Export DLP sensitive information types from Exchange 2013
Applies to: Exchange Server 2013
You can view or change the details within your DLP policies without using the Exchange admin center (EAC) or Exchange Management Shell cmdlets by exporting the policies, saving them as an XML file, and modifying that XML file. Typically you would then import the XML file back into Exchange. In this way, policies can be edited independent of Exchange. However, they must meet specific format requirements, also referred to as XML schema, in order to work correctly.
For additional management tasks related to DLP, see Manage DLP policies.
What do you need to know before you begin?
Estimated time to complete: 15 minutes
The EAC doesn't provide a way to export DLP policies or templates to an external file. To use the Shell, see Open the Exchange Management Shell.
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Data loss prevention (DLP)" entry in the Messaging policy and compliance permissions topic.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts for the Exchange admin center in Exchange 2013.
Tip
Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.
Use the Exchange Management Shell to export the DLP sensitive information types
This example exports all DLP sensitive information types along with their attributes to an XML file. We recommend making a backup copy of your current DLP sensitive information types collection. One way to achieve this is to export and then immediately copy and rename the same XML file.
In the Exchange Management Shell, run the following command to display your organization's sensitive information types.
Get-ClassificationRuleCollection
If you haven't created any sensitive information types of your own, you'll only see the default, built-in sensitive information types collection, labeled "Microsoft Rule Package".
Store the sensitive information types in a variable by running the following command:
$ruleCollections = Get-ClassificationRuleCollection
Make a formatted XML file with all that data by replacing
"C:\custompath\
with a real file path and running the following command:[System.IO.File]::WriteAllBytes('C:\custompath\exportedRules.xml', $ruleCollections.SerializedClassificationRuleCollection)
Note
If the output of the command
Get-ClassificationRuleCollection | Format-List Name,SerializedClassificationRuleCollection
shows that the SerializedClassificationRuleCollection property is empty, you'll receive the following error, and there are no policies to edit:Exception calling "WriteAllBytes" with "2" argument(s): "Value cannot be null. Parameter name: bytes"
You can now edit the XML file to adjust the policies as needed. To learn how to customize the built-in sensitive information types, see Customize the built-in DLP sensitive information types. For details on importing policies back into Exchange, see Import a custom DLP policy template from a file.