This blog outlines the steps to export the DLP policies, rules and settings in bulk.
Here's a summary of the items covered:
- Exporting DLP policies, rules and settings: The document explains how to use PowerShell cmdlets to export the DLP policies, rules and settings in bulk from the Security and Compliance Center PowerShell.
- Viewing the value of switches: The document shows how to view the value of switches that are parsed by the cmdlets, such as the groups or users that are scoped or excluded from a policy.
- Exporting as a CSV file: The document provides examples of how to export the policy scoping or exclusion details as a CSV file by using the Select -ExpandProperty parameter.
- Exporting as a JSON file: The document demonstrates how to export all the policies and their attributes or sub-attributes as a JSON file by using the ConvertTo-Json cmdlet.
We have cmdlets to export the DLP Policies rules and settings however one of the main issues we come across is the inability to view the value of those switches since the data is parsed.
Consider a scenario where you want a list of all the groups/users scoped or excluded in a particular policy along with the Display Names, Email and Immutable ID’s.
When you run the cmdlet to you would see that the content is enclosed with braces { }. Braces are normally indicative of a hash table.
Get-DlpCompliancePolicy "Credit Card Policy - Audit" | Select EndpointDLPLocation
EndpointDlpLocation
-------------------
{Tailspin, Traders, Contoso, contosoteam...}
Considering there are hundreds of entries, you can use the below cmdlet to expand the property and export it as a csv.
Get-DlpCompliancePolicy "Credit Card Policy - Audit" | Select -ExpandProperty EndpointDLPLocation | Export-Csv c:\temp\Policyscoping.csv -NoTypeInformation
Similarly, you can use the below to export the list of users/groups that are excluded from the policy.
Get-DlpCompliancePolicy "Credit Card Policy - Audit" | Select -ExpandProperty EndpointDLPLocationException | Export-Csv c:\temp\PolicyExclusion.csv -NoTypeInformation
You can also choose to export all the policies and their attributes/sub-attributes as a JSON file using the below command.
You can then use a Parser or import the json file into PowerQuery/PowerBI to parse the data and view all the policies and it’s details.
$dlppolicy = Get-DlpCompliancePolicy
$dlppolicy | ConvertTo-Json -Depth 100 | Out-File -Encoding UTF8 -FilePath c:\policy.json
You can also choose to Export a single policy or rule info to JSON and view the details by using the below cmdlet.
$dlppolicy = Get-DlpCompliancePolicy "Credit Card Policy - Audit"
$dlppolicy | ConvertTo-Json -Depth 100 | Out-File -Encoding UTF8 -FilePath c:\CCpolicy.json
$dlprule = Get-DlpComplianceRule
$dlprule | ConvertTo-Json -Depth 100 | Out-File -Encoding UTF8 -FilePath c:\rule.json
In-order to export the Policy Configuration, you can use the below.
$config = Get-PolicyConfig
$config | ConvertTo-Json -Depth 100 | Out-File -Encoding UTF8 -FilePath c:\policyconfig.json
Hope this article helps in your DLP journey!