2

When I run the following command, I receive an error. All commands complete successfully up until this point and it does find 67 items.

  PS C:\WINDOWS\system32> New-ComplianceSearchAction -SearchName 'PhishingSearch' -Preview
A parameter cannot be found that matches parameter name 'Preview'.
    + CategoryInfo          : InvalidArgument: (:) [New-ComplianceSearchAction], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,New-ComplianceSearchAction
    + PSComputerName        : can01b.ps.compliance.protection.outlook.com

I'm hoping to preview my results to compare them with what I get in the GUI, but without the -Preview parameter, I'm not able to do that. Microsoft includes the parameter in their documentation here:

New-ComplianceSearchAction Examples

Here is the entirety of my code:

# Create a credential object
$UserCredential = Get-Credential

# Configure a remote session to the Exchange Compliance and Security Module
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $UserCredential -Authentication Basic -AllowRedirection

# Connect session and import commands
Import-PSSession $Session -AllowClobber -DisableNameChecking

# Create a search query specifying a name, where to look, and the search parameters
New-ComplianceSearch -Name "PhishingSearch" -ExchangeLocation 'All' -ContentMatchQuery "(c:c)(Subject: 'Urgent Request') AND (From:abc@123.com)"

# Start the search query created above
Start-ComplianceSearch -Identity 'PhishingSearch'

# Check status of the search query
Get-ComplianceSearch  -Identity 'PhishingSearch'
Get-ComplianceSearch  -Identity 'PhishingSearch' | Format-List -Property Items

# Preview the results to compare with the web-results,
New-ComplianceSearchAction -SearchName 'PhishingSearch' -Preview
Get-ComplianceSearchAction  -Identity 'PhishingSearch_Preview' | Format-List -Property Results

# Purge the emails
New-ComplianceSearchAction -SearchName 'PhishingSearch' -Purge -PurgeType SoftDelete
Get-ComplianceSearchAction  -Identity 'PhishingSearch_Purge' 
Get-ComplianceSearchAction  -Identity 'PhishingSearch_Purge' | Format-List -Property Results
christopher
  • 73
  • 1
  • 2
  • 6

3 Answers3

1

I received a response from Microsoft support and it turns out I needed to be assigned eDiscovery Manager or eDiscovery Administrator permissions. Elsewhere I'd read I needed Organization Management permissions or Compliance Administrator, which I'd tried, so this is helpful. The rest of the commands work because they are not actually listing the emails, to actually use the emails being searched for, one must be a member of eDiscovery.

https://docs.microsoft.com/en-us/office365/securitycompliance/assign-ediscovery-permissions

christopher
  • 73
  • 1
  • 2
  • 6
0

If the functionality is relatively new, it might be that the endpoint you are hitting in Office 365, which your tenant is hosted on, has not yet been updated and thus does not contain the updated cmdlet.

I would advise you to create a ticket with Microsoft support and verify that this is the case. They might also be able to give an ETA on when an update will be applied to your tenant.

Henrik Stanley Mortensen
  • 398
  • 1
  • 7
  • Thanks, Henrik. It's not new functionality, which I was wondering as well. I had also created a ticket, but sometimes folks here are quicker than MS tech support. :) – christopher Jan 17 '19 at 22:58
0

In the Security & Compliance Center, by default, the Preview role is assigned only to the eDiscovery Manager role group. If you have assigned tenant to the role group, please try to if the Preview role is in the role group. You also could remove and re-add the tenant to the role group.

Kelvin_D
  • 301
  • 1
  • 3