This blog is Part 2 of our series on managing Endpoint DLP Rules using PowerShell.
This blog is Part 2 of our multi-part series on managing Endpoint DLP Rules using PowerShell.
In Part 1, we demonstrated how we can use PowerShell to create Endpoint DLP Rules with AdvancedRule, AlertProperties and EndpointDLPRestrctions Parameter. In this blog, we will cover the same for EndpointDLPBrowserRestrictions.
Step 1:
Create a text file with condition to restrict browser access.
Here is a sample for reference:
{
"Version": "1.0",
"Condition": {
"Operator": "And",
"SubConditions": [
{
"ConditionName": "RestrictBrowserAccess",
"Value": true
}
]
}
}
We have saved the file as advancedrule.txt in our example.
Step 2:
Create a text file with endpoint Dlp Browser restrictions.
Here is an example for a restriction:
[
{
"setting": "WebPagePrint",
"defaultmessage": "none",
"sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"value": "Block"
},
{
"setting": "WebPageCopyPaste",
"defaultmessage": "none",
"sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"value": "Warn"
},
{
"setting": "WebPageSaveToLocal",
"defaultmessage": "none",
"sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"value": "Audit"
},
{
"setting": "WebPagePrint",
"defaultmessage": "none",
"sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"value": "Block"
},
{
"setting": "WebPageCopyPaste",
"defaultmessage": "none",
"sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"value": "Warn"
},
{
"setting": "WebPageSaveToLocal",
"defaultmessage": "none",
"sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"value": "Audit"
}
]
We are setting the below Sensitive Site Restrictions in the above example. The Action and group can be modified as per the requirements, we can also choose to add more groups and remove one out of the two. We have saved the file as EndpointDlpbrowserRestrictions.txt in our example.
Note: Please ensure to replace the SiteGroupID before saving the file.
|
Activity |
CustomSensitiveGroup1 Action |
CustomSensitiveGroup2 Action |
|
Print the site |
Block |
Block |
|
Copy the date from the site |
Warn |
Warn |
|
Save the site as local files (Save-As) |
Audit |
Audit |
Step 3:
Define the Parameters:
# Define the parameters to read condition from the file we created in Step 1
$data = Get-Content -Path "C:\temp\advancedrule.txt" -ReadCount 0
$AdvancedRuleString = $data | Out-string
# Define the parameters for the DLP rule
$ruleName = "Endpoint Rule – Sensitive Site Restrictions"
$PolicyName = "Endpoint Policy - Sensitive Site Restrictions"
$alertProperties = @{AggregationType = "SimpleAggregation" ; VolumeThreshold = "5" ; AlertBy = "Tenant"; Threshold = "15"; TimeWindow = "60"}
$Notifyendpointuser = @{NotificationContent = "default:The sharing is blocked, please contact the helpdesk for more details" ; NotificationTitle = "default:Restricted"}
The values in bold for notification content can be changed as per the notification you would like to configure. Similarly, the values in Alert properties can also be changed to meet different requirements.
Step 4:
Create the DLP rule:
New-DlpComplianceRule -Name $ruleName -Policy $PolicyName -GenerateAlert admin@xxxx.onmicrosoft.com -ReportSeverityLevel "Medium" -Notifyendpointuser $Notifyendpointuser -AlertProperties $alertProperties -AdvancedRule $AdvancedRuleString -EndpointDlpbrowserRestrictions (Get-Content -Raw ("C:\temp\EndpointDlpbrowserRestrictions.txt") | ConvertFrom-Json -AsHashtable)
Note: PowerShell 7 is a must for this to work.
Microsoft