How to set M365 DLP Conditions via Security and Compliance PowerShell

Jacques Botha 1 Reputation point
2021-07-19T08:43:46.487+00:00

Hi

I am trying to create new or edit existing DLP policies rules via PowerShell. I am specifically trying to configure rules to use Azure Information Protection sensitivity labels as matching condition using PowerShell.

I know we can use the command: Set-DlpComplianceRule -Identity '<Rule-Name>' -ContentContainsSensitiveInformation @(@{Name="U.S. Social Security Number (SSN)"; minCount="2"},@{Name="Credit Card Number"}) to let the rule check for content containing Social Security numbers or credit cards.

How would I use (AIP) sensitivity labels as a condition rather than the type "Sensitive Information"? The documentation is not very clear how to do this. I even tried creating a new DLP policy and rule via the compliance portal / GUI, selecting my existing AIP labels as a condition to match, and then tried to reverse engineer by running something like (Get-DlpComplianceRule -Identity '<Rule-Name>' ).ContentContainsSensitiveInformation.groups.labels. The output however shows me the labels I have configured via the GUI, but I cannot figure out how I would configure this via the Security & Compliance Centre PowerShell rather.

Has anyone done this before?

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,530 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.