Creating Endpoint DLP Rules using PowerShell - Part 1
This blog is Part 1 of our multi-part series on managing Endpoint DLP Rules using PowerShell. In Part 1, we will demonstrate how we can use PowerShell to create Endpoint DLP Rules with AdvancedRule, AlertProperties and EndpointDLPRestrctions Parameter. In Part 2, we will cover the same for EndpointDLPBrowserRestrictions. Step 1: Create the text file with complex condition as per the requirements and save it. Here is a sample for reference: { "Version": "1.0", "Condition": { "Operator": "And", "SubConditions": [ { "ConditionName": "ContentContainsSensitiveInformation", "Value": [ { "Groups": [ { "Name": "Default", "Operator": "Or", "Sensitivetypes": [ { "Name": "Credit Card Number", "Mincount": 1, "Maxcount": 5, "Confidencelevel": "Low", }, { "Name": "U.S. Bank Account Number", "Mincount": 5, "Confidencelevel": "Medium", } ] } ], "Operator": "And" } ] } ] } } In the above example, we are using the conditionContent Contains Sensitive Information with SIT’s Credit Card or Bank Account Number. You can choose to add/remove additional SIT’s/conditions as needed along with the desired operator. You can also change the Confidence level to Low/Medium/High as per the requirements and update the Min/Max count. We have saved it as advancedrule.txt in our example. Note: If you do not specify the Min/Max attribute, the value is taken as any by default. In our example we have not specified the Max attribute for the Bank Account Number, hence it would take the default value i.e. Any. Here is another example: { "Version": "1.0", "Condition": { "Operator": "And", "SubConditions": [ { "ConditionName": "ContentContainsSensitiveInformation", "Value": [ { "Groups": [ { "Name": "Default", "Operator": "Or", "Labels": [ { "Name": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "Id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "Type": "Sensitivity" } ] } ], "Operator": "And" } ] }, { "ConditionName": "ContentFileTypeMatches", "Value": [ "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ] } ] } } In this example we are using the conditionContent Contains Sensitive Level with a specific label and Content matches a specific file type. Please ensure to replace the ID’s with the appropriate values before saving the file. Step 2: Define the parameters for endpointDlpRestrictions or create a text file for complex restrictions. Here is an example for a simple restriction: $endpointDlpRestrictions = @(@{"Setting"="Print"; "Value"="Block"},@{"Setting"="RemovableMedia"; "Value"="Warn"}) In this case we are setting the Print action toBlock and Copy to removable USB Device to Warn. We can configure the value to Block/Warn/Audit as per our requirements. Here is an example to create a text file with complex condition: [ { "defaultmessage": "none", "setting": "Print", "value": "Block", "appgroup": "none", "networkLocation": [ { "priority": "1", "type": "vpn", "action": "Audit" } ], "printerGroup": [ { "priority": "1", "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "action": "Audit" } ] }, { "setting": "RequireBusinessJustification", "value": "Required" }, { "setting": "RemovableMedia", "defaultmessage": "none", "value": "Warn", "appgroup": "none" }, { "setting": "CloudEgress", "defaultmessage": "none", "cloudEgressGroup": [ { "priority": "1", "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "action": "Audit" } ], "value": "Warn", "appgroup": "none" }, { "setting": "PasteToBrowser", "defaultmessage": "none", "pasteSensitiveDomainsGroup": [ { "priority": "1", "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "action": "Audit" } ], "value": "Block", "appgroup": "none" }, { "setting": "CopyPaste", "defaultmessage": "none", "value": "Warn", "appgroup": "none", "networkLocation": [ { "priority": "1", "type": "corporateNetwork", "action": "Audit" } ] }, ] We are setting the below restrictions in the above example. The Action and restrictions can be modified as per the requirements. We have saved it as endpointdlprestrictions.txt in our example. Activity Action Network Restrictions Group Restrictions Print Block VPN is set to Audit A custom Printer Group with Action as Audit The group ID can be retrieved from the Endpoint DLP Settings using PowerShell. Make sure to update the ID before saving the file. Copy to Removable USB Device Warn Upload to restricted cloud service domain Warn A custom Sensitive service domain Group with Action as Audit The group ID can be retrieved from the Endpoint DLP Settings using PowerShell. Paste to browser Block A custom Sensitive service domain Group with Action as Audit The group ID can be retrieved from the Endpoint DLP Settings using PowerShell. Copy to clipboard Warn CorporateNetwork is set to Audit Step 3: Define the Parameters: # Define the parameters to read complex condition from the file we created in Step 1 $data = Get-Content -Path "C:\temp\advancedrule.txt" -ReadCount 0 $AdvancedRuleString = $data | Out-string # Define the parameters for the DLP rule with Simple restriction $ruleName = "Endpoint Rule - Restrict Financial Information Sharing Rule" $PolicyName = "Endpoint Policy - Restrict Financial Information Sharing" $endpointDlpRestrictions = @(@{"Setting"="Print"; "Value"="Block"},@{"Setting"="RemovableMedia"; "Value"="Block"}) $Notifyendpointuser = @{NotificationContent = "default:The sharing is blocked, please contact the helpdesk for more details" ; NotificationTitle = "default:Restricted"} $alertProperties = @{AggregationType = "SimpleAggregation" ; VolumeThreshold = "5" ; AlertBy = "Tenant"; Threshold = "15"; TimeWindow = "60"} Note: The values in bold for notification content can be changed as per the notification you would like to configure. Similarly, the values in Alert properties can also be changed to meet different requirements. Step 4 Create the DLP rule: #Create the DLP rule New-DlpComplianceRule -Name $ruleName -Policy $PolicyName -GenerateAlert admin@xxxx.onmicrosoft.com -ReportSeverityLevel "Medium" -Notifyendpointuser $Notifyendpointuser -EndpointDlpRestrictions $endpointDlpRestrictions -AlertProperties $alertProperties -AdvancedRule $AdvancedRuleString You can use the below if you want to create a DLP rule with complex EDLP Restriction: # Define the parameters to read complex condition from a file we created in Step 1 $data = Get-Content -Path "C:\temp\advancedrule.txt" -ReadCount 0 $AdvancedRuleString = $data | Out-string # Define the parameters for the DLP rule with Simple restriction $ruleName = "Endpoint Rule - Restrict Financial Information Sharing Rule" $PolicyName = "Endpoint Policy - Restrict Financial Information Sharing" $Notifyendpointuser = @{NotificationContent = "default:The sharing is blocked, please contact the helpdesk for more details" ; NotificationTitle = "default:Restricted"} $alertProperties = @{AggregationType = "SimpleAggregation" ; VolumeThreshold = "5" ; AlertBy = "Tenant"; Threshold = "15"; TimeWindow = "60"} # Create the DLP rule using the EndpointDlpRestrictions file we created in Step 2. New-DlpComplianceRule -Name $ruleName -Policy $PolicyName -GenerateAlert admin@xxxx.onmicrosoft.com -ReportSeverityLevel "Medium" -AlertProperties $alertProperties -Notifyendpointuser $Notifyendpointuser -AdvancedRule $AdvancedRuleString -EndpointDlpRestrictions (Get-Content -Raw ("C:\temp\endpointdlprestrictions.txt") | ConvertFrom-Json -AsHashtable) Note: PowerShell 7 is a must for this to work.
金沙平台遇到不给提现怎么办?
更新网上被黑不给出款怎么办?追回处理方法QQ1372556383飞机T8973L 网上被黑不给出款不要慌!遇到被黑提不出款可采取以下几种方案帮助 1. 保持冷静首先,你需要保持冷静。不要因为提现注单延迟不给结算而变得焦虑和冲动。焦虑和冲动可能会导致您做出错误的决定,如继续投注或找第三方帮助等。 2. 与网站客服联系尽快与网站客服联系,说明你的情况,并提供你的账户信息和交易记录。如果提现注单延迟不给结算是因为技术问题,客服人员可能会帮助你解决问题。 3. 收集证据如果你怀疑提现注单延迟不给结算是因为黑客攻击或欺诈行为,你可以收集一些证据来支持你的主张。例如,你可以保存你的账户信息和交易记录,并找到一些其他受害者。这些信息可能会对客服人员产生影响,并促使他们采取行动解决问题Bulk Import Endpoint DLP Global Settings
Updating the eDLP settings can be a tedious task when managing an extensive list of Service Domains, File Path Exclusions, Unallowed apps and browsers, Unallowed Bluetooth Apps, and Network Path Exclusions. In this blog, we will demonstrate how to efficiently bulk import these settings and maintain an ongoing list. Pre-requisites Visual Studio Code with Extension to convert csv to json. We are using the below extension in our example. Step 1: Create a csv file with the required parameters and values. Here is a sample table with all the parameters for eDLP Global Settings: Setting Value Executable CloudAppMode Block CloudAppRestrictionList yahoo.com CloudAppRestrictionList hotmail.com PathExclusion /Users/*/Desktop/Folder1 PathExclusion /Users/*/Desktop/Folder2 MacPathExclusion /Users/*/Downloads/Folder1 MacPathExclusion /Users/*/Downloads/Folder2 UnallowedApp testapp1 testapp1.exe UnallowedApp testapp2 testapp2.exe UnallowedBrowser Avast Secure Browser avastbrowser.exe UnallowedBrowser Firefox firefox.exe UnallowedBluetoothApp bluetoothapp1 bluetoothapp1.exe UnallowedBluetoothApp bluetoothapp2 bluetoothapp1.exe UnallowedCloudSyncApp Notepad++ notepad++.exe EvidenceStoreSettings { "FileEvidenceIsEnabled": true, "NumberOfDaysToRetain": 30, "StorageAccounts": [ { "Name": "Test", "BlobUri": "https://test.blob.windows.core.net/" } ], "Store": "CustomerManaged" } VPNSettings { "serverAddress": [ "test.vpnus.contoso.com", "test.vpnin.contoso.com" ] } serverDlpEnabled TRUE CustomBusinessJustificationNotification 1 MacDefaultPathExclusionsEnabled TRUE AdvancedClassificationEnabled TRUE BandwidthLimitEnabled TRUE DailyBandwidthLimitInMB 1000 IncludePredefinedUnallowedBluetoothApps TRUE NetworkPathEnforcementEnabled TRUE NetworkPathExclusion \\TestShare\MyFolder NetworkPathExclusion \\TestShare\MyFolder1 You can make the necessary changes and add additional rows to add more values per setting as needed. Copy the table to a csv file, make the necessary changes, and save it. Step 2: Convert csv to json. Open the csv file in Visual Studio Code Press Ctrl + Shift + P Select convert csv to json in the pop that appears. A new file will be created in VS Code in JSON format Step 3: Remove the unwanted values. Remove the unwanted values such as below using the Find and Replace All (Replace with blank) option in VS Code and save the file in json Format. We have saved it as eDLPGlobalSettings.json in our case. , "Executable": "\n" , "Executable\r": "\r\n" , "Executable\r": "\r" \r Step 4: Validate if the value TRUE is in lower-case in the json file, if not please replace it using txt editor to lower-case and save the file. Step 5: Run the below command to update the eDLP Global Settings. Sst-PolicyConfig -EndpointDlpGlobalSettings (Get-Content -Raw ("C:\temp\eDLPGlobalSettings.json") | ConvertFrom-Json -AsHashtable) Note: Set-PolicyConfig will always override the existing data hence the recommendation is to have a running csv that can be edited, converted, and imported every time. PS: Please ensure to test it in a test environment before executing it in prod and always take a backup of the current settings before importing the new one.Creating Endpoint DLP Rules using PowerShell - Part 2
This blog is Part 2 of our multi-part series on managing Endpoint DLP Rules using PowerShell. In Part 1, we demonstrated how we can use PowerShell to create Endpoint DLP Rules with AdvancedRule, AlertProperties and EndpointDLPRestrctions Parameter. In this blog, we will cover the same for EndpointDLPBrowserRestrictions. Step 1: Create a text file with condition to restrict browser access. Here is a sample for reference: { "Version": "1.0", "Condition": { "Operator": "And", "SubConditions": [ { "ConditionName": "RestrictBrowserAccess", "Value": true } ] } } We have saved the file as advancedrule.txt in our example. Step 2: Create a text file with endpoint Dlp Browser restrictions. Here is an example for a restriction: [ { "setting": "WebPagePrint", "defaultmessage": "none", "sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "value": "Block" }, { "setting": "WebPageCopyPaste", "defaultmessage": "none", "sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "value": "Warn" }, { "setting": "WebPageSaveToLocal", "defaultmessage": "none", "sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "value": "Audit" }, { "setting": "WebPagePrint", "defaultmessage": "none", "sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "value": "Block" }, { "setting": "WebPageCopyPaste", "defaultmessage": "none", "sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "value": "Warn" }, { "setting": "WebPageSaveToLocal", "defaultmessage": "none", "sitegroup": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "value": "Audit" } ] We are setting the below Sensitive Site Restrictions in the above example. The Action and group can be modified as per the requirements, we can also choose to add more groups and remove one out of the two. We have saved the file as EndpointDlpbrowserRestrictions.txt in our example. Note: Please ensure to replace the SiteGroupID before saving the file. Activity CustomSensitiveGroup1 Action CustomSensitiveGroup2 Action Print the site Block Block Copy the date from the site Warn Warn Save the site as local files (Save-As) Audit Audit Step 3: Define the Parameters: # Define the parameters to read condition from the file we created in Step 1 $data = Get-Content -Path "C:\temp\advancedrule.txt" -ReadCount 0 $AdvancedRuleString = $data | Out-string # Define the parameters for the DLP rule $ruleName = "Endpoint Rule – Sensitive Site Restrictions" $PolicyName = "Endpoint Policy - Sensitive Site Restrictions" $alertProperties = @{AggregationType = "SimpleAggregation" ; VolumeThreshold = "5" ; AlertBy = "Tenant"; Threshold = "15"; TimeWindow = "60"} $Notifyendpointuser = @{NotificationContent = "default:The sharing is blocked, please contact the helpdesk for more details" ; NotificationTitle = "default:Restricted"} The values in bold for notification content can be changed as per the notification you would like to configure. Similarly, the values in Alert properties can also be changed to meet different requirements. Step 4: Create the DLP rule: New-DlpComplianceRule -Name $ruleName -Policy $PolicyName -GenerateAlert admin@xxxx.onmicrosoft.com -ReportSeverityLevel "Medium" -Notifyendpointuser $Notifyendpointuser -AlertProperties $alertProperties -AdvancedRule $AdvancedRuleString -EndpointDlpbrowserRestrictions (Get-Content -Raw ("C:\temp\EndpointDlpbrowserRestrictions.txt") | ConvertFrom-Json -AsHashtable) Note: PowerShell 7 is a must for this to work.
What are the exact steps (the latest) to enable container support in Purview?
I've been pulling my hair out trying to figure this one for the last couple hours. Can someone help me out with the exact steps (the latest) to enable container support (SharePoint Sites, Teams, 365 Groups) in Purview? Thanks in advance !
Duplicate Sensitivity Label Headers and Footers showing in Outlook emails
Hello I have a a strange issue where recipients are receiving duplicate Sensitivity Label headers and footers from our policy. For example, we have an unofficial label that stamps the header and footer as 'Unofficial'. Everytime it is received by a receipient it shows 4 times, 2 on the top as the header and 2 on the bottom. Looking in activity explorer I can see the email I sent listed three times. Any ideas how this could be happenning? ThanksHow to Solution Prevent User Downgrade Sensitivity Label is changed
Hi Everyone , Now I use Microsoft 365 E3 + Microsoft 365 E5 Information Protection and Governance. I am looking for a way to prevent User Downgrade Sensitivity Label from High to Low. I understand that before they change the label, they have to comment and they can change it. Is there any solution that can block this or notify from the log?
NEW! Microsoft 365 Customer Self-Serve Template for CSP partners
We’re excited to share the Microsoft 365 Customer Self-Serve Template to support your self-serve capabilities and insights for optimizing the commerce experience. Today, online buying is the norm, and customers are increasingly looking for one-stop shopping with a self-serve experience that’s fast, convenient, and on demand. The Customer Self-Serve Template gives you the tools to offer a seamless self-serve experience, streamlining the customer journey. Whether you leverage the content for new customer acquisition or for customer expansion, this quick-start guide will help you optimize the customer purchasing and provisioning process. With your self-serve capabilities in place, customers can easily choose, pay for, and auto-provision users on Microsoft 365 without manual partner interaction. Download the Customer Self-Serve Template to get started
