SCDLPCompliancePolicy¶

Parameters¶

Parameter	Attribute	DataType	Description	Allowed Values
Name	Key	String	The Name parameter specifies the unique name of the DLP policy. If the value contains spaces, enclose the value in quotation marks.
Comment	Write	String	The Comment parameter specifies an optional comment.
EndpointDlpLocation	Write	StringArray[]	The EndpointDLPLocation parameter specifies the user accounts to include in the DLP policy for Endpoint DLP when they are logged on to an onboarded device. You identify the account by name or email address. You can use the value All to include all user accounts.
EndpointDlpLocationException	Write	StringArray[]	The EndpointDlpLocationException parameter specifies the user accounts to exclude from Endpoint DLP when you use the value All for the EndpointDlpLocation parameter. You identify the account by name or email address.
OnPremisesScannerDlpLocation	Write	StringArray[]	The OnPremisesScannerDlpLocation parameter specifies the on-premises file shares and SharePoint document libraries and folders to include in the DLP policy. You can use the value All to include all on-premises file shares and SharePoint document libraries and folders.
OnPremisesScannerDlpLocationException	Write	StringArray[]	The OnPremisesScannerDlpLocationException parameter specifies the on-premises file shares and SharePoint document libraries and folders to exclude from the DLP policy if you use the value All for the OnPremisesScannerDlpLocation parameter.
PowerBIDlpLocation	Write	StringArray[]	The PowerBIDlpLocation parameter specifies the Power BI workspace IDs to include in the DLP policy. Only workspaces hosted in Premium Gen2 capacities are permitted. You can use the value All to include all supported workspaces.
PowerBIDlpLocationException	Write	StringArray[]	The PowerBIDlpLocationException parameter specifies the Power BI workspace IDs to exclude from the DLP policy when you use the value All for the PowerBIDlpLocation parameter. Only workspaces hosted in Premium Gen2 capacities are permitted.
ThirdPartyAppDlpLocation	Write	StringArray[]	The ThirdPartyAppDlpLocation parameter specifies the non-Microsoft cloud apps to include in the DLP policy. You can use the value All to include all connected apps.
ThirdPartyAppDlpLocationException	Write	StringArray[]	The ThirdPartyAppDlpLocationException parameter specifies the non-Microsoft cloud apps to exclude from the DLP policy when you use the value All for the ThirdPartyAppDlpLocation parameter.
ExchangeLocation	Write	StringArray[]	The ExchangeLocation parameter specifies Exchange Online mailboxes to include in the DLP policy. You can only use the value All for this parameter to include all mailboxes.
ExchangeSenderMemberOf	Write	StringArray[]	Exchange members to include.
ExchangeSenderMemberOfException	Write	StringArray[]	Exchange members to exclude.
Mode	Write	String	The Mode parameter specifies the action and notification level of the DLP policy. Valid values are: Enable, TestWithNotifications, TestWithoutNotifications, Disable and PendingDeletion.	`Enable`, `TestWithNotifications`, `TestWithoutNotifications`, `Disable`, `PendingDeletion`
OneDriveLocation	Write	StringArray[]	The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value All to include all sites.
OneDriveLocationException	Write	StringArray[]	This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value.
Priority	Write	UInt32	Priority for the Policy.
SharePointLocation	Write	StringArray[]	The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.
SharePointLocationException	Write	StringArray[]	This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.
TeamsLocation	Write	StringArray[]	Teams locations to include
TeamsLocationException	Write	StringArray[]	Teams locations to exclude.
Ensure	Write	String	Specify if this policy should exist or not.	`Present`, `Absent`
Credential	Write	PSCredential	Credentials of the Exchange Global Admin
ApplicationId	Write	String	Id of the Azure Active Directory application to authenticate with.
TenantId	Write	String	Id of the Azure Active Directory tenant used for authentication.
CertificateThumbprint	Write	String	Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
CertificatePassword	Write	PSCredential	Username can be made up to anything but password will be used for CertificatePassword
CertificatePath	Write	String	Path to certificate used in service principal usually a PFX file.
AccessTokens	Write	StringArray[]	Access token used for authentication.

Description¶

This resource configures a Data Loss Prevention Compliance Policy in Security and Compliance Center.

Permissions¶

Microsoft Graph¶

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions¶

Read
- None
Update
- None

Application permissions¶

Read
- None
Update
- None

Examples¶

Example 1¶

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        SCDLPCompliancePolicy 'ConfigureCompliancePolicy'
        {
            Name               = "MyPolicy"
            Comment            = "Test Policy"
            Priority           = 1
            SharePointLocation = "https://contoso.sharepoint.com/sites/demo"
            Ensure             = "Present"
            Credential         = $Credscredential
        }
    }
}