Get-DlpSiDetectionsReport
This cmdlet is available only in Security & Compliance PowerShell. For more information, see Security & Compliance PowerShell.
Note: This cmdlet will be retired. Use the Export-ActivityExplorerData cmdlet to view DLP information. Data from Export-ActivityExplorerData is the same as the retired Get-DlpIncidentDetailReport cmdlet.
Use the Get-DlpSiDetectionsReport cmdlet to view information about data loss prevention (DLP) sensitive information type detections in the Microsoft Purview compliance portal for the last 90 days.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
Get-DlpSiDetectionsReport
[-EndDate <DateTime>]
[-SensitiveType <MultiValuedProperty>]
[<CommonParameters>]
Description
For the reporting period you specify, the cmdlet returns the following information:
- Organization
- Date
- SensitiveType: The GUID value of the DLP sensitive information type. To match the GUID value to the name of the sensitive information type, replace
<GUID>
with the GUID value and run this command:Get-DlpSensitiveInformationType -Identity <GUID>
. - DocumentCount: The number of documents that contain the detected sensitive information type.
- ProtectionStatus: Values are Unprotected (the sensitive information type is not defined in any DLP policy) or Protected (the sensitive information type is defined in a DLP policy).
- DlpComplianceRuleIds: The GUID value of the DLP compliance rule that detected the sensitive information type (for ProtectionStatus values of Protected). To match the GUID value to the name of the DLP compliance rule, replace
<GUID>
with the GUID value and run this command:Get-DlpComplianceRule -Identity <GUID>
.
To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see Permissions in the Microsoft Purview compliance portal.
Examples
Example 1
Get-DLPSiDetectionsReport
This example returns all DLP sensitive information type detections.
Example 2
Get-DLPSiDetectionsReport -SensitiveType 0e9b3178-9678-47dd-a509-37222ca96b42 -EndDate 4/8/2019
This example returns detections for the sensitive information type 0e9b3178-9678-47dd-a509-37222ca96b42 (EU Debit Card Number) during the specified date range.
Parameters
-EndDate
The EndDate parameter specifies the end date of the date range.
Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For example, if the computer is configured to use the short date format MM/dd/yyyy, enter 09/01/2018 to specify September 1, 2018. You can enter the date only, or you can enter the date and time of day. If you enter the date and time of day, enclose the value in quotation marks ("), for example, "09/01/2018 5:00 PM".
Type: | DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Security & Compliance |
-SensitiveType
The SensitiveType parameter filters the results by the specified sensitive information type. A valid value is the GUID of the sensitive information type (for example, 0e9b3178-9678-47dd-a509-37222ca96b42). To find the GUID value of a sensitive information type, run this command: Get-DlpSensitiveInformationType.
You can enter multiple values separated by commas: "Value1","Value2",..."ValueN"
.
Type: | MultiValuedProperty |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Applies to: | Exchange Online, Security & Compliance |