Remove a custom sensitive information type using PowerShell

In Compliance center PowerShell, there are two methods to remove custom sensitive information types:

  • Remove individual custom sensitive information types: Use the method documented in Modify a custom sensitive information type using PowerShell. You export the custom rule package that contains the custom sensitive information type, remove the sensitive information type from the XML file, and import the updated XML file back into the existing custom rule package.

  • Remove a custom rule package and all custom sensitive information types that it contains: This method is documented in this section.

Note

Before your remove a custom sensitive information type, verify that no DLP policies or Exchange mail flow rules (also known as transport rules) still reference the sensitive information type.

  1. Connect to Compliance center PowerShell

  2. To remove a custom rule package, use the Remove-DlpSensitiveInformationTypeRulePackage cmdlet:

    Remove-DlpSensitiveInformationTypeRulePackage -Identity "RulePackageIdentity"
    

    You can use the Name value (for any language) or the RulePack id (GUID) value to identify the rule package.

    This example removes the rule package named "Employee ID Custom Rule Pack".

    Remove-DlpSensitiveInformationTypeRulePackage -Identity "Employee ID Custom Rule Pack"
    

    For detailed syntax and parameter information, see Remove-DlpSensitiveInformationTypeRulePackage.

  3. To verify that you've successfully removed a custom sensitive information type, do any of the following steps:

    • Run the Get-DlpSensitiveInformationTypeRulePackage cmdlet and verify the rule package is no longer listed:

      Get-DlpSensitiveInformationTypeRulePackage
      
    • Run the Get-DlpSensitiveInformationType cmdlet to verify the sensitive information types in the removed rule package are no longer listed:

      Get-DlpSensitiveInformationType
      

      For custom sensitive information types, the Publisher property value will be something other than Microsoft Corporation.

    • Replace <Name> with the Name value of the sensitive information type (for example, Employee ID) and run the Get-DlpSensitiveInformationType cmdlet to verify the sensitive information type is no longer listed:

      Get-DlpSensitiveInformationType -Identity "<Name>"
      

More information