DMARC spoof

chrisda · chrisda · commit 2d192833b6ad · 2023-02-21T16:28:37.000-08:00
diff --git a/exchange/exchange-ps/exchange/New-AntiPhishPolicy.md b/exchange/exchange-ps/exchange/New-AntiPhishPolicy.md
@@ -25,6 +25,8 @@ New-AntiPhishPolicy [-Name] <String>
  [-AdminDisplayName <String>]
  [-AuthenticationFailAction <SpoofAuthenticationFailAction>]
  [-Confirm]
+ [-DmarcQuarantineAction <SpoofDmarcQuarantineAction>]
+ [-DmarcRejectAction <SpoofDmarcRejectAction>]
  [-Enabled <Boolean>]
  [-EnableFirstContactSafetyTips <Boolean>]
  [-EnableMailboxIntelligence <Boolean>]
@@ -40,6 +42,7 @@ New-AntiPhishPolicy [-Name] <String>
  [-EnableViaTag <Boolean>]
  [-ExcludedDomains <MultiValuedProperty>]
  [-ExcludedSenders <MultiValuedProperty>]
+ [-HonorDmarcPolicy <Boolean>]
  [-ImpersonationProtectionState <ImpersonationProtectionState>]
  [-MailboxIntelligenceProtectionAction <ImpersonationAction>]
  [-MailboxIntelligenceProtectionActionRecipients <MultiValuedProperty>]
@@ -159,6 +162,52 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DmarcQuarantineAction
+This setting is part of spoof protection.
+
+The DmarcQuarantineAction parameter specifies the action to take when the message is detected as spoofing and the policy action value in the DMARC TXT record for the domain is `p=quarantine`. Valid values are:
+
+- MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder.
+- Quarantine: This is the default value. Move the message to quarantine.
+
+This parameter is meaningful only when the HonorDmarcPolicy parameter is set to the value $true.
+
+```yaml
+Type: SpoofDmarcQuarantineAction
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DmarcRejectAction
+This setting is part of spoof protection.
+
+The DmarcRejectAction parameter specifies the action to take when the message is detected as spoofing and the policy action value in the DMARC TXT record for the domain is `p=quarantine`. Valid values are:
+
+- Quarantine: This is the default value. Move the message to quarantine.
+- Reject: Reject the message.
+
+This parameter is meaningful only when the HonorDmarcPolicy parameter is set to the value $true.
+
+```yaml
+Type: SpoofDmarcRejectAction
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Enabled
 This parameter is reserved for internal Microsoft use.
 
@@ -487,6 +536,27 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -HonorDmarcPolicy
+This setting is part of spoof protection.
+
+The HonorDmarcPolicy parameter specifies whether to use the `p=` policy action in the DMARC DNS (TXT) record for the domain when spoofing is detected. Valid values are:
+
+- $true: If spoofing is detected and the action specified in the DMARC TXT record for the domain is `p=quarantine`, use the action that's specified by the DmarcQuarantineAction parameter. If spoofing is detected and the action specified in the DMARC TXT record for the domain is `p=reject`, use the action that's specified by the DmarcRejectAction parameter.
+- $false: This is the default value. If spoofing is detected, use the action that's specified by the AuthenticationFailAction parameter.
+
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ImpersonationProtectionState
 This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365.
 
diff --git a/exchange/exchange-ps/exchange/Set-AntiPhishPolicy.md b/exchange/exchange-ps/exchange/Set-AntiPhishPolicy.md
@@ -25,6 +25,8 @@ Set-AntiPhishPolicy -Identity <AntiPhishPolicyIdParameter>
  [-AdminDisplayName <String>]
  [-AuthenticationFailAction <SpoofAuthenticationFailAction>]
  [-Confirm]
+ [-DmarcQuarantineAction <SpoofDmarcQuarantineAction>]
+ [-DmarcRejectAction <SpoofDmarcRejectAction>]
  [-Enabled <Boolean>]
  [-EnableFirstContactSafetyTips <Boolean>]
  [-EnableMailboxIntelligence <Boolean>]
@@ -40,6 +42,7 @@ Set-AntiPhishPolicy -Identity <AntiPhishPolicyIdParameter>
  [-EnableViaTag <Boolean>]
  [-ExcludedDomains <MultiValuedProperty>]
  [-ExcludedSenders <MultiValuedProperty>]
+ [-HonorDmarcPolicy <Boolean>]
  [-ImpersonationProtectionState <ImpersonationProtectionState>]
  [-MailboxIntelligenceProtectionAction <ImpersonationAction>]
  [-MailboxIntelligenceProtectionActionRecipients <MultiValuedProperty>]
@@ -162,6 +165,52 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -DmarcQuarantineAction
+This setting is part of spoof protection.
+
+The DmarcQuarantineAction parameter specifies the action to take when the message is detected as spoofing and the policy action value in the DMARC TXT record for the domain is `p=quarantine`. Valid values are:
+
+- MoveToJmf: Deliver the message to the recipient's mailbox, and move the message to the Junk Email folder.
+- Quarantine: This is the default value. Move the message to quarantine.
+
+This parameter is meaningful only when the HonorDmarcPolicy parameter is set to the value $true.
+
+```yaml
+Type: SpoofDmarcQuarantineAction
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DmarcRejectAction
+This setting is part of spoof protection.
+
+The DmarcRejectAction parameter specifies the action to take when the message is detected as spoofing and the policy action value in the DMARC TXT record for the domain is `p=quarantine`. Valid values are:
+
+- Quarantine: This is the default value. Move the message to quarantine.
+- Reject: Reject the message.
+
+This parameter is meaningful only when the HonorDmarcPolicy parameter is set to the value $true.
+
+```yaml
+Type: SpoofDmarcRejectAction
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Enabled
 This parameter is reserved for internal Microsoft use.
 
@@ -490,6 +539,27 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -HonorDmarcPolicy
+This setting is part of spoof protection.
+
+The HonorDmarcPolicy parameter specifies whether to use the `p=` policy action in the DMARC DNS (TXT) record for the domain when spoofing is detected. Valid values are:
+
+- $true: If spoofing is detected and the action specified in the DMARC TXT record for the domain is `p=quarantine`, use the action that's specified by the DmarcQuarantineAction parameter. If spoofing is detected and the action specified in the DMARC TXT record for the domain is `p=reject`, use the action that's specified by the DmarcRejectAction parameter.
+- $false: This is the default value. If spoofing is detected, use the action that's specified by the AuthenticationFailAction parameter.
+
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ImpersonationProtectionState
 This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365.
 
