SCDLPComplianceRule¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Name | Key | String | Name of the Rule. | |
| Policy | Required | String | Name of the associated DLP Compliance Policy. | |
| AccessScope | Write | String | The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope. | InOrganization, NotInOrganization, None |
| BlockAccess | Write | Boolean | The BlockAccess parameter specifies an action for the DLP rule that blocks access to the source item when the conditions of the rule are met. $true: Blocks further access to the source item that matched the rule. The owner, author, and site owner can still access the item. $false: Allows access to the source item that matched the rule. This is the default value. | |
| BlockAccessScope | Write | String | The BlockAccessScope parameter specifies the scope of the block access action. | All, PerUser, None |
| Comment | Write | String | The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks. | |
| AdvancedRule | Write | String | The AdvancedRule parameter uses complex rule syntax that supports multiple AND, OR, and NOT operators and nested groups | |
| ContentContainsSensitiveInformation | Write | MSFT_SCDLPContainsSensitiveInformation | The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type. | |
| ExceptIfContentContainsSensitiveInformation | Write | MSFT_SCDLPContainsSensitiveInformation | The ExceptIfContentContainsSensitiveInformation parameter specifies an exception for the rule that's based on a sensitive information type match in content. The rule isn't applied to content that contains the specified sensitive information type. | |
| ContentPropertyContainsWords | Write | StringArray[] | The ContentPropertyContainsWords parameter specifies a condition for the DLP rule that's based on a property match in content. The rule is applied to content that contains the specified property. | |
| Disabled | Write | Boolean | The Disabled parameter specifies whether the DLP rule is disabled. | |
| GenerateAlert | Write | StringArray[] | The GenerateAlert parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met. | |
| GenerateIncidentReport | Write | StringArray[] | The GenerateIncidentReport parameter specifies an action for the DLP rule that sends an incident report to the specified users when the conditions of the rule are met. | |
| IncidentReportContent | Write | StringArray[] | The IncidentReportContent parameter specifies the content to include in the report when you use the GenerateIncidentReport parameter. | All, Default, DetectionDetails, Detections, DocumentAuthor, DocumentLastModifier, MatchedItem, OriginalContent, RulesMatched, Service, Severity, Title, RetentionLabel, SensitivityLabel |
| NotifyAllowOverride | Write | StringArray[] | The NotifyAllowOverride parameter specifies the notification override options when the conditions of the rule are met. | FalsePositive, WithoutJustification, WithJustification |
| NotifyEmailCustomText | Write | String | The NotifyEmailCustomText parameter specifies the custom text in the email notification message that's sent to recipients when the conditions of the rule are met. | |
| NotifyPolicyTipCustomText | Write | String | The NotifyPolicyTipCustomText parameter specifies the custom text in the Policy Tip notification message that's shown to recipients when the conditions of the rule are met. The maximum length is 256 characters. HTML tags and tokens (variables) aren't supported. | |
| NotifyUser | Write | StringArray[] | The NotifyUser parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met. | |
| ReportSeverityLevel | Write | String | The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule. | Low, Medium, High, None |
| RuleErrorAction | Write | String | The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. | Ignore, RetryThenBlock |
| Ensure | Write | String | Specify if this rule should exist or not. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Exchange Global Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| CertificatePassword | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | |
| CertificatePath | Write | String | Path to certificate used in service principal usually a PFX file. | |
| AnyOfRecipientAddressContainsWords | Write | StringArray[] | The AnyOfRecipientAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in recipient email addresses. | |
| AnyOfRecipientAddressMatchesPatterns | Write | StringArray[] | The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions. | |
| RemoveRMSTemplate | Write | Boolean | The RemoveRMSTemplate parameter specifies an action for the DLP rule that removes Office 365 Message Encryption from messages and their attachments. | |
| StopPolicyProcessing | Write | Boolean | The StopPolicyProcessing parameter specifies an action that stops processing more DLP policy rules. | |
| DocumentIsUnsupported | Write | Boolean | The DocumentIsUnsupported parameter specifies a condition for the DLP rule that looks for files that can't be scanned. | |
| ExceptIfDocumentIsUnsupported | Write | Boolean | The ExceptIfDocumentIsUnsupported parameter specifies an exception for the DLP rule that looks for files that can't be scanned. | |
| HasSenderOverride | Write | Boolean | The SenderOverride parameter specifies a condition for the rule that looks for messages where the sender chose to override a DLP policy. | |
| ExceptIfHasSenderOverride | Write | Boolean | The ExceptIfHasSenderOverride parameter specifies an exception for the rule that looks for messages where the sender chose to override a DLP policy. | |
| ProcessingLimitExceeded | Write | Boolean | The ProcessingLimitExceeded parameter specifies a condition for the DLP rule that looks for files where scanning couldn't complete. | |
| ExceptIfProcessingLimitExceeded | Write | Boolean | The ExceptIfProcessingLimitExceeded parameter specifies an exception for the DLP rule that looks for files where scanning couldn't complete. | |
| DocumentIsPasswordProtected | Write | Boolean | The DocumentIsPasswordProtected parameter specifies a condition for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. | |
| ExceptIfDocumentIsPasswordProtected | Write | Boolean | The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. | |
| MessageTypeMatches | Write | StringArray[] | The MessageTypeMatches parameter specifies a condition for the DLP rule that looks for types of SMIME message patterns. | |
| FromScope | Write | StringArray[] | The FromScope parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule. | |
| ExceptIfFromScope | Write | StringArray[] | The ExceptIfFromScope parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule. | |
| SubjectContainsWords | Write | StringArray[] | The SubjectContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the Subject field of messages. You can specify multiple words or phrases separated by commas. | |
| SubjectMatchesPatterns | Write | StringArray[] | The SubjectMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions. | |
| SubjectOrBodyContainsWords | Write | StringArray[] | The SubjectOrBodyContainsWords parameter specifies a condition for the rule that looks for words in the Subject field or body of messages. | |
| SubjectOrBodyMatchesPatterns | Write | StringArray[] | The SubjectOrBodyMatchesPatterns parameter specifies a condition for the rule that looks for text patterns in the Subject field or body of messages. | |
| ContentCharacterSetContainsWords | Write | StringArray[] | The ContentCharacterSetContainsWords parameter specifies a condition for the rule that looks for character set names in messages. You can specify multiple values separated by commas. | |
| DocumentNameMatchesPatterns | Write | StringArray[] | The DocumentNameMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions. | |
| DocumentNameMatchesWords | Write | StringArray[] | The DocumentNameMatchesWords parameter specifies a condition for the DLP rule that looks for words or phrases in the name of message attachments. | |
| ExceptIfAnyOfRecipientAddressContainsWords | Write | StringArray[] | he ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in recipient email addresses. | |
| ExceptIfAnyOfRecipientAddressMatchesPatterns | Write | StringArray[] | The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions. | |
| ExceptIfContentCharacterSetContainsWords | Write | StringArray[] | The ExceptIfContentCharacterSetContainsWords parameter specifies an exception for the rule that looks for character set names in messages. | |
| ExceptIfContentPropertyContainsWords | Write | StringArray[] | The ExceptIfContentPropertyContainsWords parameter specifies an exception for the DLP rule that's based on a property match in content. | |
| ExceptIfDocumentNameMatchesPatterns | Write | StringArray[] | The ExceptIfDocumentNameMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions. | |
| ExceptIfDocumentNameMatchesWords | Write | StringArray[] | The ExceptIfDocumentNameMatchesWords parameter specifies an exception for the DLP rule that looks for words or phrases in the name of message attachments. | |
| ExceptIfFromAddressContainsWords | Write | StringArray[] | The ExceptIfFromAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the sender's email address. | |
| ExceptIfFromAddressMatchesPatterns | Write | StringArray[] | The ExceptIfFromAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. | |
| FromAddressContainsWords | Write | StringArray[] | The FromAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the sender's email address. | |
| FromAddressMatchesPatterns | Write | StringArray[] | The FromAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. | |
| ExceptIfMessageTypeMatches | Write | StringArray[] | The ExceptIfMessageTypeMatches parameter specifies an exception for the rule that looks for messages of the specified type. | |
| RecipientDomainIs | Write | StringArray[] | The RecipientDomainIs parameter specifies a condition for the DLP rule that looks for recipients with email addresses in the specified domains. | |
| ExceptIfRecipientDomainIs | Write | StringArray[] | The ExceptIfRecipientDomainIs parameter specifies an exception for the DLP rule that looks for recipients with email addresses in the specified domains. | |
| ExceptIfSenderDomainIs | Write | StringArray[] | The ExceptIfSenderDomainIs parameter specifies an exception for the DLP rule that looks for messages from senders with email address in the specified domains. | |
| ExceptIfSenderIPRanges | Write | StringArray[] | The ExceptIfSenderIpRanges parameter specifies an exception for the DLP rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges. | |
| ExceptIfSentTo | Write | StringArray[] | The ExceptIfSentTo parameter specifies an exception for the DLP rule that looks for recipients in messages. You identify the recipients by email address. | |
| ExceptIfSubjectContainsWords | Write | StringArray[] | The ExceptIfSubjectContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the Subject field of messages. | |
| ExceptIfSubjectMatchesPatterns | Write | StringArray[] | The ExceptIfSubjectMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions. | |
| ExceptIfSubjectOrBodyContainsWords | Write | StringArray[] | The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception for the rule that looks for words in the Subject field or body of messages. | |
| ExceptIfSubjectOrBodyMatchesPatterns | Write | StringArray[] | The ExceptIfSubjectOrBodyMatchesPatterns parameter specifies an exception for the rule that looks for text patterns in the Subject field or body of messages. | |
| DocumentContainsWords | Write | StringArray[] | The DocumentContainsWords parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked. | |
| SentToMemberOf | Write | StringArray[] | The SentToMemberOf parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. | |
| ContentIsNotLabeled | Write | Boolean | The ContentIsNotLabeled parameter specifies if the content is labeled. A True or False condition. | |
| SetHeader | Write | StringArray[] | The SetHeader The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas | |
| ContentExtensionMatchesWords | Write | StringArray[] | The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas. | |
| ExceptIfContentExtensionMatchesWords | Write | StringArray[] | The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
MSFT_SCDLPSensitiveInformation¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| name | Required | String | Name of the Sensitive Information Content | |
| id | Write | String | Id of the Sensitive Information Content | |
| maxconfidence | Write | String | Maximum Confidence level value for the Sensitive Information | |
| minconfidence | Write | String | Minimum Confidence level value for the Sensitive Information | |
| classifiertype | Write | String | Type of Classifier value for the Sensitive Information | |
| mincount | Write | String | Minimum Count value for the Sensitive Information | |
| maxcount | Write | String | Maximum Count value for the Sensitive Information |
MSFT_SCDLPLabel¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| name | Required | String | Name of the Sensitive Label | |
| id | Write | String | Id of the Sensitive Information label | |
| type | Write | String | Type of the Sensitive Information label |
MSFT_SCDLPContainsSensitiveInformationGroup¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| SensitiveInformation | Write | MSFT_SCDLPSensitiveInformation[] | Sensitive Information Content Types | |
| Labels | Write | MSFT_SCDLPLabel[] | Sensitive Information Labels | |
| Name | Required | String | Name of the group | |
| Operator | Required | String | Operator | And, Or |
MSFT_SCDLPContainsSensitiveInformation¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| SensitiveInformation | Write | MSFT_SCDLPSensitiveInformation[] | Sensitive Information Content Types | |
| Groups | Write | MSFT_SCDLPContainsSensitiveInformationGroup[] | Groups of sensitive information types. | |
| Operator | Write | String | Operator | And, Or |
Description¶
This resource configures a Data Loss Prevention Compliance Rule in Security and Compliance Center.
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- None
-
Update
- None
Application permissions¶
-
Read
- None
-
Update
- None
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$Credscredential
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
SCDLPComplianceRule 'ConfigureDLPComplianceRule'
{
Name = 'Low volume EU Sensitive content found'
Policy = 'General Data Protection Regulation (GDPR)'
AccessScope = 'InOrganization'
BlockAccess = $True
BlockAccessScope = 'All'
AdvancedRule = "`"{\r\n \`"Version\`": \`"1.0\`",\r\n \`"Condition\`": {\r\n \`"Operator\`": \`"And\`",\r\n \`"SubConditions\`": [\r\n {\r\n \`"ConditionName\`": \`"AccessScope\`",\r\n \`"Value\`": \`"InOrganization\`"\r\n },\r\n {\r\n \`"ConditionName\`": \`"ContentContainsSensitiveInformation\`",\r\n \`"Value\`": {\r\n \`"maxconfidence\`": \`"100\`",\r\n \`"name\`": \`"EU Debit Card Number\`",\r\n \`"maxcount\`": \`"9\`",\r\n \`"minconfidence\`": \`"75\`",\r\n \`"classifiertype\`": \`"Content\`",\r\n \`"mincount\`": \`"1\`",\r\n \`"confidencelevel\`": \`"Medium\`"\r\n }\r\n }\r\n ]\r\n }\r\n}`"";
ContentContainsSensitiveInformation = MSFT_SCDLPContainsSensitiveInformation
{
SensitiveInformation = @(
MSFT_SCDLPSensitiveInformation
{
name = 'EU Debit Card Number'
id = '0e9b3178-9678-47dd-a509-37222ca96b42'
maxconfidence = '100'
minconfidence = '75'
classifiertype = 'Content'
mincount = '1'
maxcount = '9'
}
)
}
Disabled = $False
DocumentIsPasswordProtected = $False
DocumentIsUnsupported = $False
ExceptIfDocumentIsPasswordProtected = $False
ExceptIfDocumentIsUnsupported = $False
ExceptIfHasSenderOverride = $False
ExceptIfProcessingLimitExceeded = $False
GenerateIncidentReport = @('SiteAdmin')
HasSenderOverride = $False
IncidentReportContent = @('DocumentLastModifier', 'Detections', 'Severity', 'DetectionDetails', 'OriginalContent')
NotifyUser = @('LastModifier')
ProcessingLimitExceeded = $False
RemoveRMSTemplate = $False
ReportSeverityLevel = 'Low'
StopPolicyProcessing = $False
Ensure = 'Present'
Credential = $Credscredential
}
}
}