How to set M365 DLP Conditions via Security and Compliance PowerShell
Hi
I am trying to create new or edit existing DLP policies rules via PowerShell. I am specifically trying to configure rules to use Azure Information Protection sensitivity labels as matching condition using PowerShell.
I know we can use the command: Set-DlpComplianceRule -Identity '<Rule-Name>' -ContentContainsSensitiveInformation @(@{Name="U.S. Social Security Number (SSN)"; minCount="2"},@{Name="Credit Card Number"}) to let the rule check for content containing Social Security numbers or credit cards.
How would I use (AIP) sensitivity labels as a condition rather than the type "Sensitive Information"? The documentation is not very clear how to do this. I even tried creating a new DLP policy and rule via the compliance portal / GUI, selecting my existing AIP labels as a condition to match, and then tried to reverse engineer by running something like (Get-DlpComplianceRule -Identity '<Rule-Name>' ).ContentContainsSensitiveInformation.groups.labels. The output however shows me the labels I have configured via the GUI, but I cannot figure out how I would configure this via the Security & Compliance Centre PowerShell rather.
Has anyone done this before?