83ae6-5fbc-4400-8863-9276921a9cad", "Priority": 0, "Workload": "AuditAlerting", "Policy": "19668d63-14b5-46f9-ab2e-382f2c949ba4", "Comment": "A Tenant Allow/Block List entry will be removed. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "8ae64027-d367-4e6b-cd08-08db2726a5b7", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "d0d83ae6-5fbc-4400-8863-9276921a9cad", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Removed an entry in Tenant Allow/Block List", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Removed an entry in Tenant Allow/Block List", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Removed an entry in Tenant Allow/Block List", "DistinguishedName": "CN=Removed an entry in Tenant Allow/Block List,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1679085114000)", "WhenCreated": "Date(1679085114000)", "WhenChangedUTC": "Date(1679085114000)", "WhenCreatedUTC": "Date(1679085114000)", "ExchangeObjectId": "d0d83ae6-5fbc-4400-8863-9276921a9cad", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.SubmissionType -eq 'Junk'", "Operation": [ "UserSubmission" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "a0e277be-7157-4907-874e-93e7b5170657", "Priority": 0, "Workload": "AuditAlerting", "Policy": "452dd2e4-5755-46a1-bbc4-18775737762b", "Comment": "This alert is triggered when any email message is reported as junk by users -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "d5ff0075-b39c-408f-0a5f-08db354d4c0d", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "a0e277be-7157-4907-874e-93e7b5170657", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as junk", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as junk", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email reported by user as junk", "DistinguishedName": "CN=Email reported by user as junk,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1680641030000)", "WhenCreated": "Date(1680641030000)", "WhenChangedUTC": "Date(1680641030000)", "WhenCreatedUTC": "Date(1680641030000)", "ExchangeObjectId": "a0e277be-7157-4907-874e-93e7b5170657", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.IsMailZAPFailed -eq 1) -and ((((Mail.IsSystemZappedByFiles -eq 1) -or (Mail.IsSystemZappedByURLs -eq 1)) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering')) -and (Mail.IsCampaignZapped -ne 1)) -or (((Mail.IsGenericZapped -eq 1) -or(Mail.IsCampaignZapped -eq 1)) -and (Mail.TenantPolicyFinalVerdictSource -ne 'PhishEdu') -and (Mail.TenantPolicyFinalVerdictSource -ne 'SecOps') -and (Mail.TenantPolicyFinalVerdictSource -ne 'ThirdPartyFiltering')))", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malicious", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "663e723a-4a74-47d9-9690-9638f0d496af", "Priority": 0, "Workload": "AuditAlerting", "Policy": "01fb826b-ea22-426e-b553-75fa3afd16f9", "Comment": "Messages containing a malicious entity were delivered, and we could not remove them after delivery. Manual action is required. Please remove the malicious messages for the affected users. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "d0778db8-27f7-4d8f-3e2e-08da1c7679dc", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "663e723a-4a74-47d9-9690-9638f0d496af", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Messages containing malicious entity not removed after delivery", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Messages containing malicious entity not removed after delivery", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Messages containing malicious entity not removed after delivery", "DistinguishedName": "CN=Messages containing malicious entity not removed after delivery,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1649762440000)", "WhenCreated": "Date(1649762440000)", "WhenChangedUTC": "Date(1649762440000)", "WhenCreatedUTC": "Date(1649762440000)", "ExchangeObjectId": "663e723a-4a74-47d9-9690-9638f0d496af", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "UnifiedSimulationCompletionNotification" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "7b99aef6-dca7-43b5-828a-96679dd553fc", "Priority": 0, "Workload": "AuditAlerting", "Policy": "1eb13e5b-2a40-4fca-85e7-a1a3072c04ed", "Comment": "Alert to notify admins when simulation is complete for any Purview policy that supports simulation mode. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "01902763-37c2-4068-d14c-08dbdc14c361", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "7b99aef6-dca7-43b5-828a-96679dd553fc", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Purview policy simulation completed", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Purview policy simulation completed", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Purview policy simulation completed", "DistinguishedName": "CN=Purview policy simulation completed,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1698978593000)", "WhenCreated": "Date(1698978593000)", "WhenChangedUTC": "Date(1698978593000)", "WhenCreatedUTC": "Date(1698978593000)", "ExchangeObjectId": "7b99aef6-dca7-43b5-828a-96679dd553fc", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "ExternalFileSharing" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": [ "Tenant" ], "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1618364142547)", "AggregationType": "AnomalousAggregation", "Category": "DataGovernance", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "d0ec2b5e-b51e-4b83-a232-972d3971d370", "Priority": 0, "Workload": "AuditAlerting", "Policy": "94b6d359-065a-493d-a050-2a8c64ea1092", "Comment": "This alert is triggered when the volume of external file sharing activities in your organization becomes unusual -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "46a87444-31c5-4676-a7a6-08d6bdf101db", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "d0ec2b5e-b51e-4b83-a232-972d3971d370", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Unusual volume of external file sharing", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Unusual volume of external file sharing", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Unusual volume of external file sharing", "DistinguishedName": "CN=Unusual volume of external file sharing,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1554927213000)", "WhenCreated": "Date(1554927213000)", "WhenChangedUTC": "Date(1554927213000)", "WhenCreatedUTC": "Date(1554927213000)", "ExchangeObjectId": "d0ec2b5e-b51e-4b83-a232-972d3971d370", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "AutoBlockedForm" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1618345510120)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "3d408d75-3093-40de-8611-9d1a273a11dc", "Priority": 0, "Workload": "AuditAlerting", "Policy": "a135d1a5-12e6-432d-8b01-7ea84090691e", "Comment": "Microsoft Forms detected a potential phishing attempt from a form and blocked it from distribution and response collection. -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "4c68e64d-1cb4-41f5-5125-08d8d285b239", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "3d408d75-3093-40de-8611-9d1a273a11dc", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Form blocked due to potential phishing attempt", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Form blocked due to potential phishing attempt", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Form blocked due to potential phishing attempt", "DistinguishedName": "CN=Form blocked due to potential phishing attempt,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1613485093000)", "WhenCreated": "Date(1613485093000)", "WhenChangedUTC": "Date(1613485093000)", "WhenCreatedUTC": "Date(1613485093000)", "ExchangeObjectId": "3d408d75-3093-40de-8611-9d1a273a11dc", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.SubmissionType -eq 'SecurityRisk'", "Operation": [ "UserSubmission" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "34c03748-ee5d-415e-bb65-9fbac7d3a358", "Priority": 0, "Workload": "AuditAlerting", "Policy": "661febed-80bc-46c2-a413-315d745fecaa", "Comment": "This alert is triggered when any Teams message is reported as security risk by users -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "e4930e0c-0347-49fb-1224-08db2726a78b", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "34c03748-ee5d-415e-bb65-9fbac7d3a358", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Teams message reported by user as security risk", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Teams message reported by user as security risk", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Teams message reported by user as security risk", "DistinguishedName": "CN=Teams message reported by user as security risk,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1679085117000)", "WhenCreated": "Date(1679085117000)", "WhenChangedUTC": "Date(1679085117000)", "WhenCreatedUTC": "Date(1679085117000)", "ExchangeObjectId": "34c03748-ee5d-415e-bb65-9fbac7d3a358", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.DeliveryStatus -eq 'Delivered') -and (Mail.Direction -eq 'Inbound' -or Mail.AntispamDirection -eq 'ToInternalRecipient') -and (Mail.IsOriginalDelivery -eq 1) -and (Mail.PhishConfidence -eq 'High') -and (Mail.FinalVerdictSource -eq 'Tenant') -and (Mail.TenantPolicyFinalVerdict -eq 'Allow') -and (Mail.TenantPolicyFinalVerdictSource -eq 'ETR' -or Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering') -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps'))", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Phish", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1618364172847)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "ce5b94b7-eafb-4b3f-8d44-a0a86245e62b", "Priority": 0, "Workload": "AuditAlerting", "Policy": "ce633f0a-0361-46b7-bbb0-5452f5669eec", "Comment": "This alert fires when message containing phish was delivered due to an ETR override. -V1.0.0.5", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "51f32097-ce41-4c33-b1cb-08db52c776a6", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "ce5b94b7-eafb-4b3f-8d44-a0a86245e62b", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Phish delivered due to an ETR override", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Phish delivered due to an ETR override", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Phish delivered due to an ETR override", "DistinguishedName": "CN=Phish delivered due to an ETR override,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1683882084000)", "WhenCreated": "Date(1683882084000)", "WhenChangedUTC": "Date(1683882084000)", "WhenCreatedUTC": "Date(1683882084000)", "ExchangeObjectId": "ce5b94b7-eafb-4b3f-8d44-a0a86245e62b", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Mail.TimeTravelResult -eq 'AdminPolicy_ZapDisabled' -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering'))", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malware", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1659553758373)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "a5c402b2-eba9-4f9d-a0dd-a0c65db97200", "Priority": 0, "Workload": "AuditAlerting", "Policy": "2dc8e550-89dc-4e6b-9a0d-9d7135aa9452", "Comment": "This alert fires when message containing malware was not zapped because ZAP is disabled. -V1.0.0.6", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "973b64cd-8165-4c8c-59ba-08da84ea1d2a", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "a5c402b2-eba9-4f9d-a0dd-a0c65db97200", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Malware not zapped because ZAP is disabled", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Malware not zapped because ZAP is disabled", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Malware not zapped because ZAP is disabled", "DistinguishedName": "CN=Malware not zapped because ZAP is disabled,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1661247027000)", "WhenCreated": "Date(1661247027000)", "WhenChangedUTC": "Date(1661247027000)", "WhenCreatedUTC": "Date(1661247027000)", "ExchangeObjectId": "a5c402b2-eba9-4f9d-a0dd-a0c65db97200", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "SuspiciousForwarding" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1720043836410)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "bfd48f06-0865-41a6-85ff-adb746423ebf", "Priority": 0, "Workload": "AuditAlerting", "Policy": "1aa1676e-04c0-4b5e-bd0c-bf21c3a44971", "Comment": "This alert is triggered once suspicious email forwarding is detected. -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "168fa645-e76c-41d5-1e2f-08d909846ed2", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "bfd48f06-0865-41a6-85ff-adb746423ebf", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious Email Forwarding Activity", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious Email Forwarding Activity", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Suspicious Email Forwarding Activity", "DistinguishedName": "CN=Suspicious Email Forwarding Activity,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1619531864000)", "WhenCreated": "Date(1602615783000)", "WhenChangedUTC": "Date(1619531864000)", "WhenCreatedUTC": "Date(1602615783000)", "ExchangeObjectId": "bfd48f06-0865-41a6-85ff-adb746423ebf", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Mail.IsSystemZappedPhish -eq 1 -and (-not (Mail.Recipients.Tags -like 'hve')) -and (-not (Mail.Sender.Tags -like 'hve')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering')) -and ((Mail.IsGenericZapped -ne 1) -and (Mail.IsGenericZapped -ne 0)) -and ((Mail.IsCampaignZapped -ne 1) -and (Mail.IsCampaignZapped -ne 0))", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Phish", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1659553576010)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "ea8169fa-0678-4751-8854-aebea7adeceb", "Priority": 0, "Workload": "AuditAlerting", "Policy": "6df73299-4af9-4173-97ff-800926831e09", "Comment": "Emails with phish URLs that were delivered and later removed -V1.0.0.8", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "bf7b7b1f-b824-432a-1c94-08d90ed0cae4", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "ea8169fa-0678-4751-8854-aebea7adeceb", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing phish URLs removed after delivery", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing phish URLs removed after delivery", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages containing phish URLs removed after delivery", "DistinguishedName": "CN=Email messages containing phish URLs removed after delivery,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1620114416000)", "WhenCreated": "Date(1554927211000)", "WhenChangedUTC": "Date(1620114416000)", "WhenCreatedUTC": "Date(1554927211000)", "ExchangeObjectId": "ea8169fa-0678-4751-8854-aebea7adeceb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "MessagesQueued.QueuedType -eq 'ConnectorBasedMessagesQueued'", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "cloudsecurity@example.com" ], "Severity": "High", "Threshold": 2000, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "None", "ThreatType": "MailFlow", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "MailFlow", "Scenario": "MailFlowProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1720043834206)", "AggregationType": "CustomAggregation", "Category": "MailFlow", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "37a4e852-e711-45ca-b0f4-b076bae3adfd", "Priority": 0, "Workload": "AuditAlerting", "Policy": "ba52bbe8-d298-494f-893f-b1e9a4c18b86", "Comment": "When Office 365 can't deliver a message to your on-premises or partner servers via a connector, the message is queued in Office 365. This alert is triggered when the number of queued messages exceeds the policy threshold and have been queued for more than an hour. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "0ffd792e-cb1d-4ae7-6444-08d6bdf1012f", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "37a4e852-e711-45ca-b0f4-b076bae3adfd", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Messages have been delayed", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Messages have been delayed", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Messages have been delayed", "DistinguishedName": "CN=Messages have been delayed,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1554927212000)", "WhenCreated": "Date(1554927212000)", "WhenChangedUTC": "Date(1554927212000)", "WhenCreatedUTC": "Date(1554927212000)", "ExchangeObjectId": "37a4e852-e711-45ca-b0f4-b076bae3adfd", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "ComplianceManagerActionScoreChange" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": 60, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ComplianceManager", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "ed5f5244-a3e4-4bf7-895c-b49ef27ded46", "Priority": 0, "Workload": "AuditAlerting", "Policy": "c96a4b5c-8274-4f09-9d6f-badfa5744011", "Comment": "This default policy will generate an alert for events that happen within 60 minutes of alert creation -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "3a773fda-8402-4264-5a78-08da4de2a787", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "ed5f5244-a3e4-4bf7-895c-b49ef27ded46", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Compliance Manager Default Alert Policy", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Compliance Manager Default Alert Policy", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Compliance Manager Default Alert Policy", "DistinguishedName": "CN=Compliance Manager Default Alert Policy,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1655196509000)", "WhenCreated": "Date(1655196509000)", "WhenChangedUTC": "Date(1655196509000)", "WhenCreatedUTC": "Date(1655196509000)", "ExchangeObjectId": "ed5f5244-a3e4-4bf7-895c-b49ef27ded46", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "CompromisedUnprovisionedTenantAccount" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1720043833486)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "5ed2d687-9bd3-49e7-9b56-b7dc0d9af5cb", "Priority": 0, "Workload": "AuditAlerting", "Policy": "50e7139b-1e4f-43ed-90e3-ce2e4fc5a2cf", "Comment": "The majority of traffic related to unprovisioned domains from this tenant has been detected as suspicious and the tenant has been restricted from sending email with unregistered domains. Investigate any potentially compromised user/admins, new connectors, or open relays and contact support to unblock your tenant. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "56aa9a70-8ff4-4d79-0afa-08d77d1227cb", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "5ed2d687-9bd3-49e7-9b56-b7dc0d9af5cb", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant restricted from sending unprovisioned email", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant restricted from sending unprovisioned email", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Tenant restricted from sending unprovisioned email", "DistinguishedName": "CN=Tenant restricted from sending unprovisioned email,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1575942122000)", "WhenCreated": "Date(1575942122000)", "WhenChangedUTC": "Date(1575942122000)", "WhenCreatedUTC": "Date(1575942122000)", "ExchangeObjectId": "5ed2d687-9bd3-49e7-9b56-b7dc0d9af5cb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "CompromisedTenantAccount" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1720043833580)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "a7032ff5-7eee-412b-805b-d1295c7e0932", "Priority": 0, "Workload": "AuditAlerting", "Policy": "e16d6517-4230-46e3-9514-4adf9c162d98", "Comment": "The majority of traffic from this tenant has been detected as suspicious and has resulted in a ban on sending ability for the tenant. Ensure that any compromises or open relays have been resolved, and then contact support through your regular channel. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "89dbe751-2576-4aee-2501-08d77d12288d", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "a7032ff5-7eee-412b-805b-d1295c7e0932", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant restricted from sending email", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant restricted from sending email", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Tenant restricted from sending email", "DistinguishedName": "CN=Tenant restricted from sending email,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1575942123000)", "WhenCreated": "Date(1561476913000)", "WhenChangedUTC": "Date(1575942123000)", "WhenCreatedUTC": "Date(1561476913000)", "ExchangeObjectId": "a7032ff5-7eee-412b-805b-d1295c7e0932", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "TenantAllowBlockListItemGraderDisagree" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "5ba37278-d17b-4674-bde7-d19ad231e324", "Priority": 0, "Workload": "AuditAlerting", "Policy": "00341b6e-c377-4f92-9fcb-57808f9bc1c2", "Comment": "A Tenant Allow/Block List entry has been found malicious by grader. We recommend you remove the allow entry from the Tenant Allow/Block List. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "101ef390-a5cf-4d88-cef1-08db3668d570", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "5ba37278-d17b-4674-bde7-d19ad231e324", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A Tenant Allow Block List entry has been found malicious", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A Tenant Allow Block List entry has been found malicious", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "A Tenant Allow Block List entry has been found malicious", "DistinguishedName": "CN=A Tenant Allow Block List entry has been found malicious,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1680762808000)", "WhenCreated": "Date(1680762808000)", "WhenChangedUTC": "Date(1680762808000)", "WhenCreatedUTC": "Date(1680762808000)", "ExchangeObjectId": "5ba37278-d17b-4674-bde7-d19ad231e324", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.SubmissionType -eq 'NotJunk'", "Operation": [ "UserSubmission" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "79b0a077-8446-4d8c-b335-d89cdcd60b08", "Priority": 0, "Workload": "AuditAlerting", "Policy": "8d510111-35c2-49df-9589-d582b05d7312", "Comment": "This alert is triggered when any email message is reported as not junk by users -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "1fb1dac9-9db3-4384-1b23-08db354d4af6", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "79b0a077-8446-4d8c-b335-d89cdcd60b08", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as not junk", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as not junk", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email reported by user as not junk", "DistinguishedName": "CN=Email reported by user as not junk,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1680641029000)", "WhenCreated": "Date(1680641029000)", "WhenChangedUTC": "Date(1680641029000)", "WhenCreatedUTC": "Date(1680641029000)", "ExchangeObjectId": "79b0a077-8446-4d8c-b335-d89cdcd60b08", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.DeliveryStatus -eq 'Delivered') -and (Mail.Direction -eq 'Inbound' -or Mail.AntispamDirection -eq 'ToInternalRecipient') -and (Mail.IsOriginalDelivery -eq 1) -and (Mail.PhishConfidence -eq 'High') -and (Mail.FinalVerdictSource -eq 'Tenant') -and (Mail.TenantPolicyFinalVerdict -eq 'Allow') -and (Mail.TenantPolicyFinalVerdictSource -eq 'ConnPolicy') -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering'))", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Phish", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1618364342317)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "8bd89c8d-1425-45ba-838a-e15fb89808d2", "Priority": 0, "Workload": "AuditAlerting", "Policy": "cab1e16d-c018-40aa-9bcd-0f507e952fb5", "Comment": "This alert fires when message containing phish was delivered due to an IP allow policy. -V1.0.0.4", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "bdf55924-0f02-4fb5-beea-08db52c774a3", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "8bd89c8d-1425-45ba-838a-e15fb89808d2", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Phish delivered due to an IP allow policy", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Phish delivered due to an IP allow policy", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Phish delivered due to an IP allow policy", "DistinguishedName": "CN=Phish delivered due to an IP allow policy,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1683882081000)", "WhenCreated": "Date(1683882081000)", "WhenChangedUTC": "Date(1683882081000)", "WhenCreatedUTC": "Date(1683882081000)", "ExchangeObjectId": "8bd89c8d-1425-45ba-838a-e15fb89808d2", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.TimeTravelResult -eq 'AdminPolicy_ZapDisabled') -and (Mail.PhishConfidence -eq 'High') -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering'))", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Phish", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1618364363477)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "c2a1f0cd-a669-49bc-a22b-e501350935e3", "Priority": 0, "Workload": "AuditAlerting", "Policy": "4cfaefb2-b4bd-4306-becb-141044e80cd5", "Comment": "This alert fires when message containing phish was not zapped because ZAP is disabled -V1.0.0.4", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "1b714863-ceae-4e25-7fda-08da84ea1e7a", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "c2a1f0cd-a669-49bc-a22b-e501350935e3", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Phish not zapped because ZAP is disabled", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Phish not zapped because ZAP is disabled", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Phish not zapped because ZAP is disabled", "DistinguishedName": "CN=Phish not zapped because ZAP is disabled,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1661247029000)", "WhenCreated": "Date(1661247029000)", "WhenChangedUTC": "Date(1661247029000)", "WhenCreatedUTC": "Date(1661247029000)", "ExchangeObjectId": "c2a1f0cd-a669-49bc-a22b-e501350935e3", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "UploadDataFailed" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "cafdbfad-0084-4052-8371-ea098aab3f64", "Priority": 0, "Workload": "AuditAlerting", "Policy": "fe23dc56-038d-483c-a528-64d9d4ff6d34", "Comment": "New sensitive information failed to upload. Try again later. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "5dbae4ff-5372-42f4-ce34-08d8d285b158", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "cafdbfad-0084-4052-8371-ea098aab3f64", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Failed exact data match upload", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Failed exact data match upload", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Failed exact data match upload", "DistinguishedName": "CN=Failed exact data match upload,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1613485092000)", "WhenCreated": "Date(1613485092000)", "WhenChangedUTC": "Date(1613485092000)", "WhenCreatedUTC": "Date(1613485092000)", "ExchangeObjectId": "cafdbfad-0084-4052-8371-ea098aab3f64", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "OSTTakenDownForm" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "2d161684-8def-403c-9df6-f20c66c64161", "Priority": 0, "Workload": "AuditAlerting", "Policy": "6f6b38f4-718f-496e-8c4c-211509eb9eb4", "Comment": "A form created in Microsoft Forms from within your organization has been identified as phishing through Report Abuse and confirmed as phishing. -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "349611dd-92fb-4c99-8650-08d8d285b310", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "2d161684-8def-403c-9df6-f20c66c64161", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Form flagged and confirmed as phishing", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Form flagged and confirmed as phishing", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Form flagged and confirmed as phishing", "DistinguishedName": "CN=Form flagged and confirmed as phishing,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1613485094000)", "WhenCreated": "Date(1613485094000)", "WhenChangedUTC": "Date(1613485094000)", "WhenCreatedUTC": "Date(1613485094000)", "ExchangeObjectId": "2d161684-8def-403c-9df6-f20c66c64161", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "TenantAllowBlockListItemExpiry" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "d063f1c3-572d-40ea-a32c-f339cab57a33", "Priority": 0, "Workload": "AuditAlerting", "Policy": "b50db3b4-fb66-4950-a7c0-389dd7d5b09d", "Comment": "A Tenant Allow/Block List entry will be removed due to expiration. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "9b245f7b-cb18-400a-2722-08d98900fc0a", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "d063f1c3-572d-40ea-a32c-f339cab57a33", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant Allow/Block List entry is about to expire", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant Allow/Block List entry is about to expire", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Tenant Allow/Block List entry is about to expire", "DistinguishedName": "CN=Tenant Allow/Block List entry is about to expire,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1633549157000)", "WhenCreated": "Date(1633549157000)", "WhenChangedUTC": "Date(1633549157000)", "WhenCreatedUTC": "Date(1633549157000)", "ExchangeObjectId": "d063f1c3-572d-40ea-a32c-f339cab57a33", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "TenantExceedsThresholdEarlyAlert" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "05b9e850-6d9d-4bab-a5c0-f54db2e7e887", "Priority": 0, "Workload": "AuditAlerting", "Policy": "9e6a79f3-b756-47a6-9a6c-3f82cce2a4f5", "Comment": "Suspicious sending patterns have been observed in your tenant, which may lead to your tenant being blocked from sending emails. Investigate any potentially compromised user and admin accounts, new connectors, or open relays to avoid tenant exceed threshold blocks. -V1.0.0.5", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "bf127ae6-a71d-46fa-8a31-08da9019a851", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "05b9e850-6d9d-4bab-a5c0-f54db2e7e887", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious tenant sending patterns observed", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious tenant sending patterns observed", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Suspicious tenant sending patterns observed", "DistinguishedName": "CN=Suspicious tenant sending patterns observed,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1662476909000)", "WhenCreated": "Date(1662476909000)", "WhenChangedUTC": "Date(1662476909000)", "WhenCreatedUTC": "Date(1662476909000)", "ExchangeObjectId": "05b9e850-6d9d-4bab-a5c0-f54db2e7e887", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Click.IsLookBack -eq 1)", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "None", "ThreatType": "MaliciousUrlClick", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "MaliciousUrlClick", "Scenario": "MaliciousUrlClick", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "Date(1720043833063)", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "a74bb32a-541b-47fb-adfd-f8c62ce3d59b", "Priority": 0, "Workload": "AuditAlerting", "Policy": "e9a4983d-9f4e-47b0-80d1-fb2097adb484", "Comment": "We have detected that one of your users has recently clicked on a link that was found to be malicious. -V1.0.0.5", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "93862b30-0045-4564-44b2-08da42ee4857", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "a74bb32a-541b-47fb-adfd-f8c62ce3d59b", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A potentially malicious URL click was detected", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A potentially malicious URL click was detected", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "A potentially malicious URL click was detected", "DistinguishedName": "CN=A potentially malicious URL click was detected,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "Date(1653992040000)", "WhenCreated": "Date(1554927215000)", "WhenChangedUTC": "Date(1653992040000)", "WhenCreatedUTC": "Date(1554927215000)", "ExchangeObjectId": "a74bb32a-541b-47fb-adfd-f8c62ce3d59b", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" } ], "admin_audit_log_config": [ { "AdminAuditLogEnabled": true, "LogLevel": "None", "TestCmdletLoggingEnabled": false, "AdminAuditLogCmdlets": [ "*" ], "AdminAuditLogParameters": [ "*" ], "AdminAuditLogExcludedCmdlets": [ ], "AdminAuditLogAgeLimit": "90.00:00:00", "LoadBalancerCount": 3, "RefreshInterval": 10, "PartitionInfo": [ ], "AdminAuditLoexamplebox": "", "UnifiedAuditLogIngestionEnabled": false, "UnifiedAuditLogFirstOptInDate": "Date(1618327011162)", "AdminDisplayName": "", "ExchangeVersion": "0.10 (14.0.100.0)", "Name": "Admin Audit Log Settings", "DistinguishedName": "CN=Admin Audit Log Settings,CN=Global Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Identity": "Admin Audit Log Settings", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Admin-Audit-Log-Config", "ObjectClass": [ "top", "msExchAdminAuditLogConfig" ], "WhenChanged": "Date(1722575257000)", "WhenCreated": "Date(1619484594000)", "WhenChangedUTC": "Date(1722575257000)", "WhenCreatedUTC": "Date(1619484594000)", "ExchangeObjectId": "35b89a9b-b235-4d67-ba7f-7ddeab032801", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Admin Audit Log Settings", "Guid": "97423bd9-ae36-4a1f-a225-5e007478854f", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Changed" } ], "atp_policy_for_o365": [ { "AdminDisplayName": "", "EnableATPForSPOTeamsODB": true, "EnableSafeDocs": true, "AllowSafeDocsOpen": false, "Identity": "Default", "Id": "Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Default", "DistinguishedName": "CN=Default,CN=Atp Policy For O365,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "Date(1722574197000)", "WhenCreated": "Date(1626469503000)", "WhenChangedUTC": "Date(1722574197000)", "WhenCreatedUTC": "Date(1626469503000)", "ExchangeObjectId": "2aaee10f-6955-4976-be8b-ac1952fcb627", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "2aaee10f-6955-4976-be8b-ac1952fcb627", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], "total_users_without_advanced_audit": 70, "defender_license": true, "defender_dlp_license": true, "defender_successful_commands": [ "Get-AdminAuditLogConfig", "Get-EOPProtectionPolicyRule", "Get-AntiPhishPolicy", "Get-AtpPolicyForO365", "Get-ATPProtectionPolicyRule", "Get-DlpCompliancePolicy", "Get-ProtectionAlert", "Get-DlpComplianceRule", "Get-MgBetaUser" ], "defender_unsuccessful_commands": [ ], "remote_domains": [ { "DomainName": "*", "IsInternal": false, "TargetDeliveryDomain": false, "ByteEncoderTypeFor7BitCharsets": "Undefined", "CharacterSet": "iso-8859-1", "NonMimeCharacterSet": "iso-8859-1", "AllowedOOFType": "External", "SmtpDaneMandatoryModeEnabled": false, "AutoReplyEnabled": true, "AutoForwardEnabled": false, "DeliveryReportEnabled": false, "NDREnabled": true, "MeetingForwardNotificationEnabled": true, "ContentType": "MimeHtmlText", "DisplaySenderName": true, "PreferredInternetCodePageForShiftJis": "Undefined", "RequiredCharsetCoverage": null, "TNEFEnabled": false, "LineWrapSize": "Unlimited", "TrustedMailOutboundEnabled": false, "TrustedMailInboundEnabled": false, "UseSimpleDisplayName": false, "NDRDiagnosticInfoEnabled": true, "MessageCountThreshold": 2147483647, "AdminDisplayName": "", "ExchangeVersion": "0.1 (8.0.535.0)", "Name": "Default", "DistinguishedName": "CN=Default,CN=Internet Message Formats,CN=Global Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Identity": "Default", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Domain-Content-Config", "ObjectClass": [ "top", "msExchDomainContentConfig" ], "WhenChanged": "Date(1722573536000)", "WhenCreated": "Date(1619484412000)", "WhenChangedUTC": "Date(1722573536000)", "WhenCreatedUTC": "Date(1619484412000)", "ExchangeObjectId": "2042facf-0e9e-4738-ad60-56d6c5d43b5d", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Default", "Guid": "5c597b00-69f6-44cf-b30b-474fb38a1e0a", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Unchanged" } ], "spf_records": [ { "domain": "tqhjy.onmicrosoft.com", "rdata": [ "mscid=d/1e071KOhkmP8Aanr5sNgUqyTBrvrMx5nKSswPxu5ZsqL0bdAgVo3m7f5VYu+inbKA5YviUPzz/SxNS0ploJQ==", "v=spf1 include:spf.protection.outlook.com -all" ], "log": [ { "query_method": "traditional", "query_result": "Query returned 2 txt records", "query_name": "tqhjy.onmicrosoft.com" } ] }, { "domain": "tqhjy.mail.onmicrosoft.com", "rdata": [ "v=spf1 include:outlook.com -all" ], "log": [ { "query_method": "traditional", "query_result": "Query returned 1 txt records", "query_name": "tqhjy.mail.onmicrosoft.com" } ] } ], "dkim_config": [ { "Domain": "tqhjy.mail.onmicrosoft.com", "AdminDisplayName": "", "Selector1KeySize": 2048, "Selector1CNAME": "selector1-tqhjy-mail-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", "Selector1PublicKey": "v=DKIM1; k=rsa; p=Tm90aGluZyB0byBzZWUgaGVyZS4gIE1vdmUgYWxvbmcuLi4gbW92ZSBhbG9uZy4;", "Selector2KeySize": 2048, "Selector2CNAME": "selector2-tqhjy-mail-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", "Selector2PublicKey": "v=DKIM1; k=rsa; p=Tm90aGluZyB0byBzZWUgaGVyZS4gIE1vdmUgYWxvbmcuLi4gbW92ZSBhbG9uZy4;", "Enabled": false, "IsDefault": false, "HeaderCanonicalization": "Relaxed", "BodyCanonicalization": "Relaxed", "Algorithm": "RsaSHA256", "NumberOfBytesToSign": "All", "IncludeSignatureCreationTime": true, "IncludeKeyExpiration": false, "KeyCreationTime": "Date(1701717485274)", "LastChecked": "Date(1701717485274)", "RotateOnDate": "Date(1701717485274)", "SelectorBeforeRotateOnDate": "selector2", "SelectorAfterRotateOnDate": "selector1", "Status": "Valid", "Identity": "tqhjy.mail.onmicrosoft.com", "Id": "tqhjy.mail.onmicrosoft.com", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "tqhjy.mail.onmicrosoft.com", "DistinguishedName": "CN=tqhjy.mail.onmicrosoft.com,CN=Dkim Signing config,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "Date(1701717505000)", "WhenCreated": "Date(1701717486000)", "WhenChangedUTC": "Date(1701717505000)", "WhenCreatedUTC": "Date(1701717486000)", "ExchangeObjectId": "7b3222de-5b72-4493-8491-930b8a85faa0", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "7b3222de-5b72-4493-8491-930b8a85faa0", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" }, { "Domain": "tqhjy.onmicrosoft.com", "AdminDisplayName": "", "Selector1KeySize": 2048, "Selector1CNAME": "selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", "Selector1PublicKey": "v=DKIM1; k=rsa; p=Tm90aGluZyB0byBzZWUgaGVyZS4gIE1vdmUgYWxvbmcuLi4gbW92ZSBhbG9uZy4;", "Selector2KeySize": 2048, "Selector2CNAME": "selector2-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", "Selector2PublicKey": "v=DKIM1; k=rsa; p=Tm90aGluZyB0byBzZWUgaGVyZS4gIE1vdmUgYWxvbmcuLi4gbW92ZSBhbG9uZy4;", "Enabled": true, "IsDefault": true, "HeaderCanonicalization": "Relaxed", "BodyCanonicalization": "Relaxed", "Algorithm": "RsaSHA256", "NumberOfBytesToSign": "All", "IncludeSignatureCreationTime": true, "IncludeKeyExpiration": false, "KeyCreationTime": "Date(1653603718610)", "LastChecked": "Date(1653603718610)", "RotateOnDate": "Date(1653949318610)", "SelectorBeforeRotateOnDate": "selector1", "SelectorAfterRotateOnDate": "selector2", "Status": "Valid", "Identity": "tqhjy.onmicrosoft.com", "Id": "tqhjy.onmicrosoft.com", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "tqhjy.onmicrosoft.com", "DistinguishedName": "CN=tqhjy.onmicrosoft.com,CN=Dkim Signing config,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "Date(1653603732000)", "WhenCreated": "Date(1619484596000)", "WhenChangedUTC": "Date(1653603732000)", "WhenCreatedUTC": "Date(1619484596000)", "ExchangeObjectId": "ea1866b3-b7fa-4dbe-b9c9-48087391a536", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "476371c0-bf15-4101-84a7-a3a03b4266f1", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], "dkim_records": [ { "domain": "tqhjy.onmicrosoft.com", "rdata": [ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohoPDhGToRO8y7acaWL2w15wsCmwabxgTwODro2c1BeRYXfnUMStICo3w4ZrYDtGZDSA7hm0x7OHujF1CoQnXiBmrQ154wtomPyx3Op/VC6+b9di4z15XBvhXh/fLBUdEJ6wsybMLmQ+WPQA6vsM3UN5Cv5rl2SylFoM//eLmw5R6NmMIj3GQg9b+vQl2cKNX", "qII2gZrB07P6xt2wW1VA/LPjdRFUEys9YzBgOqM53VaODWDXDIvUH/nPRVAtOEsV19u66jyzZnzcz9a7ATxizix7DnySzI3koVlOGi/+dLx8FYIAZ/75wkH1O/gH8/n4C66uwRm/PMW+4JzVwLY+QIDAQAB;" ], "log": [ { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector1._domainkey.tqhjy.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector2._domainkey.tqhjy.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned 2 txt records", "query_name": "selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com" } ] }, { "domain": "tqhjy.mail.onmicrosoft.com", "rdata": [ ], "log": [ { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector1._domainkey.tqhjy.mail.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector2._domainkey.tqhjy.mail.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector1-tqhjy-mail-onmicrosoft-com._domainkey.tqhjy.mail.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector2-tqhjy-mail-onmicrosoft-com._domainkey.tqhjy.mail.onmicrosoft.com" } ] } ], "dmarc_records": [ { "domain": "tqhjy.onmicrosoft.com", "rdata": [ ], "log": [ { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "_dmarc.tqhjy.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "_dmarc.onmicrosoft.com" } ] }, { "domain": "tqhjy.mail.onmicrosoft.com", "rdata": [ ], "log": [ { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "_dmarc.tqhjy.mail.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "_dmarc.onmicrosoft.com" } ] } ], "transport_config": [ { "Name": "Transport Settings", "TLSReceiveDomainSecureList": [ ], "TLSSendDomainSecureList": [ ], "GenerateCopyOfDSNFor": [ ], "InternalSMTPServers": [ ], "JournalingReportNdrTo": "<>", "OrganizationFederatedMailbox": "johndoe@example.com", "MaxDumpsterSizePerDatabase": "18 MB (18,874,368 bytes)", "MaxDumpsterTime": "7.00:00:00", "VerifySecureSubmitEnabled": false, "ClearCategories": true, "AddressBookPolicyRoutingEnabled": false, "ConvertDisclaimerWrapperToEml": false, "PreserveReportBodypart": true, "ConvertReportToMessage": false, "DSNConversionMode": "PreserveDSNBody", "VoicemailJournalingEnabled": true, "HeaderPromotionModeSetting": "NoCreate", "Xexch50Enabled": true, "Rfc2231EncodingEnabled": false, "OpenDomainRoutingEnabled": false, "MaxReceiveSize": "Unlimited", "MaxRecipientEnvelopeLimit": "Unlimited", "MaxSendSize": "Unlimited", "ExternalDelayDsnEnabled": true, "ExternalDsnDefaultLanguage": null, "ExternalDsnLanguageDetectionEnabled": true, "ExternalDsnMaxMessageAttachSize": "10 MB (10,485,760 bytes)", "ExternalDsnReportingAuthority": null, "ExternalDsnSendHtml": true, "ExternalPostmasterAddress": null, "InternalDelayDsnEnabled": true, "InternalDsnDefaultLanguage": null, "InternalDsnLanguageDetectionEnabled": true, "InternalDsnMaxMessageAttachSize": "10 MB (10,485,760 bytes)", "InternalDsnReportingAuthority": null, "InternalDsnSendHtml": true, "SupervisionTags": [ "Reject", "Allow" ], "HygieneSuite": "Premium", "MigrationEnabled": true, "LegacyJournalingMigrationEnabled": false, "LegacyArchiveJournalingEnabled": false, "RedirectDLMessagesForLegacyArchiveJournaling": false, "RedirectUnprovisionedUserMessagesForLegacyArchiveJournaling": false, "LegacyArchiveLiveJournalingEnabled": false, "JournalArchivingEnabled": false, "SafetyNetHoldTime": "7.00:00:00", "TransportRuleConfig": [ "TransportRuleMinProductVersion:14.0.0.0", "TransportRuleRegexValidationTimeout:00:00:00.3000000", "TransportRuleAttachmentTextScanLimit:1 MB (1,048,576 bytes)", "TransportRuleSizeLimit:8 KB (8,192 bytes)", "TransportRuleCollectionRegexCharsLimit:20 KB (20,480 bytes)", "TransportRuleLimit:300", "TransportRuleCollectionAddedRecipientsLimit:100" ], "TransportRuleCollectionAddedRecipientsLimit": 100, "TransportRuleLimit": 300, "TransportRuleCollectionRegexCharsLimit": "20 KB (20,480 bytes)", "TransportRuleSizeLimit": "8 KB (8,192 bytes)", "TransportRuleAttachmentTextScanLimit": "1 MB (1,048,576 bytes)", "TransportRuleRegexValidationTimeout": "00:00:00.3000000", "TransportRuleMinProductVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "AnonymousSenderToRecipientRatePerHour": 1800, "QueueDiagnosticsAggregationInterval": "00:01:00", "JournalReportDLMemberSubstitutionEnabled": false, "DiagnosticsAggregationServicePort": 9710, "AgentGeneratedMessageLoopDetectionInSubmissionEnabled": true, "AgentGeneratedMessageLoopDetectionInSmtpEnabled": true, "MaxAllowedAgentGeneratedMessageDepth": 3, "MaxAllowedAgentGeneratedMessageDepthPerAgent": 2, "AttributionRejectConsumerMessages": false, "AttributionRejectBeforeMServRequest": false, "SmtpClientAuthenticationDisabled": true, "JournalMessageExpirationDays": 0, "ReplyAllStormProtectionEnabled": true, "ReplyAllStormDetectionMinimumRecipients": 2500, "ReplyAllStormDetectionMinimumReplies": 10, "AllowLegacyTLSClients": null, "ReplyAllStormBlockDurationHours": 6, "MessageExpiration": "1.00:00:00", "EnableExternalHTTPMailDelivery": false, "OtherWellKnownObjects": [ ], "AdminDisplayName": "", "ExchangeVersion": "0.1 (8.0.535.0)", "DistinguishedName": "CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Identity": "Transport Settings", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Transport-Settings", "ObjectClass": [ "top", "container", "msExchTransportSettings" ], "WhenChanged": "Date(1722573751000)", "WhenCreated": "Date(1619484398000)", "WhenChangedUTC": "Date(1722573751000)", "WhenCreatedUTC": "Date(1619484398000)", "ExchangeObjectId": "7ef195bd-4f88-46bc-97e6-db6c7665321b", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Transport Settings", "Guid": "01d25010-40a8-4d0a-9419-fb1d775b4d16", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Unchanged" } ], "sharing_policy": [ { "Domains": [ "Anonymous:0" ], "Enabled": false, "Default": true, "AdminDisplayName": "", "ExchangeVersion": "0.10 (14.0.100.0)", "Name": "Default Sharing Policy", "DistinguishedName": "CN=Default Sharing Policy,CN=Federation,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Identity": "Default Sharing Policy", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Sharing-Policy", "ObjectClass": [ "top", "msExchSharingPolicy" ], "WhenChanged": "Date(1691164284000)", "WhenCreated": "Date(1619484547000)", "WhenChangedUTC": "Date(1691164284000)", "WhenCreatedUTC": "Date(1619484547000)", "ExchangeObjectId": "2d52a1ae-4c17-42e0-925e-919b2bf68a18", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Default Sharing Policy", "Guid": "137df5c0-4fe4-49bb-923c-e2bdfd89f448", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Changed" } ], "transport_rule": [ { "Priority": 0, "DlpPolicy": null, "DlpPolicyId": "00000000-0000-0000-0000-000000000000", "Comments": null, "CreatedBy": "John Doe", "LastModifiedBy": "Microsoft Exchange", "ManuallyModified": false, "ActivationDate": null, "ExpiryDate": null, "Description": "If the message:\r\n\tIs received from 'Outside the organization'\r\nTake the following actions:\r\n\tPrepend the subject with '[External]'\r\n", "RuleVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "Size": 382, "Conditions": [ "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.FromScopePredicate" ], "Exceptions": null, "Actions": [ "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.PrependSubjectAction" ], "State": "Enabled", "Mode": "Enforce", "IsRuleConfigurationSupported": true, "RuleConfigurationUnsupportedReason": "", "RuleErrorAction": "Ignore", "SenderAddressLocation": "Header", "RecipientAddressType": "Resolved", "RuleSubType": "None", "RegexSize": 0, "UseLegacyRegex": false, "From": null, "FromMemberOf": null, "FromScope": "NotInOrganization", "SentTo": null, "SentToMemberOf": null, "SentToScope": null, "BetweenMemberOf1": null, "BetweenMemberOf2": null, "ManagerAddresses": null, "ManagerForEvaluatedUser": null, "SenderManagementRelationship": null, "ADComparisonAttribute": null, "ADComparisonOperator": null, "SenderADAttributeContainsWords": null, "SenderADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "AnyOfToHeader": null, "AnyOfToHeaderMemberOf": null, "AnyOfCcHeader": null, "AnyOfCcHeaderMemberOf": null, "AnyOfToCcHeader": null, "AnyOfToCcHeaderMemberOf": null, "HasClassification": null, "HasNoClassification": false, "SubjectContainsWords": null, "SubjectOrBodyContainsWords": null, "HeaderContainsMessageHeader": null, "HeaderContainsWords": null, "FromAddressContainsWords": null, "SenderDomainIs": null, "RecipientDomainIs": null, "SubjectMatchesPatterns": null, "SubjectOrBodyMatchesPatterns": null, "HeaderMatchesMessageHeader": null, "HeaderMatchesPatterns": null, "FromAddressMatchesPatterns": null, "AttachmentNameMatchesPatterns": null, "AttachmentExtensionMatchesWords": null, "AttachmentPropertyContainsWords": null, "ContentCharacterSetContainsWords": null, "HasSenderOverride": false, "MessageContainsDataClassifications": null, "MessageContainsAllDataClassifications": null, "SenderIpRanges": null, "SCLOver": null, "AttachmentSizeOver": null, "MessageSizeOver": null, "WithImportance": null, "MessageTypeMatches": null, "RecipientAddressContainsWords": null, "RecipientAddressMatchesPatterns": null, "SenderInRecipientList": null, "RecipientInSenderList": null, "AttachmentContainsWords": null, "AttachmentMatchesPatterns": null, "AttachmentIsUnsupported": false, "AttachmentProcessingLimitExceeded": false, "AttachmentHasExecutableContent": false, "AttachmentIsPasswordProtected": false, "AnyOfRecipientAddressContainsWords": null, "AnyOfRecipientAddressMatchesPatterns": null, "ExceptIfFrom": null, "ExceptIfFromMemberOf": null, "ExceptIfFromScope": null, "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfSentToScope": null, "ExceptIfBetweenMemberOf1": null, "ExceptIfBetweenMemberOf2": null, "ExceptIfManagerAddresses": null, "ExceptIfManagerForEvaluatedUser": null, "ExceptIfSenderManagementRelationship": null, "ExceptIfADComparisonAttribute": null, "ExceptIfADComparisonOperator": null, "ExceptIfSenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "ExceptIfAnyOfToHeader": null, "ExceptIfAnyOfToHeaderMemberOf": null, "ExceptIfAnyOfCcHeader": null, "ExceptIfAnyOfCcHeaderMemberOf": null, "ExceptIfAnyOfToCcHeader": null, "ExceptIfAnyOfToCcHeaderMemberOf": null, "ExceptIfHasClassification": null, "ExceptIfHasNoClassification": false, "ExceptIfSubjectContainsWords": null, "ExceptIfSubjectOrBodyContainsWords": null, "ExceptIfHeaderContainsMessageHeader": null, "ExceptIfHeaderContainsWords": null, "ExceptIfFromAddressContainsWords": null, "ExceptIfSenderDomainIs": null, "ExceptIfRecipientDomainIs": null, "ExceptIfSubjectMatchesPatterns": null, "ExceptIfSubjectOrBodyMatchesPatterns": null, "ExceptIfHeaderMatchesMessageHeader": null, "ExceptIfHeaderMatchesPatterns": null, "ExceptIfFromAddressMatchesPatterns": null, "ExceptIfAttachmentNameMatchesPatterns": null, "ExceptIfAttachmentExtensionMatchesWords": null, "ExceptIfAttachmentPropertyContainsWords": null, "ExceptIfContentCharacterSetContainsWords": null, "ExceptIfSCLOver": null, "ExceptIfAttachmentSizeOver": null, "ExceptIfMessageSizeOver": null, "ExceptIfWithImportance": null, "ExceptIfMessageTypeMatches": null, "ExceptIfRecipientAddressContainsWords": null, "ExceptIfRecipientAddressMatchesPatterns": null, "ExceptIfSenderInRecipientList": null, "ExceptIfRecipientInSenderList": null, "ExceptIfAttachmentContainsWords": null, "ExceptIfAttachmentMatchesPatterns": null, "ExceptIfAttachmentIsUnsupported": false, "ExceptIfAttachmentProcessingLimitExceeded": false, "ExceptIfAttachmentHasExecutableContent": false, "ExceptIfAttachmentIsPasswordProtected": false, "ExceptIfAnyOfRecipientAddressContainsWords": null, "ExceptIfAnyOfRecipientAddressMatchesPatterns": null, "ExceptIfHasSenderOverride": false, "ExceptIfMessageContainsDataClassifications": null, "ExceptIfMessageContainsAllDataClassifications": null, "ExceptIfSenderIpRanges": null, "PrependSubject": "[External]", "SetAuditSeverity": null, "ApplyClassification": null, "ApplyHtmlDisclaimerLocation": null, "ApplyHtmlDisclaimerText": null, "ApplyHtmlDisclaimerFallbackAction": null, "ApplyRightsProtectionTemplate": null, "ApplyRightsProtectionCustomizationTemplate": null, "SetSCL": null, "SetHeaderName": null, "SetHeaderValue": null, "RemoveHeader": null, "AddToRecipients": null, "CopyTo": null, "BlindCopyTo": null, "AddManagerAsRecipientType": null, "ModerateMessageByUser": null, "ModerateMessageByManager": false, "RedirectMessageTo": null, "RejectMessageEnhancedStatusCode": null, "RejectMessageReasonText": null, "DeleteMessage": false, "Disconnect": false, "Quarantine": false, "SmtpRejectMessageRejectText": null, "SmtpRejectMessageRejectStatusCode": null, "LogEventText": null, "StopRuleProcessing": false, "SenderNotificationType": null, "GenerateIncidentReport": null, "IncidentReportContent": null, "RouteMessageOutboundConnector": null, "RouteMessageOutboundRequireTls": false, "ApplyOME": false, "RemoveOME": false, "RemoveOMEv2": false, "RemoveRMSAttachmentEncryption": false, "GenerateNotification": null, "Identity": "Sender is located outside the organization prepend \"[External]\"", "DistinguishedName": "CN=Sender is located outside the organization prepend \\\"[External]\\\",CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "d60d0c37-4f9d-4bcb-8b5e-2c91edfd4cbb", "ImmutableId": "d60d0c37-4f9d-4bcb-8b5e-2c91edfd4cbb", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Sender is located outside the organization prepend \"[External]\"", "IsValid": true, "WhenChanged": "Date(1722573880000)", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" }, { "Priority": 1, "DlpPolicy": null, "DlpPolicyId": "00000000-0000-0000-0000-000000000000", "Comments": null, "CreatedBy": "John Doe", "LastModifiedBy": "Microsoft Exchange", "ManuallyModified": false, "ActivationDate": null, "ExpiryDate": null, "Description": "If the message:\r\n\tIs received from 'Outside the organization'\r\nTake the following actions:\r\n\tPrepend the subject with '[External]'\r\n", "RuleVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "Size": 327, "Conditions": [ "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.FromScopePredicate" ], "Exceptions": null, "Actions": [ "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.PrependSubjectAction" ], "State": "Enabled", "Mode": "Enforce", "IsRuleConfigurationSupported": true, "RuleConfigurationUnsupportedReason": "", "RuleErrorAction": "Ignore", "SenderAddressLocation": "Header", "RecipientAddressType": "Resolved", "RuleSubType": "None", "RegexSize": 0, "UseLegacyRegex": false, "From": null, "FromMemberOf": null, "FromScope": "NotInOrganization", "SentTo": null, "SentToMemberOf": null, "SentToScope": null, "BetweenMemberOf1": null, "BetweenMemberOf2": null, "ManagerAddresses": null, "ManagerForEvaluatedUser": null, "SenderManagementRelationship": null, "ADComparisonAttribute": null, "ADComparisonOperator": null, "SenderADAttributeContainsWords": null, "SenderADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "AnyOfToHeader": null, "AnyOfToHeaderMemberOf": null, "AnyOfCcHeader": null, "AnyOfCcHeaderMemberOf": null, "AnyOfToCcHeader": null, "AnyOfToCcHeaderMemberOf": null, "HasClassification": null, "HasNoClassification": false, "SubjectContainsWords": null, "SubjectOrBodyContainsWords": null, "HeaderContainsMessageHeader": null, "HeaderContainsWords": null, "FromAddressContainsWords": null, "SenderDomainIs": null, "RecipientDomainIs": null, "SubjectMatchesPatterns": null, "SubjectOrBodyMatchesPatterns": null, "HeaderMatchesMessageHeader": null, "HeaderMatchesPatterns": null, "FromAddressMatchesPatterns": null, "AttachmentNameMatchesPatterns": null, "AttachmentExtensionMatchesWords": null, "AttachmentPropertyContainsWords": null, "ContentCharacterSetContainsWords": null, "HasSenderOverride": false, "MessageContainsDataClassifications": null, "MessageContainsAllDataClassifications": null, "SenderIpRanges": null, "SCLOver": null, "AttachmentSizeOver": null, "MessageSizeOver": null, "WithImportance": null, "MessageTypeMatches": null, "RecipientAddressContainsWords": null, "RecipientAddressMatchesPatterns": null, "SenderInRecipientList": null, "RecipientInSenderList": null, "AttachmentContainsWords": null, "AttachmentMatchesPatterns": null, "AttachmentIsUnsupported": false, "AttachmentProcessingLimitExceeded": false, "AttachmentHasExecutableContent": false, "AttachmentIsPasswordProtected": false, "AnyOfRecipientAddressContainsWords": null, "AnyOfRecipientAddressMatchesPatterns": null, "ExceptIfFrom": null, "ExceptIfFromMemberOf": null, "ExceptIfFromScope": null, "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfSentToScope": null, "ExceptIfBetweenMemberOf1": null, "ExceptIfBetweenMemberOf2": null, "ExceptIfManagerAddresses": null, "ExceptIfManagerForEvaluatedUser": null, "ExceptIfSenderManagementRelationship": null, "ExceptIfADComparisonAttribute": null, "ExceptIfADComparisonOperator": null, "ExceptIfSenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "ExceptIfAnyOfToHeader": null, "ExceptIfAnyOfToHeaderMemberOf": null, "ExceptIfAnyOfCcHeader": null, "ExceptIfAnyOfCcHeaderMemberOf": null, "ExceptIfAnyOfToCcHeader": null, "ExceptIfAnyOfToCcHeaderMemberOf": null, "ExceptIfHasClassification": null, "ExceptIfHasNoClassification": false, "ExceptIfSubjectContainsWords": null, "ExceptIfSubjectOrBodyContainsWords": null, "ExceptIfHeaderContainsMessageHeader": null, "ExceptIfHeaderContainsWords": null, "ExceptIfFromAddressContainsWords": null, "ExceptIfSenderDomainIs": null, "ExceptIfRecipientDomainIs": null, "ExceptIfSubjectMatchesPatterns": null, "ExceptIfSubjectOrBodyMatchesPatterns": null, "ExceptIfHeaderMatchesMessageHeader": null, "ExceptIfHeaderMatchesPatterns": null, "ExceptIfFromAddressMatchesPatterns": null, "ExceptIfAttachmentNameMatchesPatterns": null, "ExceptIfAttachmentExtensionMatchesWords": null, "ExceptIfAttachmentPropertyContainsWords": null, "ExceptIfContentCharacterSetContainsWords": null, "ExceptIfSCLOver": null, "ExceptIfAttachmentSizeOver": null, "ExceptIfMessageSizeOver": null, "ExceptIfWithImportance": null, "ExceptIfMessageTypeMatches": null, "ExceptIfRecipientAddressContainsWords": null, "ExceptIfRecipientAddressMatchesPatterns": null, "ExceptIfSenderInRecipientList": null, "ExceptIfRecipientInSenderList": null, "ExceptIfAttachmentContainsWords": null, "ExceptIfAttachmentMatchesPatterns": null, "ExceptIfAttachmentIsUnsupported": false, "ExceptIfAttachmentProcessingLimitExceeded": false, "ExceptIfAttachmentHasExecutableContent": false, "ExceptIfAttachmentIsPasswordProtected": false, "ExceptIfAnyOfRecipientAddressContainsWords": null, "ExceptIfAnyOfRecipientAddressMatchesPatterns": null, "ExceptIfHasSenderOverride": false, "ExceptIfMessageContainsDataClassifications": null, "ExceptIfMessageContainsAllDataClassifications": null, "ExceptIfSenderIpRanges": null, "PrependSubject": "[External]", "SetAuditSeverity": null, "ApplyClassification": null, "ApplyHtmlDisclaimerLocation": null, "ApplyHtmlDisclaimerText": null, "ApplyHtmlDisclaimerFallbackAction": null, "ApplyRightsProtectionTemplate": null, "ApplyRightsProtectionCustomizationTemplate": null, "SetSCL": null, "SetHeaderName": null, "SetHeaderValue": null, "RemoveHeader": null, "AddToRecipients": null, "CopyTo": null, "BlindCopyTo": null, "AddManagerAsRecipientType": null, "ModerateMessageByUser": null, "ModerateMessageByManager": false, "RedirectMessageTo": null, "RejectMessageEnhancedStatusCode": null, "RejectMessageReasonText": null, "DeleteMessage": false, "Disconnect": false, "Quarantine": false, "SmtpRejectMessageRejectText": null, "SmtpRejectMessageRejectStatusCode": null, "LogEventText": null, "StopRuleProcessing": false, "SenderNotificationType": null, "GenerateIncidentReport": null, "IncidentReportContent": null, "RouteMessageOutboundConnector": null, "RouteMessageOutboundRequireTls": false, "ApplyOME": false, "RemoveOME": false, "RemoveOMEv2": false, "RemoveRMSAttachmentEncryption": false, "GenerateNotification": null, "Identity": "Sender Warning", "DistinguishedName": "CN=Sender Warning,CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "dbc63ee9-ad16-4faf-81c9-55ae2881e3ed", "ImmutableId": "dbc63ee9-ad16-4faf-81c9-55ae2881e3ed", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Sender Warning", "IsValid": true, "WhenChanged": "Date(1722573889000)", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" } ], "conn_filter": [ { "AdminDisplayName": "", "IsDefault": true, "IPAllowList": [ ], "IPBlockList": [ ], "EnableSafeList": false, "DirectoryBasedEdgeBlockMode": "Default", "Identity": "Default", "Id": "Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Default", "DistinguishedName": "CN=Default,CN=Hosted Connection Filter,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Connection-Filter-Policy", "ObjectClass": [ "top", "msExchHostedConnectionFilterPolicy" ], "WhenChanged": "Date(1722574197000)", "WhenCreated": "Date(1619484586000)", "WhenChangedUTC": "Date(1722574197000)", "WhenCreatedUTC": "Date(1619484586000)", "ExchangeObjectId": "7021b7cf-b9fa-4280-94ff-fba468dbb0ab", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "ddb99cb3-211b-47ee-bc9c-86e6c8d0e692", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], "org_config": [ { "Name": "tqhjy.onmicrosoft.com", "DisplayName": "tqhjy", "AuditDisabled": false } ], "exo_successful_commands": [ "Get-RemoteDomain", "Get-AcceptedDomain", "Get-ScubaSpfRecord", "Get-DkimSigningConfig", "Get-ScubaDkimRecord", "Get-ScubaDmarcRecord", "Get-TransportConfig", "Get-SharingPolicy", "Get-TransportRule", "Get-HostedConnectionFilterPolicy", "Get-OrganizationConfig" ], "exo_unsuccessful_commands": [ ], "tenant_id": "3c19c757-3b55-411f-b03f-2bcc514a598d", "environment_creation": [ { "walkMeOptOut": false, "disableNPSCommentsReachout": false, "disableNewsletterSendout": false, "disableEnvironmentCreationByNonAdminUsers": true, "disablePortalsCreationByNonAdminUsers": true, "disableSurveyFeedback": false, "disableSurveyScreenshots": false, "disableTrialEnvironmentCreationByNonAdminUsers": true, "disableCapacityAllocationByEnvironmentAdmins": false, "disableSupportTicketsVisibleByAllUsers": true, "powerPlatform": { "search": "@{disableDocsSearch=True; disableCommunitySearch=False; disableBingVideoSearch=False}", "teamsIntegration": "@{shareWithColleaguesUserLimit=10000}", "powerApps": "@{disableShareWithEveryone=True; enableGuestsToMake=False; disableMakerMatch=False; disableUnusedLicenseAssignment=False; disableCreateFromImage=False; disableCreateFromFigma=False; enableCanvasAppInsights=True; disableConnectionSharingWithEveryone=False; allowNewOrgChannelDefault=True; disableCopilot=False}", "powerAutomate": "@{disableCopilot=False; disableCopilotWithBing=False}", "environments": "@{disablePreferredDataLocationForTeamsEnvironment=False}", "governance": "@{disableAdminDigest=False; disableDeveloperEnvironmentCreationByNonAdminUsers=True; enableDefaultEnvironmentRouting=False; policy=; environmentRoutingAllMakers=False}", "licensing": "@{disableBillingPolicyCreationByNonAdminUsers=False; enableTenantCapacityReportForEnvironmentAdmins=False; storageCapacityConsumptionWarningThreshold=85; enableTenantLicensingReportForEnvironmentAdmins=False; disableUseOfUnassignedAIBuilderCredits=False}", "powerPages": "@{enableGenerativeAIFeaturesForSiteUsers=All}", "champions": "@{disableChampionsInvitationReachout=False; disableSkillsMatchInvitationReachout=False}", "intelligence": "@{disableCopilot=False; enableOpenAiBotPublishing=False; disableCopilotFeedback=True; disableCopilotFeedbackMetadata=False; disableAiPrompts=False}", "modelExperimentation": "@{enableModelDataSharing=False; disableDataLogging=False}", "catalogSettings": "@{powerCatalogAudienceSetting=All}", "userManagementSettings": "@{enableDeleteDisabledUserinAllEnvironments=False}", "helpSupportSettings": "@{disableHelpSupportCopilot=False}", "gccCommercialSettings": "@{disableGccCommercialAccess=True}" } } ], "dlp_policies": [ { "value": [ { "name": "3e779934-2d3c-4fb9-9a6e-755d14ba6a27", "displayName": "DLP functional test", "defaultConnectorsClassification": "General", "connectorGroups": [ { "classification": "Confidential", "connectors": [ ] }, { "classification": "General", "connectors": [ ] }, { "classification": "Blocked", "connectors": [ ] } ], "environmentType": "SingleEnvironment", "environments": [ { "id": "/providers/Microsoft.BusinessAppPlatform/scopes/admin/environments/Default-3c19c757-3b55-411f-b03f-2bcc514a598d", "name": "Default-3c19c757-3b55-411f-b03f-2bcc514a598d", "type": "Microsoft.BusinessAppPlatform/scopes/environments" } ], "createdBy": { "displayName": "Service Principal (754baa5d-03d8-401a-a3d4-c2178cac1adc)" }, "createdTime": "2024-08-02T04:38:49.4871928Z", "lastModifiedBy": { "displayName": "Service Principal (754baa5d-03d8-401a-a3d4-c2178cac1adc)" }, "lastModifiedTime": "2024-08-02T04:38:49.4871928Z", "etag": "936cf535-db2b-4c7c-9b89-92555b777a18", "isLegacySchemaVersion": true } ] } ], "tenant_isolation": [ { "properties": { "tenantId": "ca08493a-c9c8-4db0-a9e8-d3b4bafac269", "isDisabled": false, "allowedTenants": "" } } ], "environment_list": [ { "EnvironmentName": "407cbeff-b477-e3b4-9ca7-097888a9ec4e", "DisplayName": "Test-NonDefault (orgffbba88c)", "Description": "Testing MS.POWERPLATFORM.2.2", "IsDefault": false, "Location": "usgov", "CreatedTime": "2023-12-06T20:18:16.9766324Z", "CreatedBy": { "id": "c8975770-8c3d-43ef-8466-678584a32de5", "displayName": "John Doe", "email": "johndoe@example.com", "type": "User", "tenantId": "ca08493a-c9c8-4db0-a9e8-d3b4bafac269", "userPrincipalName": "johndoe@example.com" }, "LastModifiedTime": "2023-12-06T20:18:27.5107576Z", "LastModifiedBy": null, "CreationType": "User", "EnvironmentType": "Sandbox", "CommonDataServiceDatabaseProvisioningState": "Succeeded", "CommonDataServiceDatabaseType": "Common Data Service for Apps", "Internal": { "id": "/providers/Microsoft.BusinessAppPlatform/scopes/admin/environments/407cbeff-b477-e3b4-9ca7-097888a9ec4e", "type": "Microsoft.BusinessAppPlatform/scopes/environments", "location": "usgov", "name": "407cbeff-b477-e3b4-9ca7-097888a9ec4e", "properties": "@{tenantId=ca08493a-c9c8-4db0-a9e8-d3b4bafac269; azureRegionHint=usgovtexas; displayName=Test-NonDefault (orgffbba88c); description=Testing MS.POWERPLATFORM.2.2; createdTime=2023-12-06T20:18:16.9766324Z; createdBy=; lastModifiedTime=2023-12-06T20:18:27.5107576Z; provisioningState=Succeeded; creationType=User; environmentSku=Sandbox; environmentType=Production; isDefault=False; permissions=; runtimeEndpoints=; linkedEnvironmentMetadata=; trialScenarioType=None; notificationMetadata=; retentionPeriod=P7D; states=; updateCadence=; retentionDetails=; protectionStatus=; cluster=; connectedGroups=System.Object[]; lifecycleOperationsEnforcement=; governanceConfiguration=; bingChatEnabled=False}" }, "InternalCds": null, "OrganizationId": "af751393-6f94-ee11-8175-001dd804a214", "SecurityGroupId": "f13e38d1-c8bb-486e-aa73-f0383d04050d", "RetentionPeriod": 7 }, { "EnvironmentName": "Default-3c19c757-3b55-411f-b03f-2bcc514a598d", "DisplayName": "tqhjy (default) (org8537b7dc)", "Description": null, "IsDefault": true, "Location": "usgov", "CreatedTime": "2021-12-13T20:40:14.1749137Z", "CreatedBy": { "id": "SYSTEM", "displayName": "SYSTEM", "type": "NotSpecified" }, "LastModifiedTime": null, "LastModifiedBy": null, "CreationType": "DefaultTenant", "EnvironmentType": "Default", "CommonDataServiceDatabaseProvisioningState": "Succeeded", "CommonDataServiceDatabaseType": "Common Data Service for Apps", "Internal": { "id": "/providers/Microsoft.BusinessAppPlatform/scopes/admin/environments/Default-3c19c757-3b55-411f-b03f-2bcc514a598d", "type": "Microsoft.BusinessAppPlatform/scopes/environments", "location": "usgov", "name": "Default-3c19c757-3b55-411f-b03f-2bcc514a598d", "properties": "@{tenantId=ca08493a-c9c8-4db0-a9e8-d3b4bafac269; azureRegionHint=usgovtexas; displayName=tqhjy (default) (org8537b7dc); createdTime=2021-12-13T20:40:14.1749137Z; createdBy=; provisioningState=Succeeded; creationType=DefaultTenant; environmentSku=Default; environmentType=Production; isDefault=True; permissions=; runtimeEndpoints=; linkedEnvironmentMetadata=; trialScenarioType=None; retentionPeriod=P7D; states=; updateCadence=; retentionDetails=; protectionStatus=; cluster=; connectedGroups=System.Object[]; lifecycleOperationsEnforcement=; governanceConfiguration=; bingChatEnabled=False}" }, "InternalCds": null, "OrganizationId": "ff4adc41-8f11-42a1-9e5a-d208f91a6db4", "RetentionPeriod": 7 } ], "powerplatform_successful_commands": [ "Get-TenantDetailsFromGraph", "Get-TenantSettings", "Get-AdminPowerAppEnvironment", "Get-DlpPolicy", "Get-PowerAppTenantIsolationPolicy" ], "powerplatform_unsuccessful_commands": [ ], "SPO_tenant": [ { "StorageQuota": 1355776, "BonusStorageQuotaMB": 0, "StorageQuotaAllocated": 0, "ResourceQuota": 0, "ResourceQuotaAllocated": 0, "OneDriveStorageQuota": 1048576, "CompatibilityRange": "15,15", "ExternalServicesEnabled": true, "NoAccessRedirectUrl": null, "ArchiveRedirectUrl": null, "SharingCapability": 0, "DisplayStartASiteOption": true, "StartASiteFormUrl": null, "ShowEveryoneClaim": false, "ShowAllUsersClaim": false, "OfficeClientADALDisabled": false, "LegacyAuthProtocolsEnabled": false, "DisableCustomAppAuthentication": true, "IsSharePointAddInsDisabled": false, "SiteOwnerManageLegacyServicePrincipalEnabled": false, "ShowEveryoneExceptExternalUsersClaim": true, "AllowEveryoneExceptExternalUsersClaimInPrivateSite": true, "SearchResolveExactEmailOrUPN": false, "RequireAcceptingAccountMatchInvitedAccount": false, "ProvisionSharedWithEveryoneFolder": false, "SignInAccelerationDomain": "", "EnableGuestSignInAcceleration": false, "UsePersistentCookiesForExplorerView": false, "ContentTypeSyncSiteTemplatesList": [ ], "BccExternalSharingInvitations": false, "BccExternalSharingInvitationsList": null, "UserVoiceForFeedbackEnabled": true, "PublicCdnEnabled": false, "PublicCdnAllowedFileTypes": "CSS,EOT,GIF,ICO,JPEG,JPG,JS,MAP,PNG,SVG,TTF,WOFF", "PublicCdnOrigins": [ ], "RequireAnonymousLinksExpireInDays": 30, "SharingAllowedDomainList": "admirable.us good.org", "SharingBlockedDomainList": "evil.is.us nefarious.com", "SharingDomainRestrictionMode": 1, "OneDriveForGuestsEnabled": false, "IPAddressEnforcement": false, "IPAddressAllowList": "", "IPAddressWACTokenLifetime": 15, "EnableTenantRestrictionsInsights": false, "EnablePromotedFileHandlers": true, "UseFindPeopleInPeoplePicker": false, "DefaultSharingLinkType": 1, "ODBMembersCanShare": 0, "ODBAccessRequests": 0, "PreventExternalUsersFromResharing": true, "ShowPeoplePickerSuggestionsForGuestUsers": false, "AppOnlyBypassPeoplePickerPolicies": false, "EnableDiscoverableByOrganizationForVideos": true, "FileAnonymousLinkType": 1, "FolderAnonymousLinkType": 2, "NotifyOwnersWhenItemsReshared": true, "NotifyOwnersWhenInvitationsAccepted": false, "NotificationsInOneDriveForBusinessEnabled": true, "NotificationsInSharePointEnabled": true, "SpecialCharactersStateInFileFolderNames": 1, "OwnerAnonymousNotification": true, "CommentsOnSitePagesDisabled": false, "CommentsOnFilesDisabled": false, "CommentsOnListItemsDisabled": false, "ViewersCanCommentOnMediaDisabled": false, "SocialBarOnSitePagesDisabled": false, "OrphanedPersonalSitesRetentionPeriod": 90, "PermissiveBrowserFileHandlingOverride": false, "DisallowInfectedFileDownload": false, "DefaultLinkPermission": 1, "CustomizedExternalSharingServiceUrl": "", "ConditionalAccessPolicy": 0, "AllowDownloadingNonWebViewableFiles": true, "LimitedAccessFileType": 1, "AllowEditing": true, "ApplyAppEnforcedRestrictionsToAdHocRecipients": true, "FilePickerExternalImageSearchEnabled": true, "EmailAttestationRequired": true, "EmailAttestationReAuthDays": 29, "DisabledWebPartIds": null, "EnableMinimumVersionRequirement": true, "MarkNewFilesSensitiveByDefault": 0, "EnableAIPIntegration": false, "AllowCommentsTextOnEmailEnabled": true, "ConditionalAccessPolicyErrorHelpLink": "", "EnableAzureADB2BIntegration": false, "IncludeAtAGlanceInShareEmails": true, "ExternalUserExpirationRequired": true, "ExternalUserExpireInDays": 100, "BlockDownloadLinksFileType": 1, "AnyoneLinkTrackUsers": false, "OneDriveLoopDefaultSharingLinkScope": -1, "OneDriveLoopDefaultSharingLinkRole": 0, "OneDriveRequestFilesLinkEnabled": false, "OneDriveRequestFilesLinkExpirationInDays": 1, "OneDriveSharingCapability": 0, "OneDriveDefaultShareLinkScope": -1, "OneDriveDefaultShareLinkRole": 0, "OneDriveDefaultLinkToExistingAccess": false, "OneDriveBlockGuestsAsSiteAdmin": 0, "CoreLoopDefaultSharingLinkScope": -1, "CoreLoopDefaultSharingLinkRole": 0, "CoreSharingCapability": 0, "CoreRequestFilesLinkEnabled": false, "CoreRequestFilesLinkExpirationInDays": 10, "CoreDefaultShareLinkScope": -1, "CoreDefaultShareLinkRole": 0, "CoreDefaultLinkToExistingAccess": false, "CoreBlockGuestsAsSiteAdmin": 0, "BlockAppAccessWithAuthenticationContext": false, "AllowAnonymousMeetingParticipantsToAccessWhiteboards": 0, "Workflows2013State": 2, "IsFluidEnabled": true, "IsWBFluidEnabled": true, "IsCollabMeetingNotesFluidEnabled": true, "IsLoopEnabled": true, "DisableDocumentLibraryDefaultLabeling": false, "EnableSensitivityLabelForPDF": false, "BlockSendLabelMismatchEmail": false, "LabelMismatchEmailHelpLink": null, "DisableAddShortcutsToOneDrive": false, "EnableAutoNewsDigest": true, "Workflow2010Disabled": true, "StopNew2010Workflows": false, "StopNew2013Workflows": false, "DisableBackToClassic": false, "BlockUserInfoVisibility": "ExternalPeopleInOD", "BlockUserInfoVisibilityInOneDrive": 1, "BlockUserInfoVisibilityInSharePoint": 0, "AllowOverrideForBlockUserInfoVisibility": false, "InformationBarriersSuspension": true, "IBImplicitGroupBased": false, "AppBypassInformationBarriers": false, "DefaultOneDriveInformationBarrierMode": "Explicit", "AllOrganizationSecurityGroupId": null, "DisablePersonalListCreation": false, "DisabledModernListTemplateIds": [ ], "DisableSpacesActivation": false, "DisableVivaConnectionsAnalytics": false, "HideSyncButtonOnTeamSite": false, "AllowGuestUserShareToUsersNotInSiteCollection": false, "DisableOutlookPSTVersionTrimming": false, "EnableVersionExpirationSetting": false, "EnableAutoExpirationVersionTrim": false, "ExpireVersionsAfterDays": 0, "MajorVersionLimit": 500, "StreamLaunchConfig": 0, "MediaTranscription": 0, "MediaTranscriptionAutomaticFeatures": 0, "ViewInFileExplorerEnabled": false, "AuthContextResilienceMode": 0, "ReduceTempTokenLifetimeEnabled": false, "ReduceTempTokenLifetimeValue": 15, "ShowOpenInDesktopOptionForSyncedFiles": false, "ShowPeoplePickerGroupSuggestionsForIB": false, "EnableRestrictedAccessControl": false, "BlockDownloadFileTypePolicy": false, "BlockDownloadFileTypeIds": [ ], "ExcludedBlockDownloadGroupIds": [ ], "TlsTokenBindingPolicyValue": 0, "LegacyBrowserAuthProtocolsEnabled": true, "RecycleBinRetentionPeriod": 93, "IsEnableAppAuthPopUpEnabled": false, "IsDataAccessInCardDesignerEnabled": false, "MassDeleteNotificationDisabled": false, "BusinessConnectivityServiceDisabled": false, "RansomwareProtectionEnabled": false, "AllowSensitivityLabelOnRecords": false, "DelayDenyAddAndCustomizePagesEnforcement": false, "EsignatureEnabled": false, "ESignatureSiteList": [ ], "ESignatureThirdPartyProviderInfoList": [ "\"{\\\"ProviderName\\\":\\\"DocuSign\\\",\\\"IsEnabled\\\":false}\"", "\"{\\\"ProviderName\\\":\\\"AdobeSign\\\",\\\"IsEnabled\\\":false}\"" ] } ], "SPO_site": [ { "LastContentModifiedDate": "Date(1720649107300)", "Status": "Active", "ArchiveStatus": "NotArchived", "BonusDiskQuota": 3128, "ResourceUsageCurrent": 0, "ResourceUsageAverage": 0, "StorageUsageCurrent": 1, "LockIssue": null, "WebsCount": 1, "CompatibilityLevel": 15, "DisableSharingForNonOwnersStatus": null, "HubSiteId": "00000000-0000-0000-0000-000000000000", "IsHubSite": false, "RelatedGroupId": "00000000-0000-0000-0000-000000000000", "GroupId": "00000000-0000-0000-0000-000000000000", "Url": "https://tqhjy.sharepoint.com/", "LocaleId": 1033, "LockState": "Unlock", "Owner": "c64580cf-5b99-4c0a-b15b-db035c63e177", "StorageQuota": 26214400, "StorageQuotaWarningLevel": 25574400, "ResourceQuota": 300, "ResourceQuotaWarningLevel": 255, "Template": "SITEPAGEPUBLISHING#0", "Title": "Communication site", "AllowSelfServiceUpgrade": true, "DenyAddAndCustomizePages": 2, "PWAEnabled": 1, "SharingCapability": 0, "SiteDefinedSharingCapability": 2, "SandboxedCodeActivationCapability": 2, "DisableCompanyWideSharingLinks": 2, "DisableAppViews": 2, "DisableFlows": 2, "AuthenticationContextName": null, "StorageQuotaType": null, "RestrictedToGeo": 3, "ShowPeoplePickerSuggestionsForGuestUsers": false, "SharingDomainRestrictionMode": 0, "SharingAllowedDomainList": "", "SharingBlockedDomainList": "", "ConditionalAccessPolicy": 0, "AllowDownloadingNonWebViewableFiles": false, "LimitedAccessFileType": 1, "AllowEditing": true, "SensitivityLabel": null, "CommentsOnSitePagesDisabled": false, "SocialBarOnSitePagesDisabled": false, "DefaultSharingLinkType": 0, "DefaultLinkPermission": 0, "DefaultLinkToExistingAccess": false, "AnonymousLinkExpirationInDays": 30, "OverrideTenantAnonymousLinkExpirationPolicy": true, "ExternalUserExpirationInDays": 0, "OverrideTenantExternalUserExpirationPolicy": false, "SharingLockDownEnabled": false, "SharingLockDownCanBeCleared": true, "InformationSegment": [ ], "InformationBarriersMode": "", "BlockDownloadLinksFileType": 1, "OverrideBlockUserInfoVisibility": 0, "IsTeamsConnected": false, "IsTeamsChannelConnected": false, "TeamsChannelType": 0, "MediaTranscription": 0, "ExcludedBlockDownloadGroupIds": [ ], "ExcludeBlockDownloadPolicySiteOwners": false, "ReadOnlyForBlockDownloadPolicy": false, "ExcludeBlockDownloadSharePointGroups": [ ], "BlockDownloadPolicy": false, "LoopDefaultSharingLinkScope": -1, "LoopDefaultSharingLinkRole": 0, "RequestFilesLinkEnabled": false, "RequestFilesLinkExpirationInDays": -1, "OverrideSharingCapability": false, "DefaultShareLinkScope": -1, "DefaultShareLinkRole": 0, "BlockGuestsAsSiteAdmin": 0, "ReadOnlyForUnmanagedDevices": false, "RestrictedAccessControl": false, "AuthenticationContextLimitedAccess": false, "RestrictedAccessControlGroups": [ ], "ListsShowHeaderAndNavigation": false, "EnableAutoExpirationVersionTrim": false, "ExpireVersionsAfterDays": 0, "MajorVersionLimit": 0 } ], "OneDrive_PnP_Flag": false, "SharePoint_successful_commands": [ "Get-MgBetaOrganization", "Get-SPOTenant", "Get-SPOSite", "Get-PnPTenant", "Get-PnPTenantSite" ], "SharePoint_unsuccessful_commands": [ ], "teams_tenant_info": [ { "AnnouncementsDisabled": null, "AssignedPlan": [ "MCOEV", "Teams_GCC", "MCOProfessional", "MCOMEETADD" ], "City": null, "CompanyPartnership": [ "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.CompanyPartnership" ], "CompanyTags": null, "Country": null, "CountryAbbreviation": null, "DefaultPoolFqdn": null, "DirSyncEnabled": true, "DisplayName": "tqhjy", "LastSyncTimeStamp": "Date(1720021923121)", "NameRecordingDisabled": null, "Pools": null, "PostalCode": null, "PreferredLanguage": "en", "ProvisionedPlan": [ "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline" ], "ServiceInfo": "[{}]", "ServiceInstance": "MicrosoftCommunicationsOnline/GOV-1B-G6", "ServiceNumberCount": null, "SipDomain": [ "tqhjy.onmicrosoft.com" ], "StateOrProvince": null, "Street": null, "SubscriberNumberCount": null, "SyncInLyncAdInfo": { "IsSyncDisabledAtTenantCreation": null, "IsUserSyncDisabled": true, "IsUserSyncStateChanging": null, "StopSyncRevertCompleteTimestamp": null, "StopSyncRevertTimestamp": null, "StopSyncTimestamp": "Date(1675422759251)" }, "TeamsUpgradeEffectiveMode": "TeamsOnly", "TeamsUpgradeNotificationsEnabled": false, "TeamsUpgradeOverridePolicy": "UpgradeToTeams", "TeamsUpgradePolicyIsReadOnly": "ModeAndNotifications", "TenantId": "ca08493a-c9c8-4db0-a9e8-d3b4bafac269", "TnmAccountId": null, "VerifiedDomains": [ "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.TenantVerifiedSipDomain", "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.TenantVerifiedSipDomain", "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.TenantVerifiedSipDomain", "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.TenantVerifiedSipDomain" ], "WhenChanged": null, "WhenCreated": "Date(-62135596800000)", "LastProvisionTimeStamps": { "TenantSipDomains": "2023-08-16T12:21:39.4275558+00:00", "TenantRegistrarPool": "2023-08-16T12:21:39.5213122+00:00", "ConfigDistributionStatus": "2023-08-16T12:22:12.1434748+00:00" }, "LastPublishTimeStamps": { "ProvisionedPlanPublishAuthoredProps": "2023-08-16T12:21:47.569208+00:00", "ProvisionCpcTenantConfigProcessor": "2023-08-16T12:21:44.5681938+00:00", "PublishProvisionedPlanProcessor": "2022-10-20T21:16:44.2365367+00:00", "UpdateBvdTenantProcessor": "2023-08-16T12:21:45.0863487+00:00" } } ], "meeting_policies": [ { "Identity": "Global", "Description": null, "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "DisabledUserOverride", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompanyExcludingGuests", "AllowCloudRecording": false, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": -1, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "JoinWithAudioOnly", "DetectSensitiveContentDuringScreenSharing": false, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForAnonymousUsers": null }, { "Identity": "Tag:Custom Policy 1", "Description": "Used to test multiple Teams policy baselines", "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "DisabledUserOverride", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": false, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompanyExcludingGuests", "AllowCloudRecording": true, "AllowRecordingStorageOutsideRegion": true, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "JoinWithAudioOnly", "DetectSensitiveContentDuringScreenSharing": false, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForAnonymousUsers": null }, { "Identity": "Tag:NKK-Temp", "Description": null, "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "DisabledUserOverride", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompanyExcludingGuests", "AllowCloudRecording": true, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "JoinWithAudioOnly", "DetectSensitiveContentDuringScreenSharing": false, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForAnonymousUsers": null }, { "Identity": "Tag:AllOn", "Description": "Do not assign. This policy is same as global defaults and would be deprecated", "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "DisabledUserOverride", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": true, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForAnonymousUsers": null }, { "Identity": "Tag:RestrictedAnonymousAccess", "Description": "Do not assign. This policy is same as global defaults and would be deprecated", "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "Disabled", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": true, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForAnonymousUsers": null }, { "Identity": "Tag:AllOff", "Description": null, "AllowChannelMeetingScheduling": false, "AllowMeetNow": false, "AllowPrivateMeetNow": false, "MeetingChatEnabledType": "Disabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "Disabled", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": false, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": false, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": false, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": false, "AllowPowerPointSharing": false, "AllowParticipantGiveRequestControl": false, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": false, "AllowWhiteboard": false, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "Disabled", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForAnonymousUsers": null }, { "Identity": "Tag:RestrictedAnonymousNoRecording", "Description": "Do not assign. This policy is similar to global defaults and would be deprecated", "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "Disabled", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": false, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForAnonymousUsers": null }, { "Identity": "Tag:Default", "Description": null, "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "DisabledUserOverride", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": true, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForAnonymousUsers": null }, { "Identity": "Tag:Kiosk", "Description": null, "AllowChannelMeetingScheduling": false, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "Disabled", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": false, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": false, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": false, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForAnonymousUsers": null } ], "federation_configuration": [ { "AllowedDomains": { "AllowedDomain": "Domain=domains.r.us" }, "BlockedDomains": [ ], "AllowFederatedUsers": false, "AllowPublicUsers": false, "AllowTeamsSms": true, "AllowTeamsConsumer": false, "AllowTeamsConsumerInbound": false, "TreatDiscoveredPartnersAsUnverified": false, "SharedSipAddressSpace": false, "RestrictTeamsConsumerToExternalUserProfiles": false, "BlockAllSubdomains": false, "ExternalAccessWithTrialTenants": "Blocked", "DataSource": null, "Key": { "ScopeClass": "Global", "SchemaId": "XName=", "AuthorityId": "Class=Tenant;InstanceId=3c19c757-3b55-411f-b03f-2bcc514a598d;XmlRoot=", "DefaultXml": "SchemaId=;Data=;ConfigObject=;Signature=00000000-0000-0000-0000-000000000000;IsModified=True", "XmlRoot": "name={urn:schema:Microsoft.Rtc.Management.ScopeFramework.2008}AnchoredXmlKey" }, "Identity": "Global", "ConfigMetadata": { "Authority": "Tenant" } } ], "client_configuration": [ { "AllowEmailIntoChannel": false, "RestrictedSenderList": null, "AllowDropBox": true, "AllowBox": true, "AllowGoogleDrive": true, "AllowShareFile": true, "AllowEgnyte": true, "AllowOrganizationTab": true, "AllowSkypeBusinessInterop": true, "ContentPin": "RequiredOutsideScheduleMeeting", "AllowResourceAccountSendMessage": true, "ResourceAccountContentAccess": "NoAccess", "AllowGuestUser": true, "AllowScopedPeopleSearchandAccess": false, "AllowRoleBasedChatPermissions": false, "DataSource": null, "Key": { "ScopeClass": "Global", "SchemaId": "XName=", "AuthorityId": "Class=Tenant;InstanceId=3c19c757-3b55-411f-b03f-2bcc514a598d;XmlRoot=", "DefaultXml": "SchemaId=;Data=;ConfigObject=;Signature=00000000-0000-0000-0000-000000000000;IsModified=True", "XmlRoot": "name={urn:schema:Microsoft.Rtc.Management.ScopeFramework.2008}AnchoredXmlKey" }, "Identity": "Global", "ConfigMetadata": { "Authority": "Tenant" } } ], "app_policies": [ { "Identity": "Global", "DefaultCatalogApps": [ ], "GlobalCatalogApps": [ ], "PrivateCatalogApps": [ ], "Description": null, "DefaultCatalogAppsType": "AllowedAppList", "GlobalCatalogAppsType": "AllowedAppList", "PrivateCatalogAppsType": "AllowedAppList" } ], "broadcast_policies": [ { "Description": null, "AllowBroadcastScheduling": true, "AllowBroadcastTranscription": false, "BroadcastAttendeeVisibilityMode": "EveryoneInCompany", "BroadcastRecordingMode": "UserOverride", "DataSource": null, "Key": { "ScopeClass": "Global", "SchemaId": "XName=", "AuthorityId": "Class=Tenant;InstanceId=3c19c757-3b55-411f-b03f-2bcc514a598d;XmlRoot=", "DefaultXml": "SchemaId=;Data=;ConfigObject=;Signature=00000000-0000-0000-0000-000000000000;IsModified=True", "XmlRoot": "name={urn:schema:Microsoft.Rtc.Management.ScopeFramework.2008}AnchoredXmlKey" }, "Identity": "Global", "ConfigMetadata": { "Authority": "Tenant" } }, { "Description": null, "AllowBroadcastScheduling": true, "AllowBroadcastTranscription": false, "BroadcastAttendeeVisibilityMode": "EveryoneInCompany", "BroadcastRecordingMode": "AlwaysEnabled", "DataSource": "Memory", "Key": { "ScopeClass": "Tag", "SchemaId": "XName=", "AuthorityId": "Class=Host;InstanceId=00000000-0000-0000-0000-000000000000;XmlRoot=", "DefaultXml": "SchemaId=;Data=;ConfigObject=;Signature=00000000-0000-0000-0000-000000000000;IsModified=True", "XmlRoot": "name={urn:schema:Microsoft.Rtc.Management.ScopeFramework.2008}AnchoredXmlKey" }, "Identity": "Tag:Default", "ConfigMetadata": { "Authority": "Host" } } ], "teams_successful_commands": [ "Get-CsTenant", "Get-CsTeamsMeetingPolicy", "Get-CsTenantFederationConfiguration", "Get-CsTeamsClientConfiguration", "Get-CsTeamsAppPermissionPolicy", "Get-CsTeamsMeetingBroadcastPolicy" ], "teams_unsuccessful_commands": [ ] } } |