You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions).
35
35
36
-
You can create a limited number of policies in your organization based on a fixed amount of space. If your oganization runs out of space for these policies, you'll see the error: "The total size of App Access Policies exceeded the limit." To maximize the number of policies and reduce the amount of space that's consumed by the policies, set a one space charachter description for the policy. This method will allow aproximately 300 policies (versus a previous limit of 100 policies).
36
+
You can create a limited number of policies in your organization based on a fixed amount of space. If your oganization runs out of space for these policies, you'll see the error: "The total size of App Access Policies exceeded the limit." To maximize the number of policies and reduce the amount of space that's consumed by the policies, set a one space character description for the policy. This method will allow aproximately 300 policies (versus a previous limit of 100 policies).
37
37
38
38
While scope-based resource access like Mail.Read or Calendar.Read is effective to ensure that the application can only read email or events within a mailbox and not do anything else, application access policies allow admins to enforce limits that are based on a list of mailboxes. For example, apps developed for one country shouldn't have access to data from other countries. Or, or a CRM integration application should only access calendars in the Sales organization and no other departments.
The SenderDomains parameter specifies the remote domains from which this connector accepts messages, thereby limiting its scope. You can use a wildcard character to specify all subdomains of a specified ___domain, as shown in the following example: \*.contoso.com. However, you can't embed a wildcard character, as shown in the following example: ___domain.\*.contoso.com. You can specify multiple domains separated by commas.
93
+
The SenderDomains parameter specifies the source domains that the connector accepts messages for. A valid value is an SMTP ___domain. Wildcards are supported to indicate a ___domain and all subdomains (for example, \*.contoso.com), but you can't embed the wildcard character (for example, ___domain.\*.contoso.com is not valid).
94
+
95
+
You can specify multiple domains separated by commas.
The AssociatedAcceptedDomains parameter specifies the accepted domains that the connector applies to, thereby limiting its scope. For example, you can apply the connector to a specific accepted ___domain in your organization, such as contoso.com.
111
+
The AssociatedAcceptedDomains parameter restricts the source domains that use the connector to the specified accepted domains. A valid value is an SMTP ___domain that's configured as an accepted ___domain in your Microsoft 365 organization.
112
+
113
+
You can specify multiple values separated by commas.
The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid input for this parameter includes the following values:
209
+
The ConnectorType parameter specifies the category for the source domains that the connector accepts messages for. Valid values are:
206
210
207
-
- Partner: The connector services domains that are external to your organization.
208
-
- OnPremises: The connector services domains that are used by your on-premises organization. Use this value for accepted domains in your cloud-based organization that are also specified by the SenderDomains parameter.
211
+
- Partner: External partners or services.
212
+
- OnPremises: Your on-premises email organization. Use this value for accepted domains in your cloud-based organization that are also specified by the SenderDomains parameter.
The RequireTLS parameter specifies that all messages received by this connector require TLS transmission. Valid values for this parameter are $true or $false. The default value is $false.
338
+
The RequireTLS parameter specifies whether to require TLS transmission for all messages that are received by the connector. Valid values are:
339
+
340
+
- $true: Reject messages if they aren't sent over TLS. This is the default value
341
+
- $false: Allow messages if they aren't sent over TLS.
The RestrictDomainsToCertificate parameter specifies that Microsoft 365 should identify incoming messages that are eligible for this connector by verifying that the remote server authenticates using a TLS certificate that has the TlsSenderCertificateName in the Subject. Valid values are $true or $false.
357
+
The RestrictDomainsToCertificate parameter specifies whether the Subject value of the TLS certificate is checked before messages can use the connector. Valid values are:
358
+
359
+
- $true: Mail is allowed to use the connector only if the Subject value of the TLS certificate that the source email server uses to authenticate matches the TlsSenderCertificateName parameter value.
360
+
- $false: The Subject value of the TLS certificate that the source email server uses to authenticate doesn't control whether mail from that source uses the connector. This is the default value.
The RestrictDomainsToIPAddresses parameter, when set to $true, automatically rejects mail from the domains specified by the SenderDomains parameter if the mail originates from an IP address that isn't specified by the SenderIPAddresses parameter.
376
+
The RestrictDomainsToIPAddresses parameter specifies whether to reject mail that comes from unknown source IP addresses. Valid values are:
364
377
365
-
Valid input for this parameter is $true or $false. The default value is $false.
378
+
- $true: Automatically reject mail from domains that are specified by the SenderDomains parameter if the source IP address isn't also specified by the SenderIPAddress parameter.
379
+
- $false: Don't automatically reject mail from domains that are specified by the SenderDomains parameter based on the source IP address. This is the default value.
The TlsSenderCertificateName parameter specifies the certificate used by the sender's ___domain when the RequireTls parameter is set to $true. Valid input for the TlsSenderCertificateName parameter is an SMTP ___domain. You can use a wildcard character to specify all subdomains of a specified ___domain, as shown in the following example: \*.contoso.com.
421
-
422
-
You can't embed a wildcard character, as shown in the following example: ___domain.\*.contoso.com.
434
+
The TlsSenderCertificateName parameter specifies the TLS certificate that's used when the value of the RequireTls parameter is $true. A valid value is an SMTP ___domain. Wildcards are supported to indicate a ___domain and all subdomains (for example, \*.contoso.com), but you can't embed the wildcard character (for example, ___domain.\*.contoso.com is not valid).
Copy file name to clipboardExpand all lines: exchange/exchange-ps/exchange/Set-DistributionGroup.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -228,7 +228,7 @@ To specify senders for this parameter, you can use any value that uniquely ident
228
228
229
229
You can enter multiple senders separated by commas. To overwrite any existing entries, use the following syntax: `Sender1,Sender2,...SenderN`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"Sender1","Sender2",..."SenderN"`.
230
230
231
-
To add or remove individual senders or groups without affecting other existing entries, use the AcceptMessagesOnlyFrom and AcceptMessageOnlyFromDLMembers parameters.
231
+
To add or remove individual senders or groups without affecting other existing entries, use the AcceptMessagesOnlyFrom and AcceptMessagesOnlyFromDLMembers parameters.
232
232
233
233
The individual senders and groups you specify for this parameter are automatically copied to the AcceptMessagesOnlyFrom and AcceptMessagesOnlyFromDLMembers properties, respectively. Therefore, you can't use the AcceptMessagesOnlyFromSendersOrMembers parameter and the AcceptMessagesOnlyFrom or AcceptMessagesOnlyFromDLMembers parameters in the same command.
The AssociatedAcceptedDomains parameter specifies the accepted domains that the connector applies to, thereby limiting its scope. For example, you can apply the connector to a specific accepted ___domain in your organization, such as contoso.com.
89
+
The AssociatedAcceptedDomains parameter restricts the source domains that use the connector to the specified accepted domains. A valid value is an SMTP ___domain that's configured as an accepted ___domain in your Microsoft 365 organization.
90
+
91
+
You can specify multiple values separated by commas.
The RequireTLS parameter specifies that all messages received by this connector require TLS transmission. Valid values for this parameter are $true or $false. The default value is $false. When the RequireTLS parameter is set to $true, all messages received by this connector require TLS transmission.
332
+
The RequireTLS parameter specifies whether to require TLS transmission for all messages that are received by the connector. Valid values are:
333
+
334
+
- $true: Reject messages if they aren't sent over TLS. This is the default value
335
+
- $false: Allow messages if they aren't sent over TLS.
The RestrictDomainsToCertificate parameter specifies that Microsoft 365 should identify incoming messages that are eligible for this connector by verifying that the remote server authenticates using a TLS certificate that has the TlsSenderCertificateName in the Subject. Valid values are $true or $false.
351
+
The RestrictDomainsToCertificate parameter specifies whether the Subject value of the TLS certificate is checked before messages can use the connector. Valid values are:
352
+
353
+
- $true: Mail is allowed to use the connector only if the Subject value of the TLS certificate that the source email server uses to authenticate matches the TlsSenderCertificateName parameter value.
354
+
- $false: The Subject value of the TLS certificate that the source email server uses to authenticate doesn't control whether mail from that source uses the connector. This is the default value.
The RestrictDomainsToIPAddresses parameter, when set to $true, automatically rejects mail from the domains specified by the SenderDomains parameter if the mail originates from an IP address that isn't specified by the SenderIPAddresses parameter.
370
+
The RestrictDomainsToIPAddresses parameter specifies whether to reject mail that comes from unknown source IP addresses. Valid values are:
360
371
361
-
Valid input for this parameter is $true or $false. The default value is $false.
372
+
- $true: Automatically reject mail from domains that are specified by the SenderDomains parameter if the source IP address isn't also specified by the SenderIPAddress parameter.
373
+
- $false: Don't automatically reject mail from domains that are specified by the SenderDomains parameter based on the source IP address. This is the default value.
The SenderDomains parameter specifies the remote domains from which this connector accepts messages, thereby limiting its scope. You can use a wildcard character to specify all subdomains of a specified ___domain, as shown in the following example:\*.contoso.com. However, you can't embed a wildcard character, as shown in the following example: ___domain.\*.contoso.com.
405
+
The SenderDomains parameter specifies the source domains that the connector accepts messages for. A valid value is an SMTP ___domain. Wildcards are supported to indicate a ___domain and all subdomains (for example, \*.contoso.com), but you can't embed the wildcard character (for example, ___domain.\*.contoso.com is not valid).
394
406
395
407
You can specify multiple domains separated by commas.
The TlsSenderCertificateName parameter specifies the certificate used by the sender's ___domain when the RequireTls parameter is set to $true. Valid input for the TlsSenderCertificateName parameter is an SMTP ___domain. You can use a wildcard character to specify all subdomains of a specified ___domain, as shown in the following example: \*.contoso.com.
433
-
434
-
You can't embed a wildcard character, as shown in the following example: ___domain.\*.contoso.com.
444
+
The TlsSenderCertificateName parameter specifies the TLS certificate that's used when the value of the RequireTls parameter is $true. A valid value is an SMTP ___domain. Wildcards are supported to indicate a ___domain and all subdomains (for example, \*.contoso.com), but you can't embed the wildcard character (for example, ___domain.\*.contoso.com is not valid).
0 commit comments