Forum Discussion
Configuring 'Quarantine release request' alert via powershell?
You cannot modify built-in policies, as mentioned in the documentation:
Note: You can't use this cmdlet to edit default alert policies. You can only modify alerts that you created using the New-ProtectionAlert cmdlet.
The UI uses a different API to update policies ("policy overrides"), which is not exposed via any PowerShell cmdlet, afaik.
As for creating the alert, try specifying "-AggregationType None", as "advanced" aggregations are one of the conditions that require premium licensing.
Hi, based on your description, it seems you’re facing two separate issues:
1-Truncated Identity Issue:
It appears that when you retrieve the alert policy, the Identity string is getting truncated when used with the Set-ProtectionAlert cmdlet. This might be due to how the module handles long strings with spaces or special characters. One possible workaround is to see if there’s a short alias or an alternative identifier that you can use instead. You might also try escaping special characters or enclosing the identity in quotes to ensure it’s interpreted correctly.
2-Creating a New Alert Policy and Licensing Restrictions:
When you try to create a new alert policy with your desired notification settings, you’re encountering an error that says you're not allowed to create "advanced alert policies" with your P2 license, and that an Enterprise license is required. This is puzzling, especially since the web portal lets you perform these actions without issue. It might be that through PowerShell, you are inadvertently triggering functionality that’s considered advanced, even if all you want is to change the alert recipient.
Here are a few suggestions to consider:
Double-check documentation: Look for any parameters or special modes that allow you to simply modify the notification recipient without enabling advanced features.
Use a different identifier: If possible, check if there’s an alternative identifier or a more “short-hand” version of the alert policy’s Identity that might work without truncation.
Reach out to support: Given the discrepancy between the web portal and PowerShell behavior, contacting Microsoft support or checking their forums/documentation might clarify if there’s a known issue or workaround.
I hope these insights help you move forward.
Thanks for this! So,
1) So I looked into this again, and tried a few different methods - Quotation Marks, Escape Chars, using -Operation to identify it. Unfortunately, Set-ProtectionAlert DEMANDS an -Identity. If you don't pass it, you get prompted....PS C:\Users\woof> $alert.Identity FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User requested to release a quarantined message PS C:\Users\woof> Set-ProtectionAlert -Operation QuarantineRequestReleaseMessage -Identity $alert.Identity -NotifyUser email address removed for privacy reasons Set-ProtectionAlert: There is no rule matching identity 'f00ed340-8f84-4eb4-83f3-0075a22b262e\User requested to release a quarantined message'.Encapsulating with Quotations like "$alert.Identity" or "$($alert.Identity)" didn't change anything..
I also tried Write-Host "Identity: $($alert.Identity)" to try to debug what it was passing, but this returns the full Identity - so this actually works.. Checking documentation on Set-ProtectionAlert, it SAYS - Identity can be the name, guid, or DN. So I try ALL of these.. and none of them match.. For reference $alert is directly pulled from my policies with Get-ProtectionAlert - what's being passed is directly from the policy.PS C:\Users\woof> $alert | Select-Object Name, Guid, DistinguishedName | Format-List Name : User requested to release a quarantined message Guid : 34116cef-7761-4cdf-a30b-5aa944d93d74 DistinguishedName : CN=User requested to release a quarantined message,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com PS C:\Users\woof> Set-ProtectionAlert -Identity $alert.Guid -NotifyUser (me) Set-ProtectionAlert: There is no rule matching identity '34116cef-7761-4cdf-a30b-5aa944d93d74'. PS C:\Users\woof> Set-ProtectionAlert -Identity $alert.DistinguishedName -NotifyUser (me) Set-ProtectionAlert: There is no rule matching identity 'FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User requested to release a quarantined message'. PS C:\Users\woof> Set-ProtectionAlert -Identity $alert.name -NotifyUser (me) Set-ProtectionAlert: There is no rule matching identity 'User requested to release a quarantined message'.
Re: reaching out to support, do you have any recommendations on where to do this? This IS the community hub, so I figured it would be active. And honestly, anytime I visit their documentation, I'm fixing errors. Any recommendations would be appreciated.
e: even manually inputting the GUID doesn't work.PS C:\Users\woof> Set-ProtectionAlert -Identity "f00ed340-8f84-4eb4-83f3-0075a22b262e" -NotifyUser (me) Set-ProtectionAlert: There is no rule matching identity 'f00ed340-8f84-4eb4-83f3-0075a22b262e'E2: from doc - Note: You can't use this cmdlet to edit default alert policies. You can only modify alerts that you created using the New-ProtectionAlert cmdlet.
FFS..
