Modify a custom sensitive information type using PowerShell
In Security & Compliance PowerShell, modifying a custom sensitive information type requires you to:
Export the existing rule package that contains the custom sensitive information type to an XML file (or use the existing XML file if you have it).
Modify the custom sensitive information type in the exported XML file.
Import the updated XML file back into the existing rule package.
To connect to Security & Compliance PowerShell, see Security & Compliance PowerShell.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
Step 1: Export the existing rule package to an XML file
Note
If you have a copy of the XML file (for example, if you just created and imported it), you can skip to Step: 2 Modify the sensitive information type in the exported XML file.
If you don't already know the name of the custom rule package, run the Get-DlpSensitiveInformationTypeRulePackage cmdlet to find it:
Get-DlpSensitiveInformationTypeRulePackageNote
The built-in rule package that contains the built-in sensitive information types is named Microsoft Rule Package. The rule package that contains the custom sensitive information types that you created in the Compliance center UI is named Microsoft.SCCManaged.CustomRulePack.
Use the Get-DlpSensitiveInformationTypeRulePackage cmdlet to store the custom rule package to a variable:
$rulepak = Get-DlpSensitiveInformationTypeRulePackage -Identity "RulePackageName"For example, if the name of the rule package is "Employee ID Custom Rule Pack", run the following cmdlet:
$rulepak = Get-DlpSensitiveInformationTypeRulePackage -Identity "Employee ID Custom Rule Pack"Use the following syntax to export the custom rule package to an XML file:
[System.IO.File]::WriteAllBytes('XMLFileAndPath', $rulepak.SerializedClassificationRuleCollection)This example exports the rule package to the file named ExportedRulePackage.xml in the C:\My Documents folder.
[System.IO.File]::WriteAllBytes('C:\My Documents\ExportedRulePackage.xml', $rulepak.SerializedClassificationRuleCollection)
Step 2: Modify the sensitive information type in the exported XML file
Find more information about modifying sensitive information types via XML in Customize a built-in sensitive information type.
Step 3: Import the updated XML file back into the existing rule package
To import the updated XML back into the existing rule package, use the Set-DlpSensitiveInformationTypeRulePackage cmdlet:
Set-DlpSensitiveInformationTypeRulePackage -FileData ([System.IO.File]::ReadAllBytes('C:\My Documents\External Sensitive Info Type Rule Collection.xml'))
For detailed syntax and parameter information, see Set-DlpSensitiveInformationTypeRulePackage.
More information
Feedback
Kommer snart: I hele 2024 udfaser vi GitHub-problemer som feedbackmekanisme for indhold og erstatter det med et nyt feedbacksystem. Du kan få flere oplysninger under: https://aka.ms/ContentUserFeedback.
Indsend og få vist feedback om