I discussed the newly released Advanced Threat Protection product in Office 365 on my blog, and in this article I want to outline the cmdlets that can be used to set this product up from Remote PowerShell to Office 365.
To connect to Office 365 via PowerShell take a search on your favourite search engine – there are lots and lots of articles on doing this. Once you have a connection to Exchange Online and you have purchased the Exchange Online Advanced Threat Protection product, you can use PowerShell to do your administration and report gathering.
The cmdlets you can use are for Safe Links are:
Disable-SafeLinksRule
Enable-SafeLinksRule
Get-SafeLinksPolicy
Get-SafeLinksRule
New-SafeLinksPolicy
New-SafeLinksRule
Remove-SafeLinksPolicy
Remove-SafeLinksRule
Set-SafeLinksPolicy
Set-SafeLinksRule
And the cmdlets you can use for Safe Attachments are:
Disable-SafeAttachmentRule
Enable-SafeAttachmentRule
Get-SafeAttachmentPolicy
Get-SafeAttachmentRule
New-SafeAttachmentPolicy
New-SafeAttachmentRule
Remove-SafeAttachmentPolicy
Remove-SafeAttachmentRule
Set-SafeAttachmentPolicy
Set-SafeAttachmentRule
And for reporting, you can run Get-AdvancedThreatProtectionTrafficReport to report on the number of attachments blocked and the type of notification sent when looking at Safe Attachments. Get-UrlTrace does the same report for Safe Links.
The cmdlet *-SafeLinksPolicy and *-SafeAttachmentPolicy controls the policy. Every rule needs to be associated with a policy and so a policy needs creating first:
New-SafeLinksPolicy “Protect C7 Solutions Users”
Will create a Safe Link policy with the default settings. This includes no URL tracking, no click through and is not enabled. A better start might be
New-SafeLinksPolicy “Protect C7 Solutions Users” -TrackClicks $true -IsEnabled $true -AllowClickThrough $false
Once a policy is created, a rule can be added to that policy. The *-SafeLinksRule and *-SafeAttachmentRule cmdlets control this in the shell. You can only have one rule per policy. An example cmdlet to create a rule would be:
New-SafeLinksRule “Protect C7 Solutions Users” -SafeLinksPolicy “Protect C7 Solutions Users” -RecipientDomainIs “c7solutions.com” -Enabled $true
Note that the –SafeLinksPolicy value matches that of the name of the previously created policy when making the rule.
To create a Safe Attachment policy and rule that protect all users by blocking malicious attachments and sending a report to an external mailbox you could use:
New-SafeAttachmentPolicy “Protect C7 Solutions Users” -Enable $true -Redirect $true -RedirectAddress brian@contoso.com –Action Block
New-SafeAttachmentRule “Protect C7 Solutions Users” -RecipientDomainIs “c7solutions.com” -SafeAttachmentPolicy “Protect C7 Solutions Users” -Enabled $true
The other cmdlets are self explanatory with regard to Enable- and Disable- and Set- and Remove-. The advantage of using PowerShell to administer Safe Links and Safe Attachments is you can set up a policy in a lab and then copy it to a production environment or enable the same policy on many different tenants if you are a Microsoft Partner with customers interested in this advanced protection of their mailbox.
Leave a Reply to Brian Reid Cancel reply