SCInsiderRiskPolicy¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Name | Key | String | Name of the insider risk policy. | |
| InsiderRiskScenario | Key | String | Name of the scenario supported by the policy. | |
| Anonymization | Write | Boolean | Official documentation to come. | |
| DLPUserRiskSync | Write | Boolean | Official documentation to come. | |
| OptInIRMDataExport | Write | Boolean | Official documentation to come. | |
| RaiseAuditAlert | Write | Boolean | Official documentation to come. | |
| FileVolCutoffLimits | Write | String | Official documentation to come. | |
| AlertVolume | Write | String | Official documentation to come. | |
| AnomalyDetections | Write | Boolean | Official documentation to come. | |
| CopyToPersonalCloud | Write | Boolean | Official documentation to come. | |
| CopyToUSB | Write | Boolean | Official documentation to come. | |
| CumulativeExfiltrationDetector | Write | Boolean | Official documentation to come. | |
| EmailExternal | Write | Boolean | Official documentation to come. | |
| EmployeeAccessedEmployeePatientData | Write | Boolean | Official documentation to come. | |
| EmployeeAccessedFamilyData | Write | Boolean | Official documentation to come. | |
| EmployeeAccessedHighVolumePatientData | Write | Boolean | Official documentation to come. | |
| EmployeeAccessedNeighbourData | Write | Boolean | Official documentation to come. | |
| EmployeeAccessedRestrictedData | Write | Boolean | Official documentation to come. | |
| EpoBrowseToChildAbuseSites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToCriminalActivitySites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToCultSites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToGamblingSites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToHackingSites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToHateIntoleranceSites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToIllegalSoftwareSites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToKeyloggerSites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToLlmSites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToMalwareSites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToPhishingSites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToPornographySites | Write | Boolean | Official documentation to come. | |
| EpoBrowseToUnallowedDomain | Write | Boolean | Official documentation to come. | |
| EpoBrowseToViolenceSites | Write | Boolean | Official documentation to come. | |
| EpoCopyToClipboardFromSensitiveFile | Write | Boolean | Official documentation to come. | |
| EpoCopyToNetworkShare | Write | Boolean | Official documentation to come. | |
| EpoFileArchived | Write | Boolean | Official documentation to come. | |
| EpoFileCopiedToRemoteDesktopSession | Write | Boolean | Official documentation to come. | |
| EpoFileDeleted | Write | Boolean | Official documentation to come. | |
| EpoFileDownloadedFromBlacklistedDomain | Write | Boolean | Official documentation to come. | |
| EpoFileDownloadedFromEnterpriseDomain | Write | Boolean | Official documentation to come. | |
| EpoFileRenamed | Write | Boolean | Official documentation to come. | |
| EpoFileStagedToCentralLocation | Write | Boolean | Official documentation to come. | |
| EpoHiddenFileCreated | Write | Boolean | Official documentation to come. | |
| EpoRemovableMediaMount | Write | Boolean | Official documentation to come. | |
| EpoSensitiveFileRead | Write | Boolean | Official documentation to come. | |
| Mcas3rdPartyAppDownload | Write | Boolean | Official documentation to come. | |
| Mcas3rdPartyAppFileDelete | Write | Boolean | Official documentation to come. | |
| Mcas3rdPartyAppFileSharing | Write | Boolean | Official documentation to come. | |
| McasActivityFromInfrequentCountry | Write | Boolean | Official documentation to come. | |
| McasImpossibleTravel | Write | Boolean | Official documentation to come. | |
| McasMultipleFailedLogins | Write | Boolean | Official documentation to come. | |
| McasMultipleStorageDeletion | Write | Boolean | Official documentation to come. | |
| McasMultipleVMCreation | Write | Boolean | Official documentation to come. | |
| McasMultipleVMDeletion | Write | Boolean | Official documentation to come. | |
| McasSuspiciousAdminActivities | Write | Boolean | Official documentation to come. | |
| McasSuspiciousCloudCreation | Write | Boolean | Official documentation to come. | |
| McasSuspiciousCloudTrailLoggingChange | Write | Boolean | Official documentation to come. | |
| McasTerminatedEmployeeActivity | Write | Boolean | Official documentation to come. | |
| OdbDownload | Write | Boolean | Official documentation to come. | |
| OdbSyncDownload | Write | Boolean | Official documentation to come. | |
| PeerCumulativeExfiltrationDetector | Write | Boolean | Official documentation to come. | |
| PhysicalAccess | Write | Boolean | Official documentation to come. | |
| PotentialHighImpactUser | Write | Boolean | Official documentation to come. | |
| Write | Boolean | Official documentation to come. | ||
| PriorityUserGroupMember | Write | Boolean | Official documentation to come. | |
| SecurityAlertDefenseEvasion | Write | Boolean | Official documentation to come. | |
| SecurityAlertUnwantedSoftware | Write | Boolean | Official documentation to come. | |
| SpoAccessRequest | Write | Boolean | Official documentation to come. | |
| SpoApprovedAccess | Write | Boolean | Official documentation to come. | |
| SpoDownload | Write | Boolean | Official documentation to come. | |
| SpoDownloadV2 | Write | Boolean | Official documentation to come. | |
| SpoFileAccessed | Write | Boolean | Official documentation to come. | |
| SpoFileDeleted | Write | Boolean | Official documentation to come. | |
| SpoFileDeletedFromFirstStageRecycleBin | Write | Boolean | Official documentation to come. | |
| SpoFileDeletedFromSecondStageRecycleBin | Write | Boolean | Official documentation to come. | |
| SpoFileLabelDowngraded | Write | Boolean | Official documentation to come. | |
| SpoFileLabelRemoved | Write | Boolean | Official documentation to come. | |
| SpoFileSharing | Write | Boolean | Official documentation to come. | |
| SpoFolderDeleted | Write | Boolean | Official documentation to come. | |
| SpoFolderDeletedFromFirstStageRecycleBin | Write | Boolean | Official documentation to come. | |
| SpoFolderDeletedFromSecondStageRecycleBin | Write | Boolean | Official documentation to come. | |
| SpoFolderSharing | Write | Boolean | Official documentation to come. | |
| SpoSiteExternalUserAdded | Write | Boolean | Official documentation to come. | |
| SpoSiteInternalUserAdded | Write | Boolean | Official documentation to come. | |
| SpoSiteLabelRemoved | Write | Boolean | Official documentation to come. | |
| SpoSiteSharing | Write | Boolean | Official documentation to come. | |
| SpoSyncDownload | Write | Boolean | Official documentation to come. | |
| TeamsChannelFileSharedExternal | Write | Boolean | Official documentation to come. | |
| TeamsChannelMemberAddedExternal | Write | Boolean | Official documentation to come. | |
| TeamsChatFileSharedExternal | Write | Boolean | Official documentation to come. | |
| TeamsFileDownload | Write | Boolean | Official documentation to come. | |
| TeamsFolderSharedExternal | Write | Boolean | Official documentation to come. | |
| TeamsMemberAddedExternal | Write | Boolean | Official documentation to come. | |
| TeamsSensitiveMessage | Write | Boolean | Official documentation to come. | |
| UserHistory | Write | Boolean | Official documentation to come. | |
| AWSS3BlockPublicAccessDisabled | Write | Boolean | Official documentation to come. | |
| AWSS3BucketDeleted | Write | Boolean | Official documentation to come. | |
| AWSS3PublicAccessEnabled | Write | Boolean | Official documentation to come. | |
| AWSS3ServerLoggingDisabled | Write | Boolean | Official documentation to come. | |
| AzureElevateAccessToAllSubscriptions | Write | Boolean | Official documentation to come. | |
| AzureResourceThreatProtectionSettingsUpdated | Write | Boolean | Official documentation to come. | |
| AzureSQLServerAuditingSettingsUpdated | Write | Boolean | Official documentation to come. | |
| AzureSQLServerFirewallRuleDeleted | Write | Boolean | Official documentation to come. | |
| AzureSQLServerFirewallRuleUpdated | Write | Boolean | Official documentation to come. | |
| AzureStorageAccountOrContainerDeleted | Write | Boolean | Official documentation to come. | |
| BoxContentAccess | Write | Boolean | Official documentation to come. | |
| BoxContentDelete | Write | Boolean | Official documentation to come. | |
| BoxContentDownload | Write | Boolean | Official documentation to come. | |
| BoxContentExternallyShared | Write | Boolean | Official documentation to come. | |
| CCFinancialRegulatoryRiskyTextSent | Write | Boolean | Official documentation to come. | |
| CCInappropriateContentSent | Write | Boolean | Official documentation to come. | |
| CCInappropriateImagesSent | Write | Boolean | Official documentation to come. | |
| DropboxContentAccess | Write | Boolean | Official documentation to come. | |
| DropboxContentDelete | Write | Boolean | Official documentation to come. | |
| DropboxContentDownload | Write | Boolean | Official documentation to come. | |
| DropboxContentExternallyShared | Write | Boolean | Official documentation to come. | |
| GoogleDriveContentAccess | Write | Boolean | Official documentation to come. | |
| GoogleDriveContentDelete | Write | Boolean | Official documentation to come. | |
| GoogleDriveContentExternallyShared | Write | Boolean | Official documentation to come. | |
| PowerBIDashboardsDeleted | Write | Boolean | Official documentation to come. | |
| PowerBIReportsDeleted | Write | Boolean | Official documentation to come. | |
| PowerBIReportsDownloaded | Write | Boolean | Official documentation to come. | |
| PowerBIReportsExported | Write | Boolean | Official documentation to come. | |
| PowerBIReportsViewed | Write | Boolean | Official documentation to come. | |
| PowerBISemanticModelsDeleted | Write | Boolean | Official documentation to come. | |
| PowerBISensitivityLabelDowngradedForArtifacts | Write | Boolean | Official documentation to come. | |
| PowerBISensitivityLabelRemovedFromArtifacts | Write | Boolean | Official documentation to come. | |
| HistoricTimeSpan | Write | String | Official documentation to come. | |
| InScopeTimeSpan | Write | String | Official documentation to come. | |
| EnableTeam | Write | Boolean | Official documentation to come. | |
| AnalyticsNewInsightEnabled | Write | Boolean | Official documentation to come. | |
| AnalyticsTurnedOffEnabled | Write | Boolean | Official documentation to come. | |
| HighSeverityAlertsEnabled | Write | Boolean | Official documentation to come. | |
| HighSeverityAlertsRoleGroups | Write | StringArray[] | Official documentation to come. | |
| PoliciesHealthEnabled | Write | Boolean | Official documentation to come. | |
| PoliciesHealthRoleGroups | Write | StringArray[] | Official documentation to come. | |
| NotificationDetailsEnabled | Write | Boolean | Official documentation to come. | |
| NotificationDetailsRoleGroups | Write | StringArray[] | Official documentation to come. | |
| ClipDeletionEnabled | Write | Boolean | Official documentation to come. | |
| SessionRecordingEnabled | Write | Boolean | Official documentation to come. | |
| RecordingTimeframePreEventInSec | Write | String | Official documentation to come. | |
| RecordingTimeframePostEventInSec | Write | String | Official documentation to come. | |
| BandwidthCapInMb | Write | String | Official documentation to come. | |
| OfflineRecordingStorageLimitInMb | Write | String | Official documentation to come. | |
| AdaptiveProtectionEnabled | Write | Boolean | Determines if Adaptive Protection is enabled for Purview. | |
| AdaptiveProtectionHighProfileSourceType | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionHighProfileConfirmedIssueSeverity | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionHighProfileGeneratedIssueSeverity | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionHighProfileInsightSeverity | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionHighProfileInsightCount | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionHighProfileInsightTypes | Write | StringArray[] | Official documentation to come. | |
| AdaptiveProtectionHighProfileConfirmedIssue | Write | Boolean | Official documentation to come. | |
| AdaptiveProtectionMediumProfileSourceType | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionMediumProfileConfirmedIssueSeverity | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionMediumProfileGeneratedIssueSeverity | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionMediumProfileInsightSeverity | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionMediumProfileInsightCount | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionMediumProfileInsightTypes | Write | StringArray[] | Official documentation to come. | |
| AdaptiveProtectionMediumProfileConfirmedIssue | Write | Boolean | Official documentation to come. | |
| AdaptiveProtectionLowProfileSourceType | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionLowProfileConfirmedIssueSeverity | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionLowProfileGeneratedIssueSeverity | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionLowProfileInsightSeverity | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionLowProfileInsightCount | Write | UInt32 | Official documentation to come. | |
| AdaptiveProtectionLowProfileInsightTypes | Write | StringArray[] | Official documentation to come. | |
| AdaptiveProtectionLowProfileConfirmedIssue | Write | Boolean | Official documentation to come. | |
| RetainSeverityAfterTriage | Write | Boolean | Official documentation to come. | |
| LookbackTimeSpan | Write | UInt32 | Official documentation to come. | |
| ProfileInScopeTimeSpan | Write | UInt32 | Official documentation to come. | |
| GPUUtilizationLimit | Write | UInt32 | Official documentation to come. | |
| CPUUtilizationLimit | Write | UInt32 | Official documentation to come. | |
| MDATPTriageStatus | Write | String | Official documentation to come. | |
| Ensure | Write | String | Present ensures the instance exists, absent ensures it is removed. | Absent, Present |
| Credential | Write | PSCredential | Credentials of the workload's Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
Description¶
Configures Insider Risk Policies in Purview.
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- None
-
Update
- None
Application permissions¶
-
Read
- None
-
Update
- None
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting"
{
Anonymization = $false
AlertVolume = "Medium";
AnalyticsNewInsightEnabled = $False;
AnalyticsTurnedOffEnabled = $False;
AnomalyDetections = $False;
ApplicationId = $ApplicationId;
AWSS3BlockPublicAccessDisabled = $False;
AWSS3BucketDeleted = $False;
AWSS3PublicAccessEnabled = $False;
AWSS3ServerLoggingDisabled = $False;
AzureElevateAccessToAllSubscriptions = $False;
AzureResourceThreatProtectionSettingsUpdated = $False;
AzureSQLServerAuditingSettingsUpdated = $False;
AzureSQLServerFirewallRuleDeleted = $False;
AzureSQLServerFirewallRuleUpdated = $False;
AzureStorageAccountOrContainerDeleted = $False;
BoxContentAccess = $False;
BoxContentDelete = $False;
BoxContentDownload = $False;
BoxContentExternallyShared = $False;
CCFinancialRegulatoryRiskyTextSent = $False;
CCInappropriateContentSent = $False;
CCInappropriateImagesSent = $False;
CertificateThumbprint = $CertificateThumbprint;
CopyToPersonalCloud = $False;
CopyToUSB = $False;
CumulativeExfiltrationDetector = $True;
DLPUserRiskSync = $True;
DropboxContentAccess = $False;
DropboxContentDelete = $False;
DropboxContentDownload = $False;
DropboxContentExternallyShared = $False;
EmailExternal = $False;
EmployeeAccessedEmployeePatientData = $False;
EmployeeAccessedFamilyData = $False;
EmployeeAccessedHighVolumePatientData = $False;
EmployeeAccessedNeighbourData = $False;
EmployeeAccessedRestrictedData = $False;
EnableTeam = $True;
Ensure = "Present";
EpoBrowseToChildAbuseSites = $False;
EpoBrowseToCriminalActivitySites = $False;
EpoBrowseToCultSites = $False;
EpoBrowseToGamblingSites = $False;
EpoBrowseToHackingSites = $False;
EpoBrowseToHateIntoleranceSites = $False;
EpoBrowseToIllegalSoftwareSites = $False;
EpoBrowseToKeyloggerSites = $False;
EpoBrowseToLlmSites = $False;
EpoBrowseToMalwareSites = $False;
EpoBrowseToPhishingSites = $False;
EpoBrowseToPornographySites = $False;
EpoBrowseToUnallowedDomain = $False;
EpoBrowseToViolenceSites = $False;
EpoCopyToClipboardFromSensitiveFile = $False;
EpoCopyToNetworkShare = $False;
EpoFileArchived = $False;
EpoFileCopiedToRemoteDesktopSession = $False;
EpoFileDeleted = $False;
EpoFileDownloadedFromBlacklistedDomain = $False;
EpoFileDownloadedFromEnterpriseDomain = $False;
EpoFileRenamed = $False;
EpoFileStagedToCentralLocation = $False;
EpoHiddenFileCreated = $False;
EpoRemovableMediaMount = $False;
EpoSensitiveFileRead = $False;
FileVolCutoffLimits = "59";
GoogleDriveContentAccess = $False;
GoogleDriveContentDelete = $False;
GoogleDriveContentExternallyShared = $False;
HistoricTimeSpan = "89";
InScopeTimeSpan = "30";
InsiderRiskScenario = "TenantSetting";
Mcas3rdPartyAppDownload = $False;
Mcas3rdPartyAppFileDelete = $False;
Mcas3rdPartyAppFileSharing = $False;
McasActivityFromInfrequentCountry = $False;
McasImpossibleTravel = $False;
McasMultipleFailedLogins = $False;
McasMultipleStorageDeletion = $False;
McasMultipleVMCreation = $True;
McasMultipleVMDeletion = $False;
McasSuspiciousAdminActivities = $False;
McasSuspiciousCloudCreation = $False;
McasSuspiciousCloudTrailLoggingChange = $False;
McasTerminatedEmployeeActivity = $False;
Name = "IRM_Tenant_Setting";
NotificationDetailsEnabled = $True;
OdbDownload = $False;
OdbSyncDownload = $False;
OptInIRMDataExport = $True;
PeerCumulativeExfiltrationDetector = $False;
PhysicalAccess = $False;
PotentialHighImpactUser = $False;
PowerBIDashboardsDeleted = $False;
PowerBIReportsDeleted = $False;
PowerBIReportsDownloaded = $False;
PowerBIReportsExported = $False;
PowerBIReportsViewed = $False;
PowerBISemanticModelsDeleted = $False;
PowerBISensitivityLabelDowngradedForArtifacts = $False;
PowerBISensitivityLabelRemovedFromArtifacts = $False;
Print = $False;
PriorityUserGroupMember = $False;
RaiseAuditAlert = $True;
SecurityAlertDefenseEvasion = $False;
SecurityAlertUnwantedSoftware = $False;
SpoAccessRequest = $False;
SpoApprovedAccess = $False;
SpoDownload = $False;
SpoDownloadV2 = $False;
SpoFileAccessed = $False;
SpoFileDeleted = $False;
SpoFileDeletedFromFirstStageRecycleBin = $False;
SpoFileDeletedFromSecondStageRecycleBin = $False;
SpoFileLabelDowngraded = $False;
SpoFileLabelRemoved = $False;
SpoFileSharing = $True;
SpoFolderDeleted = $False;
SpoFolderDeletedFromFirstStageRecycleBin = $False;
SpoFolderDeletedFromSecondStageRecycleBin = $False;
SpoFolderSharing = $False;
SpoSiteExternalUserAdded = $False;
SpoSiteInternalUserAdded = $False;
SpoSiteLabelRemoved = $False;
SpoSiteSharing = $False;
SpoSyncDownload = $False;
TeamsChannelFileSharedExternal = $False;
TeamsChannelMemberAddedExternal = $False;
TeamsChatFileSharedExternal = $False;
TeamsFileDownload = $False;
TeamsFolderSharedExternal = $False;
TeamsMemberAddedExternal = $False;
TeamsSensitiveMessage = $False;
TenantId = $TenantId;
UserHistory = $False;
}
}
}
Example 2¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting"
{
Anonymization = $false
AlertVolume = "Medium";
AnalyticsNewInsightEnabled = $False;
AnalyticsTurnedOffEnabled = $False;
AnomalyDetections = $False;
ApplicationId = $ApplicationId;
AWSS3BlockPublicAccessDisabled = $False;
AWSS3BucketDeleted = $False;
AWSS3PublicAccessEnabled = $False;
AWSS3ServerLoggingDisabled = $False;
AzureElevateAccessToAllSubscriptions = $False;
AzureResourceThreatProtectionSettingsUpdated = $False;
AzureSQLServerAuditingSettingsUpdated = $False;
AzureSQLServerFirewallRuleDeleted = $False;
AzureSQLServerFirewallRuleUpdated = $False;
AzureStorageAccountOrContainerDeleted = $False;
BoxContentAccess = $False;
BoxContentDelete = $False;
BoxContentDownload = $False;
BoxContentExternallyShared = $False;
CCFinancialRegulatoryRiskyTextSent = $False;
CCInappropriateContentSent = $False;
CCInappropriateImagesSent = $False;
CertificateThumbprint = $CertificateThumbprint;
CopyToPersonalCloud = $False;
CopyToUSB = $False;
CumulativeExfiltrationDetector = $True;
DLPUserRiskSync = $True;
DropboxContentAccess = $False;
DropboxContentDelete = $False;
DropboxContentDownload = $False;
DropboxContentExternallyShared = $False;
EmailExternal = $False;
EmployeeAccessedEmployeePatientData = $False;
EmployeeAccessedFamilyData = $False;
EmployeeAccessedHighVolumePatientData = $False;
EmployeeAccessedNeighbourData = $False;
EmployeeAccessedRestrictedData = $False;
EnableTeam = $True;
Ensure = "Present";
EpoBrowseToChildAbuseSites = $False;
EpoBrowseToCriminalActivitySites = $False;
EpoBrowseToCultSites = $False;
EpoBrowseToGamblingSites = $False;
EpoBrowseToHackingSites = $False;
EpoBrowseToHateIntoleranceSites = $False;
EpoBrowseToIllegalSoftwareSites = $False;
EpoBrowseToKeyloggerSites = $False;
EpoBrowseToLlmSites = $False;
EpoBrowseToMalwareSites = $False;
EpoBrowseToPhishingSites = $False;
EpoBrowseToPornographySites = $False;
EpoBrowseToUnallowedDomain = $False;
EpoBrowseToViolenceSites = $False;
EpoCopyToClipboardFromSensitiveFile = $False;
EpoCopyToNetworkShare = $False;
EpoFileArchived = $False;
EpoFileCopiedToRemoteDesktopSession = $False;
EpoFileDeleted = $False;
EpoFileDownloadedFromBlacklistedDomain = $False;
EpoFileDownloadedFromEnterpriseDomain = $False;
EpoFileRenamed = $False;
EpoFileStagedToCentralLocation = $False;
EpoHiddenFileCreated = $False;
EpoRemovableMediaMount = $False;
EpoSensitiveFileRead = $False;
FileVolCutoffLimits = "59";
GoogleDriveContentAccess = $False;
GoogleDriveContentDelete = $False;
GoogleDriveContentExternallyShared = $False;
HistoricTimeSpan = "89";
InScopeTimeSpan = "30";
InsiderRiskScenario = "TenantSetting";
Mcas3rdPartyAppDownload = $False;
Mcas3rdPartyAppFileDelete = $False;
Mcas3rdPartyAppFileSharing = $False;
McasActivityFromInfrequentCountry = $False;
McasImpossibleTravel = $False;
McasMultipleFailedLogins = $False;
McasMultipleStorageDeletion = $False;
McasMultipleVMCreation = $True;
McasMultipleVMDeletion = $False;
McasSuspiciousAdminActivities = $False;
McasSuspiciousCloudCreation = $False;
McasSuspiciousCloudTrailLoggingChange = $False;
McasTerminatedEmployeeActivity = $False;
Name = "IRM_Tenant_Setting";
NotificationDetailsEnabled = $True;
OdbDownload = $False;
OdbSyncDownload = $False;
OptInIRMDataExport = $True;
PeerCumulativeExfiltrationDetector = $False;
PhysicalAccess = $False;
PotentialHighImpactUser = $False;
PowerBIDashboardsDeleted = $False;
PowerBIReportsDeleted = $False;
PowerBIReportsDownloaded = $False;
PowerBIReportsExported = $False;
PowerBIReportsViewed = $False;
PowerBISemanticModelsDeleted = $False;
PowerBISensitivityLabelDowngradedForArtifacts = $False;
PowerBISensitivityLabelRemovedFromArtifacts = $False;
Print = $False;
PriorityUserGroupMember = $False;
RaiseAuditAlert = $True;
SecurityAlertDefenseEvasion = $False;
SecurityAlertUnwantedSoftware = $False;
SpoAccessRequest = $False;
SpoApprovedAccess = $False;
SpoDownload = $False;
SpoDownloadV2 = $False;
SpoFileAccessed = $False;
SpoFileDeleted = $False;
SpoFileDeletedFromFirstStageRecycleBin = $False;
SpoFileDeletedFromSecondStageRecycleBin = $False;
SpoFileLabelDowngraded = $False;
SpoFileLabelRemoved = $False;
SpoFileSharing = $True;
SpoFolderDeleted = $False;
SpoFolderDeletedFromFirstStageRecycleBin = $False;
SpoFolderDeletedFromSecondStageRecycleBin = $False;
SpoFolderSharing = $False;
SpoSiteExternalUserAdded = $False;
SpoSiteInternalUserAdded = $False;
SpoSiteLabelRemoved = $False;
SpoSiteSharing = $False;
SpoSyncDownload = $False;
TeamsChannelFileSharedExternal = $False;
TeamsChannelMemberAddedExternal = $False;
TeamsChatFileSharedExternal = $True; # Drift
TeamsFileDownload = $False;
TeamsFolderSharedExternal = $False;
TeamsMemberAddedExternal = $False;
TeamsSensitiveMessage = $False;
TenantId = $TenantId;
UserHistory = $False;
}
}
}
Example 3¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting"
{
ApplicationId = $ApplicationId;
CertificateThumbprint = $CertificateThumbprint;
Ensure = "Absent";
InsiderRiskScenario = "TenantSetting";
Name = "IRM_Tenant_Setting";
TenantId = $TenantId;
}
}
}