Remove a custom sensitive information type using PowerShell

In Security & Compliance PowerShell, there are two methods to remove custom sensitive information types:

  • Remove individual custom sensitive information types: Use the method documented in Modify a custom sensitive information type using PowerShell. Export the custom rule package containing the custom sensitive information type. Remove the sensitive information type from the XML file, and then import the updated XML file back into the existing custom rule package.

  • Remove a custom rule package and all custom sensitive information types that it contains: This method is documented in this section.


Before your remove a custom sensitive information type, verify that no DLP policies or Exchange mail flow rules (also known as transport rules) still reference the sensitive information type.

  1. Security & Compliance PowerShell

  2. To remove a custom rule package, use the Remove-DlpSensitiveInformationTypeRulePackage cmdlet:

    Remove-DlpSensitiveInformationTypeRulePackage -Identity "RulePackageIdentity"

    You can use the Name value (for any language) or the RulePack id (GUID) value to identify the rule package.

    This example removes the rule package named "Employee ID Custom Rule Pack".

    Remove-DlpSensitiveInformationTypeRulePackage -Identity "Employee ID Custom Rule Pack"

    For detailed syntax and parameter information, see Remove-DlpSensitiveInformationTypeRulePackage.

  3. To verify that you've successfully removed a custom sensitive information type, do any of the following steps:

    • Run the Get-DlpSensitiveInformationTypeRulePackage cmdlet and verify the rule package is no longer listed:

    • Run the Get-DlpSensitiveInformationType cmdlet to verify the sensitive information types in the removed rule package are no longer listed:


      For custom sensitive information types, the Publisher property value will be something other than "Microsoft Corporation".

    • Replace <Name> with the Name value of the sensitive information type (for example, Employee ID) and run the Get-DlpSensitiveInformationType cmdlet to verify the sensitive information type is no longer listed:

      Get-DlpSensitiveInformationType -Identity "<Name>"


If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.

More information