diff --git a/exchange/exchange-ps/exchange/New-FeatureConfiguration.md b/exchange/exchange-ps/exchange/New-FeatureConfiguration.md index 9b7933b253..18d97270a1 100644 --- a/exchange/exchange-ps/exchange/New-FeatureConfiguration.md +++ b/exchange/exchange-ps/exchange/New-FeatureConfiguration.md @@ -9,11 +9,13 @@ schema: 2.0.0 # New-FeatureConfiguration ## SYNOPSIS -**Note**: Currently, this cmdlet is available only in Private Preview. +**Note**: This cmdlet is available in Public Preview. This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). -Use the New-FeatureConfiguration cmdlet to create Discovery policies. +Use the New-FeatureConfiguration cmdlet to create Microsoft Purview feature configurations within your organization, including: +- Collection policies +- Endpoint DLP trust container For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). @@ -37,15 +39,39 @@ To use this cmdlet in Security & Compliance PowerShell, you need to be assigned ### Example 1 ```powershell -New-FeatureConfiguration -Name "Discovery policy for Contoso executives" -FeatureScenario KnowYourData -Mode Enable -ScenarioConfig '{"Activities": ["UploadText", "UploadFile"], "EnforcementPlanes": ["Browser"], "SensitiveTypeIds": ["a44669fe-0d48-453d-a9b1-2cc83f2cba77","50842eb7-edc8-4019-85dd-5a5c1f2bb085"]}' –Locations '[{"Workload": "Applications","Location": "51622","Inclusions": [{"Type": "Group","Identity": "executives@contoso.com"}]},{"Workload": "Applications","Location": "51399","Inclusions": [{"Type": "Group","Identity": "executives@contoso.com"}]},{"Workload": "Applications","Location": "51279","Inclusions": [{"Type": "Group","Identity": "executives@contoso.com"}]}]' +New-FeatureConfiguration -Name "Collection policy for supported Copilots" -FeatureScenario KnowYourData -Mode Enable -ScenarioConfig '{"Activities":["UploadText","DownloadText"],"EnforcementPlanes":["CopilotExperiences","Browser"],"SensitiveTypeIds":["All"],"IsIngestionEnabled":true}' –Locations '[{"Workload":"Applications","Location":"52655","LocationSource":"SaaS","LocationType":"Individual","Inclusions":[{"Type":"Tenant","Identity":"All","DisplayName":"All","Name":"All"}]},{"Workload":"Applications","Location":"49baeafd-1a6b-4c58-be55-75ae6d1dff6a","LocationSource":"PurviewConfig","LocationType":"Group","Inclusions":[{"Type":"Tenant","Identity":"All","DisplayName":"All","Name":"All"}]}]' ``` -This example displays a discovery policy that includes the group "Executives" and targets a specific set of sensitive information types. +This example creates an enabled collection policy named "Collection policy for supported Copilots" that: +- Includes UploadText & DownloadText activity for all supported classifiers +- Captures all AI prompts +- Includes Microsoft Copilot & Copilot Experiences locations, both scoped to all users & groups + +### Example 2 +```powershell +New-FeatureConfiguration -Name "Scoped browser collection policy for Microsoft Copilot" -FeatureScenario KnowYourData -Mode Enable -ScenarioConfig '{"Activities":["UploadText"],"EnforcementPlanes":["Browser"],"SensitiveTypeIds":["All"],"ExcludedSensitiveTypeIds":["50b8b56b-4ef8-44c2-a924-03374f5831ce","8548332d-6d71-41f8-97db-cc3b5fa544e6"],"IsIngestionEnabled":false}' –Locations '[{"Workload":"Applications","Location":"52655","LocationDisplayName":null,"LocationSource":"SaaS","LocationType":"Individual","Inclusions":[{"Type":"Tenant","Identity":"All","DisplayName":"All","Name":"All"}],"Exclusions":[{"Type":"Group","Identity":"db458ddb-4f56-4d88-a4f7-e29545560839","DisplayName":"Contoso Executives","Name":"Executives@contoso.com"}]}]' +``` + +This example creates an enabled collection policy named "Scoped browser collection policy for Microsoft Copilot" that: +- Includes UploadText activity for all supported classifiers except "All Full Names" and "All Physical Addresses" +- Includes Microsoft Copilot location, for all users & groups except the "Contoso Executives Group" + +### Example 3 +```powershell +New-FeatureConfiguration -Name "Scoped collection policies for browser and devices" -FeatureScenario KnowYourData -Mode Disable -ScenarioConfig '{"Activities":["UploadText","filecreated","filedeleted","filemodified"],"EnforcementPlanes":["Devices","Browser"],"SensitiveTypeIds":["a44669fe-0d48-453d-a9b1-2cc83f2cba77","cb353f78-2b72-4c3c-8827-92ebe4f69fdf"],"FileExtensions":["pdf"],"IsIngestionEnabled":false}' –Locations '[{"Workload":"EndpointDevices","Location":"","Inclusions":[{"Type":"Group","Identity":"db458ddb-4f56-4d88-a4f7-e29545560839","DisplayName":"All Company","Name":"allcompany@contoso.com"}],"Exclusions":[{"Type":"IndividualResource","Identity":"a828f25a-cede-4d0e-97e6-b0b0c913732a","DisplayName":"Alex Wilber","Name":"alex@contoso.com"}]},{"Workload":"Applications","Location":"52655","LocationSource":"SaaS","LocationType":"Individual","Inclusions":[{"Type":"IndividualResource","Identity":"84f9af2e-b224-4cb8-b9cd-bc531bb07a48","DisplayName":"Adele Vance","Name":"adele@contoso.com"}]}]' +``` + +This example creates a disabled collection policy named "Scoped collection policies for browser and devices" that: +- Includes UploadText (for browser) and filecreated, filedeleted, and filemodified activities (for devices) +- Includes "U.S. Social Security Number (SSN)" and "ABA Routing Number" classifiers only +- Detects files on devices with "pdf" file extension only +- Includes devices location, scoped to the "All company" group, excluding the user "Alex Wilber" +- Includes Microsoft Copilot location, scoped only to the user "Adele Vance" ## PARAMETERS ### -Name -The Name parameter specifies the unique name for the Discovery policy. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks ("). +The Name parameter specifies the unique name for the feature configuration. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks ("). ```yaml Type: String @@ -61,7 +87,9 @@ Accept wildcard characters: False ``` ### -FeatureScenario -The FeatureScenario parameter specifies the scenario for the Discovery policy. Currently, the only valid value is KnowYourData. +The FeatureScenario parameter specifies the scenario for the feature configuration. Currently, the only valid values are: +- `KnowYourData` for collection policies +- `TrustContainer` for Endpoint DLP trust container ```yaml Type: PolicyScenario @@ -77,10 +105,10 @@ Accept wildcard characters: False ``` ### -Mode -The Mode parameter specifies the action and notification level of the Discovery policy. Valid values are: +The Mode parameter specifies feature configuration mode. Valid values are: -- Enable: The policy is enabled for actions and notifications. This is the default value. -- Disable: The policy is disabled. +- Enable: The feature configuration is enabled. +- Disable: The feature configuration is disabled. ```yaml Type: PolicyMode @@ -96,7 +124,7 @@ Accept wildcard characters: False ``` ### -ScenarioConfig -The ScenarioConfig parameter specifies additional information about the policy configuration. +The ScenarioConfig parameter specifies additional information about the feature configuration. ```yaml Type: String @@ -179,7 +207,7 @@ Accept wildcard characters: False ``` ### -Locations -The locations parameter specifies where the policy applies. +The locations parameter specifies where the feature configuration applies. ```yaml Type: String