SCPolicyConfig
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| IsSingleInstance |
Key |
String |
Accepted value is 'Yes'. |
Yes |
| AdvancedClassificationEnabled |
Write |
Boolean |
Default value is false. If set to false, then you cannot specify BandwidthLimitEnabled nor DailyBandwidthLimitInMb |
|
| AuditFileActivity |
Write |
Boolean |
Default value is false. |
|
| BandwidthLimitEnabled |
Write |
Boolean |
Default value is true. |
|
| BusinessJustificationList |
Write |
MSFT_PolicyConfigBusinessJustificationList[] |
TBD |
|
| CloudAppMode |
Write |
String |
Default value is Off. |
|
| CloudAppRestrictionList |
Write |
StringArray[] |
TBD |
|
| CustomBusinessJustificationNotification |
Write |
UInt32 |
Default value is 0. If set to 0, you cannot specify the BusinessJustificationList parameter as part of your configuration. |
|
| DailyBandwidthLimitInMB |
Write |
UInt32 |
Default value is 1000 |
|
| DLPAppGroups |
Write |
MSFT_PolicyConfigDLPAppGroups[] |
TBD |
|
| DLPNetworkShareGroups |
Write |
MSFT_PolicyConfigDLPNetworkShareGroups[] |
TBD |
|
| DLPPrinterGroups |
Write |
MSFT_PolicyConfigDLPPrinterGroups[] |
TBD |
|
| DLPRemovableMediaGroups |
Write |
MSFT_PolicyConfigDLPRemovableMediaGroups[] |
TBD |
|
| IncludePredefinedUnallowedBluetoothApps |
Write |
Boolean |
Default value is true. |
|
| MacDefaultPathExclusionsEnabled |
Write |
Boolean |
Default value is true. |
|
| MacPathExclusion |
Write |
StringArray[] |
TBD |
|
| NetworkPathEnforcementEnabled |
Write |
Boolean |
Default value is false. |
|
| NetworkPathExclusion |
Write |
String |
TBD |
|
| PathExclusion |
Write |
StringArray[] |
TBD |
|
| serverDlpEnabled |
Write |
Boolean |
Default value is false |
|
| FileCopiedToCloudFullUrlEnabled |
Write |
Boolean |
Default value is false |
|
| EvidenceStoreSettings |
Write |
MSFT_PolicyConfigEvidenceStoreSettings |
TBD |
|
| SiteGroups |
Write |
MSFT_PolicyConfigDLPSiteGroups[] |
TBD |
|
| UnallowedApp |
Write |
MSFT_PolicyConfigApp[] |
TBD |
|
| UnallowedCloudSyncApp |
Write |
MSFT_PolicyConfigApp[] |
TBD |
|
| UnallowedBluetoothApp |
Write |
MSFT_PolicyConfigApp[] |
TBD |
|
| UnallowedBrowser |
Write |
MSFT_PolicyConfigApp[] |
TBD |
|
| QuarantineParameters |
Write |
MSFT_PolicyConfigQuarantineParameters |
TBD |
|
| VPNSettings |
Write |
StringArray[] |
TBD |
|
| EnableLabelCoauth |
Write |
Boolean |
The EnableLabelCoauth parameter enables or disables co-authoring support in Office desktop apps for the entire organization. Default value is false. |
|
| EnableSpoAipMigration |
Write |
Boolean |
The EnableSpoAipMigration parameter enables or disables built-in labeling for supported Office files in SharePoint and OneDrive. |
|
| Credential |
Write |
PSCredential |
Credentials of the workload's Admin |
|
| ApplicationId |
Write |
String |
Id of the Azure Active Directory application to authenticate with. |
|
| TenantId |
Write |
String |
Id of the Azure Active Directory tenant used for authentication. |
|
| CertificateThumbprint |
Write |
String |
Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. |
|
| ManagedIdentity |
Write |
Boolean |
Managed ID being used for authentication. |
|
| AccessTokens |
Write |
StringArray[] |
Access token used for authentication. |
|
MSFT_PolicyConfigApp
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| Value |
Write |
String |
Name of the application. |
|
| Executable |
Write |
String |
Name of the executable file. |
|
MSFT_PolicyConfigStorageAccount
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| Name |
Write |
String |
TBD |
|
| BlobUri |
Write |
String |
TBD |
|
MSFT_PolicyConfigSiteGroupAddress
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| MatchType |
Write |
String |
TBD |
|
| Url |
Write |
String |
TBD |
|
| AddressLower |
Write |
String |
TBD |
|
| AddressUpper |
Write |
String |
TBD |
|
MSFT_PolicyConfigDLPSiteGroups
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| Id |
Write |
String |
TBD |
|
| Name |
Write |
String |
TBD |
|
| addresses |
Write |
MSFT_PolicyConfigSiteGroupAddress[] |
TBD |
|
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| deviceId |
Write |
String |
TBD |
|
| removableMediaVID |
Write |
String |
TBD |
|
| name |
Write |
String |
TBD |
|
| alias |
Write |
String |
TBD |
|
| removableMediaPID |
Write |
String |
TBD |
|
| instancePathId |
Write |
String |
TBD |
|
| serialNumberId |
Write |
String |
TBD |
|
| hardwareId |
Write |
String |
TBD |
|
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| groupName |
Write |
String |
TBD |
|
| removableMedia |
Write |
MSFT_PolicyConfigRemovableMedia[] |
TBD |
|
MSFT_PolicyConfigIPRange
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| fromAddress |
Write |
String |
TBD |
|
| toAddress |
Write |
String |
TBD |
|
MSFT_PolicyConfigPrinter
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| universalPrinter |
Write |
Boolean |
TBD |
|
| usbPrinter |
Write |
Boolean |
TBD |
|
| usbPrinterId |
Write |
String |
TBD |
|
| name |
Write |
String |
TBD |
|
| alias |
Write |
String |
TBD |
|
| usbPrinterVID |
Write |
String |
TBD |
|
| ipRange |
Write |
MSFT_PolicyConfigIPRange |
TBD |
|
| corporatePrinter |
Write |
Boolean |
TBD |
|
| printToLocal |
Write |
Boolean |
TBD |
|
| printToFile |
Write |
Boolean |
TBD |
|
MSFT_PolicyConfigDLPNetworkShareGroups
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| groupName |
Write |
String |
TBD |
|
| groupId |
Write |
String |
TBD |
|
| networkPaths |
Write |
StringArray[] |
TBD |
|
MSFT_PolicyConfigDLPApp
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| ExecutableName |
Write |
String |
TBD |
|
| Name |
Write |
String |
TBD |
|
| Quarantine |
Write |
Boolean |
TBD |
|
MSFT_PolicyConfigDLPAppGroups
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| Id |
Write |
String |
TBD |
|
| Name |
Write |
String |
TBD |
|
| Description |
Write |
String |
TBD |
|
| Apps |
Write |
MSFT_PolicyConfigDLPApp[] |
TBD |
|
MSFT_PolicyConfigEvidenceStoreSettings
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| FileEvidenceIsEnabled |
Write |
Boolean |
TBD |
|
| NumberOfDaysToRetain |
Write |
UInt32 |
TBD |
|
| StorageAccounts |
Write |
MSFT_PolicyConfigStorageAccount[] |
TBD |
|
| Store |
Write |
String |
TBD |
|
MSFT_PolicyConfigBusinessJustificationList
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| Id |
Write |
String |
TBD |
|
| justificationText |
Write |
String |
TBD |
|
| Enable |
Write |
Boolean |
TBD |
|
MSFT_PolicyConfigDLPPrinterGroups
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| groupName |
Write |
String |
TBD |
|
| groupId |
Write |
String |
TBD |
|
| printers |
Write |
MSFT_PolicyConfigPrinter[] |
TBD |
|
MSFT_PolicyConfigQuarantineParameters
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| EnableQuarantineForCloudSyncApps |
Write |
Boolean |
TBD |
|
| QuarantinePath |
Write |
String |
TBD |
|
| MacQuarantinePath |
Write |
String |
TBD |
|
| ShouldReplaceFile |
Write |
Boolean |
TBD |
|
| FileReplacementText |
Write |
String |
TBD |
|
Description
Configures the Data Loss Prevention settings in Purview.
Permissions
Examples
Example 1
This example is used to test new resources and showcase the usage of new resources being worked on.
It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
SCPolicyConfig "SCPolicyConfig"
{
AdvancedClassificationEnabled = $True;
ApplicationId = $ApplicationId;
AuditFileActivity = $False;
BandwidthLimitEnabled = $False;
BusinessJustificationList = @(
MSFT_PolicyConfigBusinessJustificationList
{
Id = 'businessJustification1'
Enable = $True
justificationText = 'default:Were'
}
MSFT_PolicyConfigBusinessJustificationList
{
Id = 'businessJustification2'
Enable = $True
justificationText = 'default:Not'
}
MSFT_PolicyConfigBusinessJustificationList
{
Id = 'businessJustification3'
Enable = $True
justificationText = 'default:Going'
}
MSFT_PolicyConfigBusinessJustificationList
{
Id = 'businessJustification4'
Enable = $True
justificationText = 'default:To'
}
MSFT_PolicyConfigBusinessJustificationList
{
Id = 'businessJustification5'
Enable = $True
justificationText = 'default:Take It'
}
);
CertificateThumbprint = $CertificateThumbprint;
CloudAppMode = "Block";
CloudAppRestrictionList = @("contoso.net","contoso.com");
CustomBusinessJustificationNotification = 3;
DailyBandwidthLimitInMB = 0;
DLPAppGroups = @(
MSFT_PolicyConfigDLPAppGroups
{
Name = 'Maracas'
Id = '5c124091-bb75-4d20-9c09-b00d584c6270'
Description = 'Lacucaracha'
Apps = @(
MSFT_PolicyConfigDLPApp
{
ExecutableName = 'toc.exe'
Name = 'toctoctoc'
Quarantine = $False
}
)
}
);
DLPNetworkShareGroups = @(
MSFT_PolicyConfigDLPNetworkShareGroups
{
groupName = 'Network Share Group'
networkPaths = @('\\share2','\\share')
}
);
DLPPrinterGroups = @(
MSFT_PolicyConfigDLPPrinterGroups
{
groupName = 'MyGroup'
groupId = '928f8844-80af-4740-b563-232b33b29f5d'
printers = @(
MSFT_PolicyConfigPrinter
{
universalPrinter = $False
usbPrinter = $True
usbPrinterId = ''
name = 'asdf'
alias = 'aasdf'
usbPrinterVID = ''
ipRange = MSFT_PolicyConfigIPRange
{
fromAddress = ''
toAddress = ''
}
corporatePrinter = $False
printToLocal = $False
printToFile = $False
}
)
}
);
DLPRemovableMediaGroups = @(
MSFT_PolicyConfigDLPRemovableMediaGroups
{
groupName = 'My Removable USB device group'
removablemedia = @(
MSFT_PolicyConfigRemovableMedia
{
deviceId = 'Nik'
removableMediaVID = 'bob'
name = 'MaCles'
alias = 'My Device'
removableMediaPID = 'asdfsd'
instancePathId = 'instance path'
serialNumberId = 'asdf'
hardwareId = 'hardware'
}
)
}
);
EnableLabelCoauth = $False;
EnableSpoAipMigration = $False;
EvidenceStoreSettings = MSFT_PolicyConfigEvidenceStoreSettings
{
FileEvidenceIsEnabled = $True
NumberOfDaysToRetain = 7
StorageAccounts = @(
MSFT_PolicyConfigStorageAccount
{
Name = 'My storage'
BlobUri = 'https://contoso.com'
}
MSFT_PolicyConfigStorageAccount
{
Name = 'My 2nd storage'
BlobUri = 'https://coucou.com'
}
)
Store = 'CustomerManaged'
};
IncludePredefinedUnallowedBluetoothApps = $True;
IsSingleInstance = "Yes";
MacDefaultPathExclusionsEnabled = $True;
MacPathExclusion = @("/pear","/apple","/orange");
NetworkPathEnforcementEnabled = $True;
NetworkPathExclusion = "\\MyFirstPath:\\MySecondPath:\\MythirdPAth";
PathExclusion = @("\\includemenot","\\excludemeWindows","\\excludeme3");
QuarantineParameters = MSFT_PolicyConfigQuarantineParameters
{
EnableQuarantineForCloudSyncApps = $False
QuarantinePath = '%homedrive%%homepath%\Microsoft DLP\Quarantine'
MacQuarantinePath = '/System/Applications/Microsoft DLP/QuarantineMA'
ShouldReplaceFile = $True
FileReplacementText = 'Gargamel'
}
serverDlpEnabled = $True;
SiteGroups = @(
MSFT_PolicyConfigDLPSiteGroups
{
Id = 'cfa0d856-4dc9-4497-b0aa-93584e919a83'
Name = 'Whatever'
Addresses = @(
MSFT_PolicyConfigSiteGroupAddress
{
MatchType = 'UrlMatch'
Url = 'Karakette.com'
AddressLower = ''
AddressUpper = ''
}
)
}
);
TenantId = $TenantId;
UnallowedApp = @(
MSFT_PolicyConfigApp
{
Value = 'Caramel'
Executable = 'cara.exe'
}
MSFT_PolicyConfigApp
{
Value = 'Fudge'
Executable = 'chocolate.exe'
}
);
UnallowedBluetoothApp = @(
MSFT_PolicyConfigApp
{
Value = 'bluetooth'
Executable = 'micase.exe'
}
MSFT_PolicyConfigApp
{
Value = 'marmelade'
Executable = 'julia.exe'
}
);
UnallowedBrowser = @(
MSFT_PolicyConfigApp
{
Value = 'UC Browser'
Executable = 'ucbrowser.exe'
}
MSFT_PolicyConfigApp
{
Value = 'CapitainOS'
Executable = 'captn.exe'
}
);
UnallowedCloudSyncApp = @(
MSFT_PolicyConfigApp
{
Value = 'ikochou'
Executable = 'gillex.msi'
}
MSFT_PolicyConfigApp
{
Value = 'johny'
Executable = 'boo.msi'
}
);
VPNSettings = @("MyVPNAddress","MySecondVPNAddress");
}
}
}