Public/Set-AtpDefaultPolicies.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
function Set-AtpDefaultPolicies {
    [CmdletBinding()]
    param (
        [Parameter()]
        [switch]
        $NoSafeAttachmentPolicy,
        
        [Parameter()]
        [switch]
        $NoSafeLinksPolicy,

        [Parameter()]
        [string]
        $SafeAttachmentRedirectEmailAddress
    )


    $domains = Get-AcceptedDomain | Where-Object { $_.DomainName -notmatch "\.mail\.onmicrosoft\.com"}
    $defaultDomainName = $domains.Where({$_.Default}).DomainName
    if($SafeAttachmentRedirectEmailAddress) {
        $safeAttachRedirectEmail = $SafeAttachmentRedirectEmailAddress
    }
    else {
        $safeAttachRedirectEmail = "atp_redirect@$defaultDomainName"
    }

    if (-not ($null = Get-Mailbox -Identity $safeAttachRedirectEmail -ErrorAction SilentlyContinue))
    {
        Write-Error -Message "Mailbox '$safeattachredirectemail' does not exist. Please create this mailbox or specify an existing mailbox before continuing."
        break
    }

    if(-not $NoSafeLinksPolicy) {
        $safeLinksPolicy = New-SafeLinksPolicy -Name "Default Safe Links Policy"
        $safeLinksRule = New-SafeLinksRule -Name "Default Safe Links Rule" -SafeLinksPolicy $safeLinksPolicy.Name -RecipientDomainIs $domains.DomainName
        $safeLinksPolicy | Set-SafeLinksPolicy -IsEnabled $true
        Set-AtpPolicyForO365 -EnableSafeLinksForClients $true
    }

    if(-not $NoSafeAttachmentPolicy) {
        $safeAttachPolicy = New-SafeAttachmentPolicy -Name "Default Safe Attachment Policy" -Redirect $true -RedirectAddress $safeAttachRedirectEmail -Action DynamicDelivery
        $safeAttachRule = New-SafeAttachmentRule -Name "Default Safe Attachment Rule" -SafeAttachmentPolicy $safeAttachPolicy.Name -ExceptIfSentTo $safeAttachRedirectEmail -RecipientDomainIs $domains.DomainName
        $safeAttachPolicy | Set-SafeAttachmentPolicy -Enable $true
        Set-AtpPolicyForO365 -EnableATPForSPOTeamsODB $true
    }
}