diff --git a/exchange/exchange-ps/exchange/New-DlpCompliancePolicy.md b/exchange/exchange-ps/exchange/New-DlpCompliancePolicy.md index cb3907cc99..2e9adf6795 100644 --- a/exchange/exchange-ps/exchange/New-DlpCompliancePolicy.md +++ b/exchange/exchange-ps/exchange/New-DlpCompliancePolicy.md @@ -29,6 +29,7 @@ New-DlpCompliancePolicy [-Name] [-EndpointDlpExtendedLocations ] [-EndpointDlpLocation ] [-EndpointDlpLocationException ] + [-EnforcementPlanes ] [-ExceptIfOneDriveSharedBy ] [-ExceptIfOneDriveSharedByMemberOf ] [-ExchangeAdaptiveScopes ] @@ -294,6 +295,22 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -EnforcementPlanes +{{ Fill EnforcementPlanes Description }} + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: +Applicable: Security & Compliance + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ExceptIfOneDriveSharedBy The ExceptIfOneDriveSharedBy parameter specifies the users to exclude from the DLP policy (the sites of the OneDrive for Business user accounts are included in the policy). You identify the users by UPN (laura@contoso.onmicrosoft.com). diff --git a/exchange/exchange-ps/exchange/New-DlpComplianceRule.md b/exchange/exchange-ps/exchange/New-DlpComplianceRule.md index eb2035fa23..d0a651c737 100644 --- a/exchange/exchange-ps/exchange/New-DlpComplianceRule.md +++ b/exchange/exchange-ps/exchange/New-DlpComplianceRule.md @@ -305,6 +305,22 @@ New-DLPComplianceRule -Name "Contoso Rule 1" -Policy "Contoso Policy 1" -Advance This example uses the AdvancedRule parameter to read the following complex condition from a file: "Content contains sensitive information: "Credit card number OR Highly confidential" AND (NOT (Sender is a member of "Jane's Team" OR Recipient is "adele@contoso.com")). +### Example 4 +```powershell + +$myEntraAppId = "" + +$myEntraAppName = "" + +$locations = "[{`"Workload`":`"Applications`",`"Location`":`"$myEntraAppId`",`"LocationDisplayName`":`"$myEntraAppName`",`"LocationSource`":`"Entra`",`"LocationType`":`"Individual`",`"Inclusions`":[{`"Type`":`"Tenant`",`"Identity`":`"All`"}]}]" + +New-DlpCompliancePolicy -Name "Test Entra DLP" -Mode Enable -Locations $locations -EnforcementPlanes @("Entra") + +New-DlpComplianceRule -Name "Test Entra Rule" -Policy "Test Entra DLP" -ContentContainsSensitiveInformation @{Name = "credit card number"} -GenerateAlert $true -GenerateIncidentReport @("siteadmin") -NotifyUser @("admin@contonso.onmicrosoft.com") -RestrictAccess @(@{setting="UploadText";value="Block"}) +``` + +This is an example of applying a CCSI-based DLP rule that should be handled by an entra-registered enterprise application in the organization. + ## PARAMETERS ### -Name @@ -3344,11 +3360,11 @@ Accept wildcard characters: False ``` ### -SharedByIRMUserRisk -The SharedByIRMUserRisk paramter specifies the risk category of the user performing the violating action. Valid values are: +The SharedByIRMUserRisk parameter specifies the risk category of the user performing the violating action. Valid values are: -- Elevated Risk Level -- Moderate Risk Level -- Minor Risk Level +- FCB9FA93-6269-4ACF-A756-832E79B36A2A (Elevated Risk Level) +- 797C4446-5C73-484F-8E58-0CCA08D6DF6C (Moderate Risk Level) +- 75A4318B-94A2-4323-BA42-2CA6DB29AAFE (Minor Risk Level) You can specify multiple values separated by commas. diff --git a/exchange/exchange-ps/exchange/Set-DlpCompliancePolicy.md b/exchange/exchange-ps/exchange/Set-DlpCompliancePolicy.md index 24bb0ce5cc..936383181b 100644 --- a/exchange/exchange-ps/exchange/Set-DlpCompliancePolicy.md +++ b/exchange/exchange-ps/exchange/Set-DlpCompliancePolicy.md @@ -43,6 +43,7 @@ Set-DlpCompliancePolicy [-Identity] [-EndpointDlpAdaptiveScopes ] [-EndpointDlpAdaptiveScopesException ] [-EndpointDlpExtendedLocations ] + [-EnforcementPlanes ] [-ExceptIfOneDriveSharedBy ] [-ExceptIfOneDriveSharedByMemberOf ] [-ExchangeAdaptiveScopes ] @@ -570,6 +571,22 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -EnforcementPlanes +{{ Fill EnforcementPlanes Description }} + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: +Applicable: Security & Compliance + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ExceptIfOneDriveSharedBy The ExceptIfOneDriveSharedBy parameter specifies the users to exclude from the DLP policy (the sites of the OneDrive for Business user accounts are included in the policy). You identify the users by UPN (laura@contoso.onmicrosoft.com). diff --git a/exchange/exchange-ps/exchange/Set-DlpComplianceRule.md b/exchange/exchange-ps/exchange/Set-DlpComplianceRule.md index 8adbbc36ac..540e344814 100644 --- a/exchange/exchange-ps/exchange/Set-DlpComplianceRule.md +++ b/exchange/exchange-ps/exchange/Set-DlpComplianceRule.md @@ -187,7 +187,7 @@ This example modifies the access scope and blocking behavior of a DLP compliance ### Example 2 ```powershell -Contents of the file named C:\Data\Sensitive Type.txt: +# Contents of the file named C:\Data\Sensitive Type.txt: { "Version": "1.0", @@ -3237,7 +3237,13 @@ Accept wildcard characters: False ``` ### -SharedByIRMUserRisk -{{ Fill SharedByIRMUserRisk Description }} +The SharedByIRMUserRisk parameter specifies the risk category of the user performing the violating action. Valid values are: + +- FCB9FA93-6269-4ACF-A756-832E79B36A2A (Elevated Risk Level) +- 797C4446-5C73-484F-8E58-0CCA08D6DF6C (Moderate Risk Level) +- 75A4318B-94A2-4323-BA42-2CA6DB29AAFE (Minor Risk Level) + +You can specify multiple values separated by commas. ```yaml Type: MultiValuedProperty