SCInsiderRiskPolicy

Parameters

Parameter Attribute DataType Description Allowed Values
Name Key String Name of the insider risk policy.
InsiderRiskScenario Key String Name of the scenario supported by the policy.
Anonymization Write Boolean Official documentation to come.
DLPUserRiskSync Write Boolean Official documentation to come.
OptInIRMDataExport Write Boolean Official documentation to come.
RaiseAuditAlert Write Boolean Official documentation to come.
FileVolCutoffLimits Write String Official documentation to come.
AlertVolume Write String Official documentation to come.
AnomalyDetections Write Boolean Official documentation to come.
CopyToPersonalCloud Write Boolean Official documentation to come.
CopyToUSB Write Boolean Official documentation to come.
CumulativeExfiltrationDetector Write Boolean Official documentation to come.
EmailExternal Write Boolean Official documentation to come.
EmployeeAccessedEmployeePatientData Write Boolean Official documentation to come.
EmployeeAccessedFamilyData Write Boolean Official documentation to come.
EmployeeAccessedHighVolumePatientData Write Boolean Official documentation to come.
EmployeeAccessedNeighbourData Write Boolean Official documentation to come.
EmployeeAccessedRestrictedData Write Boolean Official documentation to come.
EpoBrowseToChildAbuseSites Write Boolean Official documentation to come.
EpoBrowseToCriminalActivitySites Write Boolean Official documentation to come.
EpoBrowseToCultSites Write Boolean Official documentation to come.
EpoBrowseToGamblingSites Write Boolean Official documentation to come.
EpoBrowseToHackingSites Write Boolean Official documentation to come.
EpoBrowseToHateIntoleranceSites Write Boolean Official documentation to come.
EpoBrowseToIllegalSoftwareSites Write Boolean Official documentation to come.
EpoBrowseToKeyloggerSites Write Boolean Official documentation to come.
EpoBrowseToLlmSites Write Boolean Official documentation to come.
EpoBrowseToMalwareSites Write Boolean Official documentation to come.
EpoBrowseToPhishingSites Write Boolean Official documentation to come.
EpoBrowseToPornographySites Write Boolean Official documentation to come.
EpoBrowseToUnallowedDomain Write Boolean Official documentation to come.
EpoBrowseToViolenceSites Write Boolean Official documentation to come.
EpoCopyToClipboardFromSensitiveFile Write Boolean Official documentation to come.
EpoCopyToNetworkShare Write Boolean Official documentation to come.
EpoFileArchived Write Boolean Official documentation to come.
EpoFileCopiedToRemoteDesktopSession Write Boolean Official documentation to come.
EpoFileDeleted Write Boolean Official documentation to come.
EpoFileDownloadedFromBlacklistedDomain Write Boolean Official documentation to come.
EpoFileDownloadedFromEnterpriseDomain Write Boolean Official documentation to come.
EpoFileRenamed Write Boolean Official documentation to come.
EpoFileStagedToCentralLocation Write Boolean Official documentation to come.
EpoHiddenFileCreated Write Boolean Official documentation to come.
EpoRemovableMediaMount Write Boolean Official documentation to come.
EpoSensitiveFileRead Write Boolean Official documentation to come.
Mcas3rdPartyAppDownload Write Boolean Official documentation to come.
Mcas3rdPartyAppFileDelete Write Boolean Official documentation to come.
Mcas3rdPartyAppFileSharing Write Boolean Official documentation to come.
McasActivityFromInfrequentCountry Write Boolean Official documentation to come.
McasImpossibleTravel Write Boolean Official documentation to come.
McasMultipleFailedLogins Write Boolean Official documentation to come.
McasMultipleStorageDeletion Write Boolean Official documentation to come.
McasMultipleVMCreation Write Boolean Official documentation to come.
McasMultipleVMDeletion Write Boolean Official documentation to come.
McasSuspiciousAdminActivities Write Boolean Official documentation to come.
McasSuspiciousCloudCreation Write Boolean Official documentation to come.
McasSuspiciousCloudTrailLoggingChange Write Boolean Official documentation to come.
McasTerminatedEmployeeActivity Write Boolean Official documentation to come.
OdbDownload Write Boolean Official documentation to come.
OdbSyncDownload Write Boolean Official documentation to come.
PeerCumulativeExfiltrationDetector Write Boolean Official documentation to come.
PhysicalAccess Write Boolean Official documentation to come.
PotentialHighImpactUser Write Boolean Official documentation to come.
Print Write Boolean Official documentation to come.
PriorityUserGroupMember Write Boolean Official documentation to come.
SecurityAlertDefenseEvasion Write Boolean Official documentation to come.
SecurityAlertUnwantedSoftware Write Boolean Official documentation to come.
SpoAccessRequest Write Boolean Official documentation to come.
SpoApprovedAccess Write Boolean Official documentation to come.
SpoDownload Write Boolean Official documentation to come.
SpoDownloadV2 Write Boolean Official documentation to come.
SpoFileAccessed Write Boolean Official documentation to come.
SpoFileDeleted Write Boolean Official documentation to come.
SpoFileDeletedFromFirstStageRecycleBin Write Boolean Official documentation to come.
SpoFileDeletedFromSecondStageRecycleBin Write Boolean Official documentation to come.
SpoFileLabelDowngraded Write Boolean Official documentation to come.
SpoFileLabelRemoved Write Boolean Official documentation to come.
SpoFileSharing Write Boolean Official documentation to come.
SpoFolderDeleted Write Boolean Official documentation to come.
SpoFolderDeletedFromFirstStageRecycleBin Write Boolean Official documentation to come.
SpoFolderDeletedFromSecondStageRecycleBin Write Boolean Official documentation to come.
SpoFolderSharing Write Boolean Official documentation to come.
SpoSiteExternalUserAdded Write Boolean Official documentation to come.
SpoSiteInternalUserAdded Write Boolean Official documentation to come.
SpoSiteLabelRemoved Write Boolean Official documentation to come.
SpoSiteSharing Write Boolean Official documentation to come.
SpoSyncDownload Write Boolean Official documentation to come.
TeamsChannelFileSharedExternal Write Boolean Official documentation to come.
TeamsChannelMemberAddedExternal Write Boolean Official documentation to come.
TeamsChatFileSharedExternal Write Boolean Official documentation to come.
TeamsFileDownload Write Boolean Official documentation to come.
TeamsFolderSharedExternal Write Boolean Official documentation to come.
TeamsMemberAddedExternal Write Boolean Official documentation to come.
TeamsSensitiveMessage Write Boolean Official documentation to come.
UserHistory Write Boolean Official documentation to come.
AWSS3BlockPublicAccessDisabled Write Boolean Official documentation to come.
AWSS3BucketDeleted Write Boolean Official documentation to come.
AWSS3PublicAccessEnabled Write Boolean Official documentation to come.
AWSS3ServerLoggingDisabled Write Boolean Official documentation to come.
AzureElevateAccessToAllSubscriptions Write Boolean Official documentation to come.
AzureResourceThreatProtectionSettingsUpdated Write Boolean Official documentation to come.
AzureSQLServerAuditingSettingsUpdated Write Boolean Official documentation to come.
AzureSQLServerFirewallRuleDeleted Write Boolean Official documentation to come.
AzureSQLServerFirewallRuleUpdated Write Boolean Official documentation to come.
AzureStorageAccountOrContainerDeleted Write Boolean Official documentation to come.
BoxContentAccess Write Boolean Official documentation to come.
BoxContentDelete Write Boolean Official documentation to come.
BoxContentDownload Write Boolean Official documentation to come.
BoxContentExternallyShared Write Boolean Official documentation to come.
CCFinancialRegulatoryRiskyTextSent Write Boolean Official documentation to come.
CCInappropriateContentSent Write Boolean Official documentation to come.
CCInappropriateImagesSent Write Boolean Official documentation to come.
DropboxContentAccess Write Boolean Official documentation to come.
DropboxContentDelete Write Boolean Official documentation to come.
DropboxContentDownload Write Boolean Official documentation to come.
DropboxContentExternallyShared Write Boolean Official documentation to come.
GoogleDriveContentAccess Write Boolean Official documentation to come.
GoogleDriveContentDelete Write Boolean Official documentation to come.
GoogleDriveContentExternallyShared Write Boolean Official documentation to come.
PowerBIDashboardsDeleted Write Boolean Official documentation to come.
PowerBIReportsDeleted Write Boolean Official documentation to come.
PowerBIReportsDownloaded Write Boolean Official documentation to come.
PowerBIReportsExported Write Boolean Official documentation to come.
PowerBIReportsViewed Write Boolean Official documentation to come.
PowerBISemanticModelsDeleted Write Boolean Official documentation to come.
PowerBISensitivityLabelDowngradedForArtifacts Write Boolean Official documentation to come.
PowerBISensitivityLabelRemovedFromArtifacts Write Boolean Official documentation to come.
HistoricTimeSpan Write String Official documentation to come.
InScopeTimeSpan Write String Official documentation to come.
EnableTeam Write Boolean Official documentation to come.
AnalyticsNewInsightEnabled Write Boolean Official documentation to come.
AnalyticsTurnedOffEnabled Write Boolean Official documentation to come.
HighSeverityAlertsEnabled Write Boolean Official documentation to come.
HighSeverityAlertsRoleGroups Write StringArray[] Official documentation to come.
PoliciesHealthEnabled Write Boolean Official documentation to come.
PoliciesHealthRoleGroups Write StringArray[] Official documentation to come.
NotificationDetailsEnabled Write Boolean Official documentation to come.
NotificationDetailsRoleGroups Write StringArray[] Official documentation to come.
ClipDeletionEnabled Write Boolean Official documentation to come.
SessionRecordingEnabled Write Boolean Official documentation to come.
RecordingTimeframePreEventInSec Write String Official documentation to come.
RecordingTimeframePostEventInSec Write String Official documentation to come.
BandwidthCapInMb Write String Official documentation to come.
OfflineRecordingStorageLimitInMb Write String Official documentation to come.
AdaptiveProtectionEnabled Write Boolean Determines if Adaptive Protection is enabled for Purview.
AdaptiveProtectionHighProfileSourceType Write UInt32 Official documentation to come.
AdaptiveProtectionHighProfileConfirmedIssueSeverity Write UInt32 Official documentation to come.
AdaptiveProtectionHighProfileGeneratedIssueSeverity Write UInt32 Official documentation to come.
AdaptiveProtectionHighProfileInsightSeverity Write UInt32 Official documentation to come.
AdaptiveProtectionHighProfileInsightCount Write UInt32 Official documentation to come.
AdaptiveProtectionHighProfileInsightTypes Write StringArray[] Official documentation to come.
AdaptiveProtectionHighProfileConfirmedIssue Write Boolean Official documentation to come.
AdaptiveProtectionMediumProfileSourceType Write UInt32 Official documentation to come.
AdaptiveProtectionMediumProfileConfirmedIssueSeverity Write UInt32 Official documentation to come.
AdaptiveProtectionMediumProfileGeneratedIssueSeverity Write UInt32 Official documentation to come.
AdaptiveProtectionMediumProfileInsightSeverity Write UInt32 Official documentation to come.
AdaptiveProtectionMediumProfileInsightCount Write UInt32 Official documentation to come.
AdaptiveProtectionMediumProfileInsightTypes Write StringArray[] Official documentation to come.
AdaptiveProtectionMediumProfileConfirmedIssue Write Boolean Official documentation to come.
AdaptiveProtectionLowProfileSourceType Write UInt32 Official documentation to come.
AdaptiveProtectionLowProfileConfirmedIssueSeverity Write UInt32 Official documentation to come.
AdaptiveProtectionLowProfileGeneratedIssueSeverity Write UInt32 Official documentation to come.
AdaptiveProtectionLowProfileInsightSeverity Write UInt32 Official documentation to come.
AdaptiveProtectionLowProfileInsightCount Write UInt32 Official documentation to come.
AdaptiveProtectionLowProfileInsightTypes Write StringArray[] Official documentation to come.
AdaptiveProtectionLowProfileConfirmedIssue Write Boolean Official documentation to come.
RetainSeverityAfterTriage Write Boolean Official documentation to come.
LookbackTimeSpan Write UInt32 Official documentation to come.
ProfileInScopeTimeSpan Write UInt32 Official documentation to come.
Ensure Write String Present ensures the instance exists, absent ensures it is removed. Absent, Present
Credential Write PSCredential Credentials of the workload's Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

Description

Configures Insider Risk Policies in Purview.

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • None
  • Update

    • None

Application permissions

  • Read

    • None
  • Update

    • None

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting"
        {
            Anonymization = $false
            AlertVolume                                   = "Medium";
            AnalyticsNewInsightEnabled                    = $False;
            AnalyticsTurnedOffEnabled                     = $False;
            AnomalyDetections                             = $False;
            ApplicationId                                 = $ApplicationId;
            AWSS3BlockPublicAccessDisabled                = $False;
            AWSS3BucketDeleted                            = $False;
            AWSS3PublicAccessEnabled                      = $False;
            AWSS3ServerLoggingDisabled                    = $False;
            AzureElevateAccessToAllSubscriptions          = $False;
            AzureResourceThreatProtectionSettingsUpdated  = $False;
            AzureSQLServerAuditingSettingsUpdated         = $False;
            AzureSQLServerFirewallRuleDeleted             = $False;
            AzureSQLServerFirewallRuleUpdated             = $False;
            AzureStorageAccountOrContainerDeleted         = $False;
            BoxContentAccess                              = $False;
            BoxContentDelete                              = $False;
            BoxContentDownload                            = $False;
            BoxContentExternallyShared                    = $False;
            CCFinancialRegulatoryRiskyTextSent            = $False;
            CCInappropriateContentSent                    = $False;
            CCInappropriateImagesSent                     = $False;
            CertificateThumbprint                         = $CertificateThumbprint;
            CopyToPersonalCloud                           = $False;
            CopyToUSB                                     = $False;
            CumulativeExfiltrationDetector                = $True;
            DLPUserRiskSync                               = $True;
            DropboxContentAccess                          = $False;
            DropboxContentDelete                          = $False;
            DropboxContentDownload                        = $False;
            DropboxContentExternallyShared                = $False;
            EmailExternal                                 = $False;
            EmployeeAccessedEmployeePatientData           = $False;
            EmployeeAccessedFamilyData                    = $False;
            EmployeeAccessedHighVolumePatientData         = $False;
            EmployeeAccessedNeighbourData                 = $False;
            EmployeeAccessedRestrictedData                = $False;
            EnableTeam                                    = $True;
            Ensure                                        = "Present";
            EpoBrowseToChildAbuseSites                    = $False;
            EpoBrowseToCriminalActivitySites              = $False;
            EpoBrowseToCultSites                          = $False;
            EpoBrowseToGamblingSites                      = $False;
            EpoBrowseToHackingSites                       = $False;
            EpoBrowseToHateIntoleranceSites               = $False;
            EpoBrowseToIllegalSoftwareSites               = $False;
            EpoBrowseToKeyloggerSites                     = $False;
            EpoBrowseToLlmSites                           = $False;
            EpoBrowseToMalwareSites                       = $False;
            EpoBrowseToPhishingSites                      = $False;
            EpoBrowseToPornographySites                   = $False;
            EpoBrowseToUnallowedDomain                    = $False;
            EpoBrowseToViolenceSites                      = $False;
            EpoCopyToClipboardFromSensitiveFile           = $False;
            EpoCopyToNetworkShare                         = $False;
            EpoFileArchived                               = $False;
            EpoFileCopiedToRemoteDesktopSession           = $False;
            EpoFileDeleted                                = $False;
            EpoFileDownloadedFromBlacklistedDomain        = $False;
            EpoFileDownloadedFromEnterpriseDomain         = $False;
            EpoFileRenamed                                = $False;
            EpoFileStagedToCentralLocation                = $False;
            EpoHiddenFileCreated                          = $False;
            EpoRemovableMediaMount                        = $False;
            EpoSensitiveFileRead                          = $False;
            FileVolCutoffLimits                           = "59";
            GoogleDriveContentAccess                      = $False;
            GoogleDriveContentDelete                      = $False;
            GoogleDriveContentExternallyShared            = $False;
            HistoricTimeSpan                              = "89";
            InScopeTimeSpan                               = "30";
            InsiderRiskScenario                           = "TenantSetting";
            Mcas3rdPartyAppDownload                       = $False;
            Mcas3rdPartyAppFileDelete                     = $False;
            Mcas3rdPartyAppFileSharing                    = $False;
            McasActivityFromInfrequentCountry             = $False;
            McasImpossibleTravel                          = $False;
            McasMultipleFailedLogins                      = $False;
            McasMultipleStorageDeletion                   = $False;
            McasMultipleVMCreation                        = $True;
            McasMultipleVMDeletion                        = $False;
            McasSuspiciousAdminActivities                 = $False;
            McasSuspiciousCloudCreation                   = $False;
            McasSuspiciousCloudTrailLoggingChange         = $False;
            McasTerminatedEmployeeActivity                = $False;
            Name                                          = "IRM_Tenant_Setting";
            NotificationDetailsEnabled                    = $True;
            OdbDownload                                   = $False;
            OdbSyncDownload                               = $False;
            OptInIRMDataExport                            = $True;
            PeerCumulativeExfiltrationDetector            = $False;
            PhysicalAccess                                = $False;
            PotentialHighImpactUser                       = $False;
            PowerBIDashboardsDeleted                      = $False;
            PowerBIReportsDeleted                         = $False;
            PowerBIReportsDownloaded                      = $False;
            PowerBIReportsExported                        = $False;
            PowerBIReportsViewed                          = $False;
            PowerBISemanticModelsDeleted                  = $False;
            PowerBISensitivityLabelDowngradedForArtifacts = $False;
            PowerBISensitivityLabelRemovedFromArtifacts   = $False;
            Print                                         = $False;
            PriorityUserGroupMember                       = $False;
            RaiseAuditAlert                               = $True;
            SecurityAlertDefenseEvasion                   = $False;
            SecurityAlertUnwantedSoftware                 = $False;
            SpoAccessRequest                              = $False;
            SpoApprovedAccess                             = $False;
            SpoDownload                                   = $False;
            SpoDownloadV2                                 = $False;
            SpoFileAccessed                               = $False;
            SpoFileDeleted                                = $False;
            SpoFileDeletedFromFirstStageRecycleBin        = $False;
            SpoFileDeletedFromSecondStageRecycleBin       = $False;
            SpoFileLabelDowngraded                        = $False;
            SpoFileLabelRemoved                           = $False;
            SpoFileSharing                                = $True;
            SpoFolderDeleted                              = $False;
            SpoFolderDeletedFromFirstStageRecycleBin      = $False;
            SpoFolderDeletedFromSecondStageRecycleBin     = $False;
            SpoFolderSharing                              = $False;
            SpoSiteExternalUserAdded                      = $False;
            SpoSiteInternalUserAdded                      = $False;
            SpoSiteLabelRemoved                           = $False;
            SpoSiteSharing                                = $False;
            SpoSyncDownload                               = $False;
            TeamsChannelFileSharedExternal                = $False;
            TeamsChannelMemberAddedExternal               = $False;
            TeamsChatFileSharedExternal                   = $False;
            TeamsFileDownload                             = $False;
            TeamsFolderSharedExternal                     = $False;
            TeamsMemberAddedExternal                      = $False;
            TeamsSensitiveMessage                         = $False;
            TenantId                                      = $TenantId;
            UserHistory                                   = $False;
        }
    }
}

Example 2

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting"
        {
            Anonymization = $false
            AlertVolume                                   = "Medium";
            AnalyticsNewInsightEnabled                    = $False;
            AnalyticsTurnedOffEnabled                     = $False;
            AnomalyDetections                             = $False;
            ApplicationId                                 = $ApplicationId;
            AWSS3BlockPublicAccessDisabled                = $False;
            AWSS3BucketDeleted                            = $False;
            AWSS3PublicAccessEnabled                      = $False;
            AWSS3ServerLoggingDisabled                    = $False;
            AzureElevateAccessToAllSubscriptions          = $False;
            AzureResourceThreatProtectionSettingsUpdated  = $False;
            AzureSQLServerAuditingSettingsUpdated         = $False;
            AzureSQLServerFirewallRuleDeleted             = $False;
            AzureSQLServerFirewallRuleUpdated             = $False;
            AzureStorageAccountOrContainerDeleted         = $False;
            BoxContentAccess                              = $False;
            BoxContentDelete                              = $False;
            BoxContentDownload                            = $False;
            BoxContentExternallyShared                    = $False;
            CCFinancialRegulatoryRiskyTextSent            = $False;
            CCInappropriateContentSent                    = $False;
            CCInappropriateImagesSent                     = $False;
            CertificateThumbprint                         = $CertificateThumbprint;
            CopyToPersonalCloud                           = $False;
            CopyToUSB                                     = $False;
            CumulativeExfiltrationDetector                = $True;
            DLPUserRiskSync                               = $True;
            DropboxContentAccess                          = $False;
            DropboxContentDelete                          = $False;
            DropboxContentDownload                        = $False;
            DropboxContentExternallyShared                = $False;
            EmailExternal                                 = $False;
            EmployeeAccessedEmployeePatientData           = $False;
            EmployeeAccessedFamilyData                    = $False;
            EmployeeAccessedHighVolumePatientData         = $False;
            EmployeeAccessedNeighbourData                 = $False;
            EmployeeAccessedRestrictedData                = $False;
            EnableTeam                                    = $True;
            Ensure                                        = "Present";
            EpoBrowseToChildAbuseSites                    = $False;
            EpoBrowseToCriminalActivitySites              = $False;
            EpoBrowseToCultSites                          = $False;
            EpoBrowseToGamblingSites                      = $False;
            EpoBrowseToHackingSites                       = $False;
            EpoBrowseToHateIntoleranceSites               = $False;
            EpoBrowseToIllegalSoftwareSites               = $False;
            EpoBrowseToKeyloggerSites                     = $False;
            EpoBrowseToLlmSites                           = $False;
            EpoBrowseToMalwareSites                       = $False;
            EpoBrowseToPhishingSites                      = $False;
            EpoBrowseToPornographySites                   = $False;
            EpoBrowseToUnallowedDomain                    = $False;
            EpoBrowseToViolenceSites                      = $False;
            EpoCopyToClipboardFromSensitiveFile           = $False;
            EpoCopyToNetworkShare                         = $False;
            EpoFileArchived                               = $False;
            EpoFileCopiedToRemoteDesktopSession           = $False;
            EpoFileDeleted                                = $False;
            EpoFileDownloadedFromBlacklistedDomain        = $False;
            EpoFileDownloadedFromEnterpriseDomain         = $False;
            EpoFileRenamed                                = $False;
            EpoFileStagedToCentralLocation                = $False;
            EpoHiddenFileCreated                          = $False;
            EpoRemovableMediaMount                        = $False;
            EpoSensitiveFileRead                          = $False;
            FileVolCutoffLimits                           = "59";
            GoogleDriveContentAccess                      = $False;
            GoogleDriveContentDelete                      = $False;
            GoogleDriveContentExternallyShared            = $False;
            HistoricTimeSpan                              = "89";
            InScopeTimeSpan                               = "30";
            InsiderRiskScenario                           = "TenantSetting";
            Mcas3rdPartyAppDownload                       = $False;
            Mcas3rdPartyAppFileDelete                     = $False;
            Mcas3rdPartyAppFileSharing                    = $False;
            McasActivityFromInfrequentCountry             = $False;
            McasImpossibleTravel                          = $False;
            McasMultipleFailedLogins                      = $False;
            McasMultipleStorageDeletion                   = $False;
            McasMultipleVMCreation                        = $True;
            McasMultipleVMDeletion                        = $False;
            McasSuspiciousAdminActivities                 = $False;
            McasSuspiciousCloudCreation                   = $False;
            McasSuspiciousCloudTrailLoggingChange         = $False;
            McasTerminatedEmployeeActivity                = $False;
            Name                                          = "IRM_Tenant_Setting";
            NotificationDetailsEnabled                    = $True;
            OdbDownload                                   = $False;
            OdbSyncDownload                               = $False;
            OptInIRMDataExport                            = $True;
            PeerCumulativeExfiltrationDetector            = $False;
            PhysicalAccess                                = $False;
            PotentialHighImpactUser                       = $False;
            PowerBIDashboardsDeleted                      = $False;
            PowerBIReportsDeleted                         = $False;
            PowerBIReportsDownloaded                      = $False;
            PowerBIReportsExported                        = $False;
            PowerBIReportsViewed                          = $False;
            PowerBISemanticModelsDeleted                  = $False;
            PowerBISensitivityLabelDowngradedForArtifacts = $False;
            PowerBISensitivityLabelRemovedFromArtifacts   = $False;
            Print                                         = $False;
            PriorityUserGroupMember                       = $False;
            RaiseAuditAlert                               = $True;
            SecurityAlertDefenseEvasion                   = $False;
            SecurityAlertUnwantedSoftware                 = $False;
            SpoAccessRequest                              = $False;
            SpoApprovedAccess                             = $False;
            SpoDownload                                   = $False;
            SpoDownloadV2                                 = $False;
            SpoFileAccessed                               = $False;
            SpoFileDeleted                                = $False;
            SpoFileDeletedFromFirstStageRecycleBin        = $False;
            SpoFileDeletedFromSecondStageRecycleBin       = $False;
            SpoFileLabelDowngraded                        = $False;
            SpoFileLabelRemoved                           = $False;
            SpoFileSharing                                = $True;
            SpoFolderDeleted                              = $False;
            SpoFolderDeletedFromFirstStageRecycleBin      = $False;
            SpoFolderDeletedFromSecondStageRecycleBin     = $False;
            SpoFolderSharing                              = $False;
            SpoSiteExternalUserAdded                      = $False;
            SpoSiteInternalUserAdded                      = $False;
            SpoSiteLabelRemoved                           = $False;
            SpoSiteSharing                                = $False;
            SpoSyncDownload                               = $False;
            TeamsChannelFileSharedExternal                = $False;
            TeamsChannelMemberAddedExternal               = $False;
            TeamsChatFileSharedExternal                   = $True; # Drift
            TeamsFileDownload                             = $False;
            TeamsFolderSharedExternal                     = $False;
            TeamsMemberAddedExternal                      = $False;
            TeamsSensitiveMessage                         = $False;
            TenantId                                      = $TenantId;
            UserHistory                                   = $False;
        }
    }
}

Example 3

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        SCInsiderRiskPolicy "SCInsiderRiskPolicy-IRM_Tenant_Setting"
        {
            ApplicationId                                 = $ApplicationId;
            CertificateThumbprint                         = $CertificateThumbprint;
            Ensure                                        = "Absent";
            InsiderRiskScenario                           = "TenantSetting";
            Name                                          = "IRM_Tenant_Setting";
            TenantId                                      = $TenantId;
        }
    }
}