private/Set-DLPPolicy.ps1
|
function Set-DLPPolicy { if (!$script:confirmed) { Write-Warning "This creates a new DLP policy named 'Default DLP' based on the 'Credit Card Info' template. This template will audit any creditcard data send over e-mail. Do you want to continue?" -WarningAction Inquire } if ($script:ExternallyResolved) { Set-ExternallyResolved -issue 'DLPEnabled' } else { $SCCToken = New-PartnerAccessToken -ApplicationId 'a0c73c16-a7e3-4564-9a95-2bdf47383716'-RefreshToken $ExchangeRefreshToken -Scopes 'https://outlook.office365.com/.default' $SCCTokenValue = ConvertTo-SecureString "Bearer $($SCCToken.AccessToken)" -AsPlainText -Force $SCCcredential = New-Object System.Management.Automation.PSCredential($upn, $SCCTokenValue) $SccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.compliance.protection.outlook.com/powershell-liveid?BasicAuthToOAuthConversion=true&DelegatedOrg=$($tenant.defaultdomainname)" -Credential $SCCcredential -AllowRedirection -Authentication Basic $null = import-PSsession $SccSession -disablenamechecking -allowclobber -CommandName New-DlpCompliancePolicy, New-DlpComplianceRule, Get-DlpSensitiveInformationType New-DlpCompliancePolicy -Name "Default DLP Policy" -Comment "Policy made by scripting" -SharePointLocation All -OneDriveLocation All -ExchangeLocation All -Mode Enable -erroraction "silentlycontinue" New-DlpComplianceRule -Name "Default DLP Policy" -Policy "Default DLP Policy" -ContentContainsSensitiveInformation @{Name = (Get-DlpSensitiveInformationType | Where-Object { $_.name -eq 'Credit Card Number' }).id ; minCount = "1" } -BlockAccess $false -erroraction "silentlycontinue" Remove-PSSession $SccSession } } |