diff --git a/exchange/exchange-ps/ExchangePowerShell/Cancel-SensitiveInformationScan.md b/exchange/exchange-ps/ExchangePowerShell/Cancel-SensitiveInformationScan.md new file mode 100644 index 0000000000..b3395d8eb9 --- /dev/null +++ b/exchange/exchange-ps/ExchangePowerShell/Cancel-SensitiveInformationScan.md @@ -0,0 +1,116 @@ +--- +applicable: Security & Compliance +author: chrisda +external help file: Microsoft.Exchange.TransportMailflow-Help.xml +Locale: en-US +Module Name: ExchangePowerShell +ms.author: chrisda +online version: https://learn.microsoft.com/powershell/module/exchangepowershell/cancel-sensitiveinformationscan +schema: 2.0.0 +title: Cancel-SensitiveInformationScan +--- + +# Cancel-SensitiveInformationScan + +## SYNOPSIS +This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). + +Use the Cancel-SensitiveInformationScan cmdlet to cancel sensitive information scans. + +For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). + +## SYNTAX + +### Identity (Default) +``` +Cancel-SensitiveInformationScan [-Identity] + [-Confirm] + [-WhatIf] + [] +``` + +## DESCRIPTION +To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). + +## EXAMPLES + +### Example 1 +```powershell +Cancel-SensitiveInformationScan -Identity "HR Department" +``` + +This example cancels the specified sensitive information scan. + +## PARAMETERS + +### -Identity + +> Applicable: Security & Compliance + +The Identity parameter specifies the sensitive information scan that you want to cancel. You can use any value that uniquely identifies the scan. For example: + +- Name +- Distinguished name (DN) +- GUID + +```yaml +Type: PolicyIdParameter +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm + +> Applicable: Security & Compliance + +The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. + +- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. +- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +> Applicable: Security & Compliance + +The WhatIf switch doesn't work in Security & Compliance PowerShell. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS diff --git a/exchange/exchange-ps/ExchangePowerShell/ExchangePowerShell.md b/exchange/exchange-ps/ExchangePowerShell/ExchangePowerShell.md index 144bee1b49..7f1340e98f 100644 --- a/exchange/exchange-ps/ExchangePowerShell/ExchangePowerShell.md +++ b/exchange/exchange-ps/ExchangePowerShell/ExchangePowerShell.md @@ -1738,6 +1738,8 @@ Exchange PowerShell is built on PowerShell technology to a powerful command-line ### [Update-ExchangeHelp](Update-ExchangeHelp.md) ## policy-and-compliance Cmdlets +### [Cancel-SensitiveInformationScan](Cancel-SensitiveInformationScan.md) + ### [Check-PurviewConfig](Check-PurviewConfig.md) ### [Disable-JournalArchiving](Disable-JournalArchiving.md) @@ -1796,6 +1798,10 @@ Exchange PowerShell is built on PowerShell technology to a powerful command-line ### [Get-ReviewItems](Get-ReviewItems.md) +### [Get-SensitiveInformationScan](Get-SensitiveInformationScan.md) + +### [Get-SensitiveInformationScanRule](Get-SensitiveInformationScanRule.md) + ### [Get-SupervisoryReviewPolicyV2](Get-SupervisoryReviewPolicyV2.md) ### [Get-SupervisoryReviewRule](Get-SupervisoryReviewRule.md) @@ -1834,6 +1840,10 @@ Exchange PowerShell is built on PowerShell technology to a powerful command-line ### [New-ProtectionAlert](New-ProtectionAlert.md) +### [New-SensitiveInformationScan](New-SensitiveInformationScan.md) + +### [New-SensitiveInformationScanRule](New-SensitiveInformationScanRule.md) + ### [New-SupervisoryReviewPolicyV2](New-SupervisoryReviewPolicyV2.md) ### [New-SupervisoryReviewRule](New-SupervisoryReviewRule.md) @@ -1860,6 +1870,10 @@ Exchange PowerShell is built on PowerShell technology to a powerful command-line ### [Remove-ProtectionAlert](Remove-ProtectionAlert.md) +### [Remove-SensitiveInformationScan](Remove-SensitiveInformationScan.md) + +### [Remove-SensitiveInformationScanRule](Remove-SensitiveInformationScanRule.md) + ### [Remove-SupervisoryReviewPolicyV2](Remove-SupervisoryReviewPolicyV2.md) ### [Remove-TransportRule](Remove-TransportRule.md) @@ -1884,6 +1898,10 @@ Exchange PowerShell is built on PowerShell technology to a powerful command-line ### [Set-ProtectionAlert](Set-ProtectionAlert.md) +### [Set-SensitiveInformationScan](Set-SensitiveInformationScan.md) + +### [Set-SensitiveInformationScanRule](Set-SensitiveInformationScanRule.md) + ### [Set-SupervisoryReviewPolicyV2](Set-SupervisoryReviewPolicyV2.md) ### [Set-SupervisoryReviewRule](Set-SupervisoryReviewRule.md) diff --git a/exchange/exchange-ps/ExchangePowerShell/Get-SensitiveInformationScan.md b/exchange/exchange-ps/ExchangePowerShell/Get-SensitiveInformationScan.md new file mode 100644 index 0000000000..cc7a11a21e --- /dev/null +++ b/exchange/exchange-ps/ExchangePowerShell/Get-SensitiveInformationScan.md @@ -0,0 +1,144 @@ +--- +applicable: Security & Compliance +author: chrisda +external help file: Microsoft.Exchange.TransportMailflow-Help.xml +Locale: en-US +Module Name: ExchangePowerShell +ms.author: chrisda +online version: https://learn.microsoft.com/powershell/module/exchangepowershell/get-sensitiveinformationscan +schema: 2.0.0 +title: Get-SensitiveInformationScan +--- + +# Get-SensitiveInformationScan + +## SYNOPSIS +This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). + +Use the Get-SensitiveInformationScan cmdlet to view the properties of sensitive information scans. + +For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). + +## SYNTAX + +``` +Get-SensitiveInformationScan [[-Identity] ] + [-IncludeImpactAssessment ] + [-IncludeProgressForAllActiveScans ] + [-IncludeScanProgress ] + [] +``` + +## DESCRIPTION +To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). + +## EXAMPLES + +### Example 1 +```powershell +Get-SensitiveInformationScan | Format-Table Name,ParentPolicyName +``` + +This example returns a summary list of all sensitive information scans in the organization. + +### Example 2 +```powershell +Get-SensitiveInformationScan -Identity "HR Department Scan" +``` + +This example returns detailed information for the specified scan. + +## PARAMETERS + +### -Identity + +> Applicable: Security & Compliance + +The Identity parameter specifies the sensitive information scan that you want to view. You can use any value that uniquely identifies the scan. For example: + +- Name +- Distinguished name (DN) +- GUID + +```yaml +Type: PolicyIdParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -IncludeImpactAssessment + +> Applicable: Security & Compliance + +The IncludeImpactAssessment parameter specifies whether to refresh the latest scan status during the estimation stage. Valid values are: + +- $true: Get the latest estimation status. +- $false: Return the last updated scan status. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeProgressForAllActiveScans + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeScanProgress + +> Applicable: Security & Compliance + +The IncludeScanProgress parameter specifies whether to refresh the latest scan status during the classification phase. Valid values are: + +- $true: Get the latest classification status. +- $false: Return the last updated scan status. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS diff --git a/exchange/exchange-ps/ExchangePowerShell/Get-SensitiveInformationScanRule.md b/exchange/exchange-ps/ExchangePowerShell/Get-SensitiveInformationScanRule.md new file mode 100644 index 0000000000..896b505574 --- /dev/null +++ b/exchange/exchange-ps/ExchangePowerShell/Get-SensitiveInformationScanRule.md @@ -0,0 +1,97 @@ +--- +applicable: Security & Compliance +author: chrisda +external help file: Microsoft.Exchange.TransportMailflow-Help.xml +Locale: en-US +Module Name: ExchangePowerShell +ms.author: chrisda +online version: https://learn.microsoft.com/powershell/module/exchangepowershell/get-sensitiveinformationscanrule +schema: 2.0.0 +title: Get-SensitiveInformationScanRule +--- + +# Get-SensitiveInformationScanRule + +## SYNOPSIS +This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). + +Use the Get-SensitiveInformationScanRule cmdlet to view sensitive information scan rules. + +For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). + +## SYNTAX + +``` +Get-SensitiveInformationScanRule [[-Identity] ] [-Policy ] [] +``` + +## DESCRIPTION +To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). + +## EXAMPLES + +### Example 1 +```powershell +Get-SensitiveInformationScanRule -Identity "HR Department Scan Rule" +``` + +This example returns details of the specified scan rule. For example, classifiers selected and file extensions in scope. + +## PARAMETERS + +### -Identity + +> Applicable: Security & Compliance + +The Identity parameter specifies the sensitive information scan rule that you want to view. You can use any value that uniquely identifies the rule. For example: + +- Name +- Distinguished name (DN) +- GUID + +```yaml +Type: ComplianceRuleIdParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Policy + +> Applicable: Security & Compliance + +The Policy parameter specifies the On-demand classification scan for which this rule is created. + +You can use any value that uniquely identifies the On-demand classification scan. For example: + +- Name +- Distinguished name (DN) +- GUID + +```yaml +Type: PolicyIdParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS diff --git a/exchange/exchange-ps/ExchangePowerShell/New-SensitiveInformationScan.md b/exchange/exchange-ps/ExchangePowerShell/New-SensitiveInformationScan.md new file mode 100644 index 0000000000..b11a9f615c --- /dev/null +++ b/exchange/exchange-ps/ExchangePowerShell/New-SensitiveInformationScan.md @@ -0,0 +1,524 @@ +--- +applicable: Security & Compliance +author: chrisda +external help file: Microsoft.Exchange.TransportMailflow-Help.xml +Locale: en-US +Module Name: ExchangePowerShell +ms.author: chrisda +online version: https://learn.microsoft.com/powershell/module/exchangepowershell/new-sensitiveinformationscan +schema: 2.0.0 +title: New-SensitiveInformationScan +--- + +# New-SensitiveInformationScan + +## SYNOPSIS +This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). + +Use the New-SensitiveInformationScan cmdlet to create new on-demand classification scans. Learn more about on-demand classifications at [On-demand classification](https://learn.microsoft.com/purview/on-demand-classification). + +For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). + +## SYNTAX + +``` +New-SensitiveInformationScan [-Name] + [-Comment ] + [-Confirm] + [-EndpointDlpLocation ] + [-EndpointDlpLocationException ] + [-ExceptIfOneDriveSharedBy ] + [-ExceptIfOneDriveSharedByMemberOf ] + [-ExchangeLocation ] + [-ExchangeSender ] + [-ExchangeSenderException ] + [-ExchangeSenderMemberOf ] + [-ExchangeSenderMemberOfException ] + [-OneDriveLocation ] + [-OneDriveLocationException ] + [-OneDriveSharedBy ] + [-OneDriveSharedByMemberOf ] + [-PolicyRBACScopes ] + [-SharePointLocation ] + [-SharePointLocationException ] + [-TeamsLocation ] + [-TeamsLocationException ] + [-WhatIf] + [] +``` + +## DESCRIPTION +To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). + +## EXAMPLES + +### Example 1 +```powershell +New-SensitiveInformationScan "SharePoint scan" -SharePointLocation All + +New-SensitiveInformationScanRule "SharePoint scan rule" -ContentExtensionMatchesWords "pdf", "docx" -Policy "SharePoint scan" -Workload SharePoint +``` + +This example creates a scan for all SharePoint sites scoped to pdf and docx files only. + +## PARAMETERS + +### -Name + +> Applicable: Security & Compliance + +The Name parameter specifies the unique name of the scan. If the value contains spaces, enclose the value in quotation marks. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Comment + +> Applicable: Security & Compliance + +The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note". + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +> Applicable: Security & Compliance + +The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. + +- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. +- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EndpointDlpLocation + +> Applicable: Security & Compliance + +**Note**: This parameter requires membership in the Compliance Administrator or Compliance Data Administrator roles in Microsoft Entra ID. + +The EndpointDLPLocation parameter specifies the user accounts to include in scan for devices. You identify the account by name or email address. You can use the value All to include all user accounts. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +For more information about onboarding devices to Purview, see [Learn about device onboarding](https://learn.microsoft.com/purview/endpoint-dlp-getting-started)). + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EndpointDlpLocationException + +> Applicable: Security & Compliance + +**Note**: This parameter requires membership in the Compliance Administrator or Compliance Data Administrator roles in Microsoft Entra ID. + +The EndpointDlpLocationException parameter specifies the user accounts to exclude in an on-demand classification scan for devices. You identify the account by name or email address. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +For more information about onboarding devices to Purview, see [Learn about device onboarding](https://learn.microsoft.com/purview/endpoint-dlp-getting-started)). + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExceptIfOneDriveSharedBy + +> Applicable: Security & Compliance + +The ExceptIfOneDriveSharedBy parameter specifies the users to exclude from the scan (the sites of the OneDrive user accounts are included in the scan). You identify the users by UPN (`laura@contoso.onmicrosoft.com`). + +To use this parameter, OneDrive sites need to be included in the scan (the OneDriveLocation parameter value is All, which is the default value). + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +You can't use this parameter with the OneDriveSharedBy or OneDriveSharedByMemberOf parameters. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExceptIfOneDriveSharedByMemberOf + +> Applicable: Security & Compliance + +The ExceptIfOneDriveSharedByMemberOf parameter specifies the distribution groups or mail-enabled security groups to exclude from the scan (the OneDrive sites of group members are excluded from the scan). You identify the groups by email address. + +To use this parameter, OneDrive sites need to be included in the scan (the OneDriveLocation parameter value is All, which is the default value). + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +You can't use this parameter with the OneDriveSharedBy or OneDriveSharedByMemberOf parameters. + +You can't use this parameter to specify Microsoft 365 Groups. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExchangeLocation + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExchangeSender + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: SmtpAddress[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExchangeSenderException + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: SmtpAddress[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExchangeSenderMemberOf + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExchangeSenderMemberOfException + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OneDriveLocation + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OneDriveLocationException + +> Applicable: Security & Compliance + +This parameter specifies the OneDrive sites to exclude when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value. + +You can enter multiple values separated by commas. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"Value1","Value2",..."ValueN"`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OneDriveSharedBy + +> Applicable: Security & Compliance + +The OneDriveSharedBy parameter specifies the users to include in the scan (the sites of the OneDrive user accounts are included in the scan). You identify the users by UPN (`laura@contoso.onmicrosoft.com`). + +To use this parameter, OneDrive sites need to be included in the scan (the OneDriveLocation parameter value is All, which is the default value). + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +You can't use this parameter with the ExceptIfOneDriveSharedBy or ExceptIfOneDriveSharedByMemberOf parameters. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OneDriveSharedByMemberOf + +> Applicable: Security & Compliance + +The OneDriveSharedByMemberOf parameter specifies the distribution groups or mail-enabled security groups to include in the scan (the OneDrive sites of group members are included in the scan). You identify the groups by email address. + +To use this parameter, OneDrive sites need to be included in the scan (the OneDriveLocation parameter value is All, which is the default value). + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +You can't use this parameter with the ExceptIfOneDriveSharedBy or ExceptIfOneDriveSharedByMemberOf parameters. + +You can't use this parameter to specify Microsoft 365 Groups. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PolicyRBACScopes + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SharePointLocation + +> Applicable: Security & Compliance + +The SharePointLocation parameter specifies the SharePoint sites to include in the scan. You identify the site by its URL value, or you can use the value All to include all sites. + +You can't add SharePoint sites to the policy until they have been indexed. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SharePointLocationException + +> Applicable: Security & Compliance + +The SharePointLocationException parameter specifies the SharePoint sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value. + +You can't add SharePoint sites to the scan until they have been indexed. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TeamsLocation + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TeamsLocationException + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +> Applicable: Security & Compliance + +The WhatIf switch doesn't work in Security & Compliance PowerShell. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS diff --git a/exchange/exchange-ps/ExchangePowerShell/New-SensitiveInformationScanRule.md b/exchange/exchange-ps/ExchangePowerShell/New-SensitiveInformationScanRule.md new file mode 100644 index 0000000000..7f71765ea0 --- /dev/null +++ b/exchange/exchange-ps/ExchangePowerShell/New-SensitiveInformationScanRule.md @@ -0,0 +1,344 @@ +--- +applicable: Security & Compliance +author: chrisda +external help file: Microsoft.Exchange.TransportMailflow-Help.xml +Locale: en-US +Module Name: ExchangePowerShell +ms.author: chrisda +online version: https://learn.microsoft.com/powershell/module/exchangepowershell/new-sensitiveinformationscanrule +schema: 2.0.0 +title: New-SensitiveInformationScanRule +--- + +# New-SensitiveInformationScanRule + +## SYNOPSIS +This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). + +Use the New-SensitiveInformationScan cmdlet to create sensitive information scan rules. + +For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). + +## SYNTAX + +``` +New-SensitiveInformationScanRule [-Name] -Policy -Workload + [-Comment ] + [-Confirm] + [-ContentCreatedOrUpdatedDateFrom ] + [-ContentCreatedOrUpdatedDateTo ] + [-ContentExtensionMatchesWords ] + [-ContentPropertyContainsWords ] + [-ExceptIfContentExtensionMatchesWords ] + [-ExceptIfContentPropertyContainsWords ] + [-StartImpactAssessment ] + [-WhatIf] + [] +``` + +## DESCRIPTION +To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). + +## EXAMPLES + +### Example 1 +```powershell +New-SensitiveInformationScan "SharePoint scan" -SharePointLocation All + +New-SensitiveInformationScanRule "SharePoint scan rule" -ContentExtensionMatchesWords "pdf", "docx" -Policy "SharePoint scan" -Workload SharePoint +``` + +This example creates a scan for all SharePoint sites scoped to pdf and docx files only. Use the New-SensitiveInformationScanRule only in combination with New-SensitiveInformationScan. + +## PARAMETERS + +### -Name + +> Applicable: Security & Compliance + +The Name parameter specifes the unique rule name for the scan. If the value contains spaces, enclose the value in quotation marks. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Policy + +> Applicable: Security & Compliance + +The Policy parameter specifies the name of the parent scan policy for this rule. If the value contains spaces, enclose the value in quotation marks. + +```yaml +Type: PolicyIdParameter +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Workload + +> Applicable: Security & Compliance + +The Workload parameter specifies the workload. Valid values are: + +- Applications +- AuditAlerting +- AWS +- Azure +- AzureBatch +- Copilot +- DynamicScope +- EndpointDevices +- Exchange +- ExchangeOnPremises +- Intune +- ModernGroup +- OneDriveForBusiness +- OnPremisesScanner +- PowerBI +- PublicFolder +- SharePoint +- SharePointOnPremises +- Skype +- Substrate +- Teams +- ThirdPartyApps +- UnifiedAuditAzure + +This value appears in the LogicalWorkload property in the output of the Get-SensitiveInformationScanRule cmdlet. + +```yaml +Type: PolicyConfiguration.Workload +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Comment + +> Applicable: Security & Compliance + +The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note". + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +> Applicable: Security & Compliance + +The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. + +- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. +- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ContentCreatedOrUpdatedDateFrom + +> Applicable: Security & Compliance + +The ContentCreatedOrUpdatedDateFrom parameter specifies the earliest modification date-time of files that are considered in scope of this scan. + +To specify a date/time value for this parameter, use either of the following options: + +- Specify the date/time value in UTC: For example, "2021-05-06 14:30:00z". +- Specify the date/time value as a formula that converts the date/time in your local time zone to UTC: For example, `(Get-Date "5/6/2021 9:30 AM").ToUniversalTime()`. For more information, see [Get-Date](https://learn.microsoft.com/powershell/module/Microsoft.PowerShell.Utility/Get-Date). + +```yaml +Type: System.DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ContentCreatedOrUpdatedDateTo + +> Applicable: Security & Compliance + +The ContentCreatedOrUpdatedDateTo parameter specifies the latest modification date-time of files that are considered in scope of this scan. + +To specify a date/time value for this parameter, use either of the following options: + +- Specify the date/time value in UTC: For example, "2021-05-06 14:30:00z". +- Specify the date/time value as a formula that converts the date/time in your local time zone to UTC: For example, `(Get-Date "5/6/2021 9:30 AM").ToUniversalTime()`. For more information, see [Get-Date](https://learn.microsoft.com/powershell/module/Microsoft.PowerShell.Utility/Get-Date). + +```yaml +Type: System.DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ContentExtensionMatchesWords + +> Applicable: Security & Compliance + +The ContentExtensionMatchesWords parameter specifies a condition for the rule that looks for words in file extensions. You can specify multiple words separated by commas. Irrespective of the original file type, this predicate matches based on the extension that is present in the name of the file. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ContentPropertyContainsWords + +> Applicable: Security & Compliance + +The ContentPropertyContainsWords parameter specifies a condition for the rule that's based on a property match in content. The rule is applied to content that contains the specified property. + +This parameter accepts values in the format: `"Property1:Value1,Value2","Property2:Value3,Value4",..."PropertyN:ValueN,ValueN"`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExceptIfContentExtensionMatchesWords + +> Applicable: Security & Compliance + +The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the rule that looks for words in file extensions. You can specify multiple words separated by commas. Irrespective of what the original file type is, this predicate matches based on the extension that is present in the name of the file. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExceptIfContentPropertyContainsWords + +> Applicable: Security & Compliance + +The ExceptIfContentPropertyContainsWords parameter specifies an exception for the rule that's based on a property match in content. The rule is not applied to content that contains the specified property. + +This parameter accepts values in the format: `"Property1:Value1,Value2","Property2:Value3,Value4",..."PropertyN:ValueN,ValueN"`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StartImpactAssessment + +> Applicable: Security & Compliance + +The StartImpactAssessment parameter specifies whether to start a scan estimation. Valid values are: + +- $true: Start an scan estimation by default. +- $false: Prevent starting scan estimation by default. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +> Applicable: Security & Compliance + +The WhatIf switch doesn't work in Security & Compliance PowerShell. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS diff --git a/exchange/exchange-ps/ExchangePowerShell/Remove-SensitiveInformationScan.md b/exchange/exchange-ps/ExchangePowerShell/Remove-SensitiveInformationScan.md new file mode 100644 index 0000000000..401f2af171 --- /dev/null +++ b/exchange/exchange-ps/ExchangePowerShell/Remove-SensitiveInformationScan.md @@ -0,0 +1,115 @@ +--- +applicable: Security & Compliance +author: chrisda +external help file: Microsoft.Exchange.TransportMailflow-Help.xml +Locale: en-US +Module Name: ExchangePowerShell +ms.author: chrisda +online version: https://learn.microsoft.com/powershell/module/exchangepowershell/remove-sensitiveinformationscan +schema: 2.0.0 +title: Remove-SensitiveInformationScan +--- + +# Remove-SensitiveInformationScan + +## SYNOPSIS +This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). + +Use the Remove-SensitiveInformationScan cmdlet to delete on-demand classification scans. You can't delete a scan if estimation or classification is in progress. + +For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). + +## SYNTAX + +``` +Remove-SensitiveInformationScan [-Identity] + [-Confirm] + [-WhatIf] + [] +``` + +## DESCRIPTION +To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). + +## EXAMPLES + +### Example 1 +```powershell +Remove-SensitiveInformationScan -Identity "HR Department" +``` + +This example removes the specified sensitive information scan. + +## PARAMETERS + +### -Identity + +> Applicable: Security & Compliance + +The Identity parameter specifies the sensitive information scan that you want to remove. You can use any value that uniquely identifies the scan. For example: + +- Name +- Distinguished name (DN) +- GUID + +```yaml +Type: PolicyIdParameter +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm + +> Applicable: Security & Compliance + +The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. + +- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. +- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +> Applicable: Security & Compliance + +The WhatIf switch doesn't work in Security & Compliance PowerShell. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS diff --git a/exchange/exchange-ps/ExchangePowerShell/Remove-SensitiveInformationScanRule.md b/exchange/exchange-ps/ExchangePowerShell/Remove-SensitiveInformationScanRule.md new file mode 100644 index 0000000000..1e45d38466 --- /dev/null +++ b/exchange/exchange-ps/ExchangePowerShell/Remove-SensitiveInformationScanRule.md @@ -0,0 +1,114 @@ +--- +applicable: Security & Compliance +author: chrisda +external help file: Microsoft.Exchange.TransportMailflow-Help.xml +Locale: en-US +Module Name: ExchangePowerShell +ms.author: chrisda +online version: https://learn.microsoft.com/powershell/module/exchangepowershell/remove-sensitiveinformationscanrule +schema: 2.0.0 +title: Remove-SensitiveInformationScanRule +--- + +# Remove-SensitiveInformationScanRule + +## SYNOPSIS +This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). + +Use the Remove-SensitiveInformationScanRule cmdlet to delete on-demand classification scan rules. You can't delete a rule when a parent scan is in the ClassificationInProgress or ClassificationComplete state. + +For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). + +## SYNTAX + +``` +Remove-SensitiveInformationScanRule [-Identity] + [-Confirm] + [-WhatIf] + [] +``` + +## DESCRIPTION +To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). + +## EXAMPLES + +### Example 1 +```powershell +Remove-SensitiveInformationScanRule -Identity "HR Department Rule" +``` + +This example removes the specified sensitive information scan rule. + +## PARAMETERS + +### -Identity + +> Applicable: Security & Compliance + +The Identity parameter specifies the sensitive information scan rule that you want to remove. You can use any value that uniquely identifies the rule. For example: + +- Name +- Distinguished name (DN) +- GUID + +```yaml +Type: ComplianceRuleIdParameter +Parameter Sets: (All) + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Confirm + +> Applicable: Security & Compliance + +The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. + +- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. +- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +> Applicable: Security & Compliance + +The WhatIf switch doesn't work in Security & Compliance PowerShell. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-SensitiveInformationScan.md b/exchange/exchange-ps/ExchangePowerShell/Set-SensitiveInformationScan.md new file mode 100644 index 0000000000..06efa15a0d --- /dev/null +++ b/exchange/exchange-ps/ExchangePowerShell/Set-SensitiveInformationScan.md @@ -0,0 +1,820 @@ +--- +applicable: Security & Compliance +author: chrisda +external help file: Microsoft.Exchange.TransportMailflow-Help.xml +Locale: en-US +Module Name: ExchangePowerShell +ms.author: chrisda +online version: https://learn.microsoft.com/powershell/module/exchangepowershell/set-sensitiveinformationscan +schema: 2.0.0 +title: Set-SensitiveInformationScan +--- + +# Set-SensitiveInformationScan + +## SYNOPSIS +This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). + +Use the Set-SensitiveInformationScan cmdlet to modify on-demand classification scans. + +For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). + +## SYNTAX + +``` +Set-SensitiveInformationScan [-Identity] + [-AddEndpointDlpLocation ] + [-AddEndpointDlpLocationException ] + [-AddExchangeLocation ] + [-AddOneDriveLocation ] + [-AddOneDriveLocationException ] + [-AddSharePointLocation ] + [-AddSharePointLocationException ] + [-AddTeamsLocation ] + [-AddTeamsLocationException ] + [-CancelScan ] + [-Comment ] + [-Confirm] + [-ExceptIfOneDriveSharedBy ] + [-ExceptIfOneDriveSharedByMemberOf ] + [-ExchangeSender ] + [-ExchangeSenderException ] + [-ExchangeSenderMemberOf ] + [-ExchangeSenderMemberOfException ] + [-Mode ] + [-OneDriveSharedBy ] + [-OneDriveSharedByMemberOf ] + [-PolicyRBACScopes ] + [-RemoveEndpointDlpLocation ] + [-RemoveEndpointDlpLocationException ] + [-RemoveExchangeLocation ] + [-RemoveOneDriveLocation ] + [-RemoveOneDriveLocationException ] + [-RemoveSharePointLocation ] + [-RemoveSharePointLocationException ] + [-RemoveTeamsLocation ] + [-RemoveTeamsLocationException ] + [-StartImpactAssessment ] + [-StopImpactAssessmentAndStartClassification ] + [-WhatIf] + [] +``` + +## DESCRIPTION +To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). + +## EXAMPLES + +### Example 1 +```powershell +Set-SensitiveInformationScan "SharePoint scan" -AddOneDriveLocation All -Workload OneDriveForBusiness +``` + +This example updates the on-demand classification scan to also include all OneDrive accounts. + +## PARAMETERS + +### -Identity + +> Applicable: Security & Compliance + +The Identity parameter specifies the sensitive information scan that you want to modify. You can use any value that uniquely identifies the scan. For example: + +- Name +- Distinguished name (DN) +- GUID + +```yaml +Type: PolicyIdParameter +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -AddEndpointDlpLocation + +> Applicable: Security & Compliance + +**Note**: This parameter requires membership in the Compliance Administrator or Compliance Data Administrator roles in Microsoft Entra ID. + +The AddEndpointDLPLocation parameter specifies the user accounts to add to the list of included accounts for Endpoint DLP if you used the value All for the EndpointDLPLocation parameter. You identify the account by name or email address. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +A scan can't have Endpoint devices and SharePoint/OneDrive locations together in the same command. + +For more information about Endpoint DLP, see [Learn about Endpoint data loss prevention](https://learn.microsoft.com/purview/endpoint-dlp-learn-about). + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AddEndpointDlpLocationException + +> Applicable: Security & Compliance + +**Note**: This parameter requires membership in the Compliance Administrator or Compliance Data Administrator roles in Microsoft Entra ID. + +The AddEndpointDlpLocationException parameter specifies the user accounts to add to the list of excluded accounts for Endpoint DLP if you used the value All for the EndpointDLPLocation parameter. You identify the account by name or email address. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +A scan can't have Endpoint devices and SharePoint/OneDrive locations together in the same command. + +For more information about Endpoint DLP, see [Learn about Endpoint data loss prevention](https://learn.microsoft.com/purview/endpoint-dlp-learn-about). + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AddExchangeLocation + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AddOneDriveLocation + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AddOneDriveLocationException + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AddSharePointLocation + +> Applicable: Security & Compliance + +The AddSharePointLocation parameter specifies the SharePoint sites to add to the list of included sites if you used the value All for the SharePointLocation parameter. You identify the site by its URL value. + +You can't add SharePoint sites to the scan until they have been indexed. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AddSharePointLocationException + +> Applicable: Security & Compliance + +The AddSharePointLocationException parameter specifies the SharePoint sites to add to the list of excluded sites if you used the value All for the SharePointLocation parameter. You identify the site by its URL value. + +You can't add SharePoint sites to the scan until they have been indexed. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AddTeamsLocation + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AddTeamsLocationException + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CancelScan + +> Applicable: Security & Compliance + +The CancelScan parameter specifies whether to cancel an active scan in the classification stage. Valid values are: + +- $true: Cancel the active scan. +- $false: Don't cancel the active scan. This value is the default. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Comment + +> Applicable: Security & Compliance + +The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note". + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +> Applicable: Security & Compliance + +The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. + +- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. +- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExceptIfOneDriveSharedBy + +> Applicable: Security & Compliance + +The ExceptIfOneDriveSharedBy parameter specifies the users to exclude from the scan (the sites of the OneDrive user accounts are included in the scan). You identify the users by UPN (`laura@contoso.onmicrosoft.com`). + +To use this parameter, one of the following statements must be true: + +- The scan already includes OneDrive sites (in the output of Get-DlpCOmpliancePolicy, the OneDriveLocation property value is All, which is the default value). +- Use `-AddOneDriveLocation All` in the same command with this parameter. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +You can't use this parameter with the OneDriveSharedBy or OneDriveSharedByMemberOf parameters. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExceptIfOneDriveSharedByMemberOf + +> Applicable: Security & Compliance + +The ExceptIfOneDriveSharedByMemberOf parameter specifies the distribution groups or mail-enabled security groups to exclude from the scan (the OneDrive sites of group members are excluded from the scan). You identify the groups by email address. + +To use this parameter, one of the following statements must be true: + +- The scan already includes OneDrive sites (in the output of Get-DlpCOmpliancePolicy, the OneDriveLocation property value is All, which is the default value). +- Use `-AddOneDriveLocation All` in the same command with this parameter. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +You can't use this parameter with the OneDriveSharedBy or OneDriveSharedByMemberOf parameters. + +You can't use this parameter to specify Microsoft 365 Groups. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExchangeSender + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: SmtpAddress[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExchangeSenderException + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: SmtpAddress[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExchangeSenderMemberOf + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExchangeSenderMemberOfException + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Mode + +> Applicable: Security & Compliance + +The Mode parameter specifies the scan mode. Valid values are: + +- Enable: Use this value to start the scan. +- Disable +- TestWithNotifications +- TestWithoutNotifications +- PendingDeletion + +```yaml +Type: PolicyMode +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OneDriveSharedBy + +> Applicable: Security & Compliance + +The OneDriveSharedBy parameter specifies the users to include in the DLP scan (the sites of the OneDrive user accounts are included in the scan). You identify the users by UPN (`laura@contoso.onmicrosoft.com`). + +To use this parameter, one of the following statements must be true: + +- The scan already includes OneDrive sites (in the output of Get-SensitiveInformationScan, the OneDriveLocation property value is All, which is the default value). +- Use `-AddOneDriveLocation All` in the same command with this parameter. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +You can't use this parameter with the ExceptIfOneDriveSharedBy or ExceptIfOneDriveSharedByMemberOf parameters. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OneDriveSharedByMemberOf + +> Applicable: Security & Compliance + +The OneDriveSharedByMemberOf parameter specifies the distribution groups or mail-enabled security groups to include in the DLP scan (the OneDrive sites of group members are included in the scan). You identify the groups by email address. + +To use this parameter, one of the following statements must be true: + +- The scan already includes OneDrive sites (in the output of Get-SensitiveInformationScan, the OneDriveLocation property value is All, which is the default value). +- Use `-AddOneDriveLocation All` in the same command with this parameter. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +You can't use this parameter with the ExceptIfOneDriveSharedBy or ExceptIfOneDriveSharedByMemberOf parameters. + +You can't use this parameter to specify Microsoft 365 Groups. + +```yaml +Type: RecipientIdParameter[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PolicyRBACScopes + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveEndpointDlpLocation + +> Applicable: Security & Compliance + +**Note**: This parameter requires membership in the Compliance Administrator or Compliance Data Administrator roles in Microsoft Entra ID. + +The RemoveEndpointDlpLocation parameter specifies the user accounts to remove from the list of included accounts for Endpoint DLP if you used the value All for the EndpointDLPLocation parameter. You specify the account by name or email address. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +For more information about Endpoint DLP, see [Learn about Endpoint data loss prevention](https://learn.microsoft.com/purview/endpoint-dlp-learn-about). + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveEndpointDlpLocationException + +> Applicable: Security & Compliance + +**Note**: This parameter requires membership in the Compliance Administrator or Compliance Data Administrator roles in Microsoft Entra ID. + +The RemoveEndpointDlpLocation parameter specifies the user accounts to remove from the list of excluded accounts for Endpoint DLP if you used the value All for the EndpointDLPLocation parameter. You specify the account by name or email address. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +For more information about Endpoint DLP, see [Learn about Endpoint data loss prevention](https://learn.microsoft.com/purview/endpoint-dlp-learn-about). + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveExchangeLocation + +> Applicable: Security & Compliance + +The RemoveExchangeLocation parameter removes email messages from the scan if they're already included. The valid value for this parameter is All. + +If the scan already includes email messages (in the output of the Get-DlpCompliancePolicy cmdlet, the ExchangeLocation property value is All), you can use `-RemoveExchangeLocation All` to prevent the scan from applying to email messages. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveOneDriveLocation + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveOneDriveLocationException + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveSharePointLocation + +> Applicable: Security & Compliance + +The RemoveSharePointLocation parameter specifies the SharePoint sites to remove from the list of included sites if you used the value All for the SharePointLocation parameter. You specify the site by its URL value. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveSharePointLocationException + +> Applicable: Security & Compliance + +The RemoveSharePointLocationException parameter specifies the SharePoint sites to remove from the list of excluded sites if you used the value All for the SharePointLocation parameter. You specify the site by its URL value. + +To enter multiple values, use the following syntax: `,,...`. If the values contain spaces or otherwise require quotation marks, use the following syntax: `"","",...""`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveTeamsLocation + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveTeamsLocationException + +> Applicable: Security & Compliance + +This parameter is reserved for internal Microsoft use. + +```yaml +Type:MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StartImpactAssessment + +> Applicable: Security & Compliance + +The StartImpactAssessment parameter specifies whether to start cost estimation for on-demand classification scans. Valid values are: + +- $true: Start cost estimation for on-demand classification scans. +- $false: Don't start cost estimation for on-demand classification scans. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StopImpactAssessmentAndStartClassification + +> Applicable: Security & Compliance + +The StopImpactAssessmentAndStartClassification specifies whether to stop cost estimation and start classification for devices where estimation completed successfully. Valid values are: + +- $true: Start classification for devices where estimation completed successfully. +- $false: Don't start classification for devices where estimation completed successfully. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +> Applicable: Security & Compliance + +The WhatIf switch doesn't work in Security & Compliance PowerShell. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-SensitiveInformationScanRule.md b/exchange/exchange-ps/ExchangePowerShell/Set-SensitiveInformationScanRule.md new file mode 100644 index 0000000000..5a977b32f9 --- /dev/null +++ b/exchange/exchange-ps/ExchangePowerShell/Set-SensitiveInformationScanRule.md @@ -0,0 +1,331 @@ +--- +applicable: Security & Compliance +author: chrisda +external help file: Microsoft.Exchange.TransportMailflow-Help.xml +Locale: en-US +Module Name: ExchangePowerShell +ms.author: chrisda +online version: https://learn.microsoft.com/powershell/module/exchangepowershell/set-sensitiveinformationscanrule +schema: 2.0.0 +title: Set-SensitiveInformationScanRule +--- + +# Set-SensitiveInformationScanRule + +## SYNOPSIS +This cmdlet is available only in Security & Compliance PowerShell. For more information, see [Security & Compliance PowerShell](https://learn.microsoft.com/powershell/exchange/scc-powershell). + +Use the Set-SensitiveInformationScan cmdlet to modify sensitive information scan rules. + +For information about the parameter sets in the Syntax section below, see [Exchange cmdlet syntax](https://learn.microsoft.com/powershell/exchange/exchange-cmdlet-syntax). + +## SYNTAX + +``` +Set-SensitiveInformationScanRule [-Identity] + [-Comment ] + [-Confirm] + [-ContentCreatedOrUpdatedDateFrom ] + [-ContentCreatedOrUpdatedDateTo ] + [-ContentExtensionMatchesWords ] + [-ContentPropertyContainsWords ] + [-ExceptIfContentExtensionMatchesWords ] + [-ExceptIfContentPropertyContainsWords ] + [-StartImpactAssessment ] + [-WhatIf] + [-Workload ] + [] +``` + +## DESCRIPTION +To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions). + +## EXAMPLES + +### Example 1 +```powershell +Set-SensitiveInformationScanRule "SharePoint scan rule1" -ContentExtensionMatchesWords "pdf","docx,csv" -StartImpactAssessment $true +``` + +This example updates the on-demand classification scan to classify pdf, docx and csv file types. + +## PARAMETERS + +### -Identity + +> Applicable: Security & Compliance + +The Identity parameter specifies the sensitive information scan rule that you want to modify. You can use any value that uniquely identifies the rule. For example: + +- Name +- Distinguished name (DN) +- GUID + +```yaml +Type: ComplianceRuleIdParameter +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Comment + +> Applicable: Security & Compliance + +The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note". + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm + +> Applicable: Security & Compliance + +The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding. + +- Destructive cmdlets (for example, Remove-\* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: `-Confirm:$false`. +- Most other cmdlets (for example, New-\* and Set-\* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ContentCreatedOrUpdatedDateFrom + +> Applicable: Security & Compliance + +The ContentCreatedOrUpdatedDateFrom parameter specifies the earliest modification date-time of files that are considered in scope of this scan. + +To specify a date/time value for this parameter, use either of the following options: + +- Specify the date/time value in UTC: For example, "2021-05-06 14:30:00z". +- Specify the date/time value as a formula that converts the date/time in your local time zone to UTC: For example, `(Get-Date "5/6/2021 9:30 AM").ToUniversalTime()`. For more information, see [Get-Date](https://learn.microsoft.com/powershell/module/Microsoft.PowerShell.Utility/Get-Date). + +```yaml +Type: System.DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ContentCreatedOrUpdatedDateTo + +> Applicable: Security & Compliance + +The ContentCreatedOrUpdatedDateTo parameter specifies the latest modification date-time of files that are considered in scope of this scan. + +To specify a date/time value for this parameter, use either of the following options: + +- Specify the date/time value in UTC: For example, "2021-05-06 14:30:00z". +- Specify the date/time value as a formula that converts the date/time in your local time zone to UTC: For example, `(Get-Date "5/6/2021 9:30 AM").ToUniversalTime()`. For more information, see [Get-Date](https://learn.microsoft.com/powershell/module/Microsoft.PowerShell.Utility/Get-Date). + +```yaml +Type: System.DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ContentExtensionMatchesWords + +> Applicable: Security & Compliance + +The ContentExtensionMatchesWords parameter specifies a condition for the rule that looks for words in file extensions. You can specify multiple words separated by commas. Irrespective of the original file type, this predicate matches based on the extension that is present in the name of the file. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ContentPropertyContainsWords + +> Applicable: Security & Compliance + +The ContentPropertyContainsWords parameter specifies a condition for the rule that's based on a property match in content. The rule is applied to content that contains the specified property. + +This parameter accepts values in the format: `"Property1:Value1,Value2","Property2:Value3,Value4",..."PropertyN:ValueN,ValueN"`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExceptIfContentExtensionMatchesWords + +> Applicable: Security & Compliance + +The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the rule that looks for words in file extensions. You can specify multiple words separated by commas. Irrespective of what the original file type is, this predicate matches based on the extension that is present in the name of the file. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExceptIfContentPropertyContainsWords + +> Applicable: Security & Compliance + +The ExceptIfContentPropertyContainsWords parameter specifies an exception for the DLP rule that's based on a property match in content. The rule is not applied to content that contains the specified property. + +This parameter accepts values in the format: `"Property1:Value1,Value2","Property2:Value3,Value4",..."PropertyN:ValueN,ValueN"`. + +```yaml +Type: MultiValuedProperty +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StartImpactAssessment + +> Applicable: Security & Compliance + +The StartImpactAssessment parameter specifies whether to start a scan estimation. Valid values are: + +- $true: Start an scan estimation by default. +- $false: Prevent starting scan estimation by default. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf + +> Applicable: Security & Compliance + +The WhatIf switch doesn't work in Security & Compliance PowerShell. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Workload + +> Applicable: Security & Compliance + +The Workload parameter specifies the workload. Valid values are: + +- Applications +- AuditAlerting +- AWS +- Azure +- AzureBatch +- Copilot +- DynamicScope +- EndpointDevices +- Exchange +- ExchangeOnPremises +- Intune +- ModernGroup +- OneDriveForBusiness +- OnPremisesScanner +- PowerBI +- PublicFolder +- SharePoint +- SharePointOnPremises +- Skype +- Substrate +- Teams +- ThirdPartyApps +- UnifiedAuditAzure + +This value appears in the LogicalWorkload property in the output of the Get-SensitiveInformationScanRule cmdlet. + +```yaml +Type: PolicyConfiguration.Workload +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/p/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES +- You can't modify rules in the ClassificationInProgress and ClassificationComplete states. +- You need to use the StartImpactAssessment parameter with the value $true to restart estimation. Otherwise, the scan remains in the ImpactAssessmentRequired state. + +## RELATED LINKS diff --git a/exchange/mapping/serviceMapping.json b/exchange/mapping/serviceMapping.json index 663de1cf39..57c81b744c 100644 --- a/exchange/mapping/serviceMapping.json +++ b/exchange/mapping/serviceMapping.json @@ -847,6 +847,7 @@ "Test-ServicePrincipalAuthorization": "organization", "Test-SystemHealth": "organization", "Update-ExchangeHelp": "organization", + "Cancel-SensitiveInformationScan": "policy-and-compliance", "Check-PurviewConfig": "policy-and-compliance", "Disable-JournalArchiving": "policy-and-compliance", "Disable-JournalRule": "policy-and-compliance", @@ -876,6 +877,8 @@ "Get-OutlookProtectionRule": "policy-and-compliance", "Get-ProtectionAlert": "policy-and-compliance", "Get-ReviewItems": "policy-and-compliance", + "Get-SensitiveInformationScan": "policy-and-compliance", + "Get-SensitiveInformationScanRule": "policy-and-compliance", "Get-SupervisoryReviewPolicyV2": "policy-and-compliance", "Get-SupervisoryReviewRule": "policy-and-compliance", "Get-TransportRule": "policy-and-compliance", @@ -895,6 +898,8 @@ "New-OrganizationSegment": "policy-and-compliance", "New-OutlookProtectionRule": "policy-and-compliance", "New-ProtectionAlert": "policy-and-compliance", + "New-SensitiveInformationScan": "policy-and-compliance", + "New-SensitiveInformationScanRule": "policy-and-compliance", "New-SupervisoryReviewPolicyV2": "policy-and-compliance", "New-SupervisoryReviewRule": "policy-and-compliance", "New-TransportRule": "policy-and-compliance", @@ -908,6 +913,8 @@ "Remove-OrganizationSegment": "policy-and-compliance", "Remove-OutlookProtectionRule": "policy-and-compliance", "Remove-ProtectionAlert": "policy-and-compliance", + "Remove-SensitiveInformationScan": "policy-and-compliance", + "Remove-SensitiveInformationScanRule": "policy-and-compliance", "Remove-SupervisoryReviewPolicyV2": "policy-and-compliance", "Remove-TransportRule": "policy-and-compliance", "Set-AutoSensitivityLabelPolicy": "policy-and-compliance", @@ -920,6 +927,8 @@ "Set-OrganizationSegment": "policy-and-compliance", "Set-OutlookProtectionRule": "policy-and-compliance", "Set-ProtectionAlert": "policy-and-compliance", + "Set-SensitiveInformationScan": "policy-and-compliance", + "Set-SensitiveInformationScanRule": "policy-and-compliance", "Set-SupervisoryReviewPolicyV2": "policy-and-compliance", "Set-SupervisoryReviewRule": "policy-and-compliance", "Set-TransportRule": "policy-and-compliance",