Set-DlpComplianceRule

This cmdlet is available only in the Office 365 Security & Compliance Center. For more information, see Office 365 Security & Compliance Center PowerShell (https://technet.microsoft.com/library/mt587091.aspx). Use the Set-DlpComplianceRule to modify Data Loss Prevention (DLP) rules in the Security & Compliance Center. DLP rules define sensitive information to be protected and the actions to take on rule violations. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).

Syntax

Set-DlpComplianceRule
   [-Identity] <ComplianceRuleIdParameter>
   [-AccessScope <InOrganization | NotInOrganization | None>]
   [-AccessTimeControl <PswsHashtable>]
   [-ActivationDate <DateTime>]
   [-BlockAccess <$true | $false>]
   [-Comment <String>]
   [-Confirm]
   [-ContentContainsSensitiveInformation <PswsHashtable[]>]
   [-ContentPropertyContainsWords <MultiValuedProperty>]
   [-Disabled <$true | $false>]
   [-DocumentIsUnsupported <$true | $false>]
   [-ExceptIfAccessScope <InOrganization | NotInOrganization | None>]
   [-ExceptIfContentContainsSensitiveInformation <PswsHashtable[]>]
   [-ExceptIfContentPropertyContainsWords <MultiValuedProperty>]
   [-ExceptIfDocumentIsUnsupported <$true | $false>]
   [-ExceptIfFrom <SmtpAddress[]>]
   [-ExceptIfFromMemberOf <SmtpAddress[]>]
   [-ExceptIfProcessingLimitExceeded <$true | $false>]
   [-ExpiryDate <DateTime>]
   [-From <SmtpAddress[]>]
   [-FromMemberOf <SmtpAddress[]>]
   [-GenerateAlert <MultiValuedProperty>]
   [-GenerateIncidentReport <MultiValuedProperty>]
   [-IncidentReportContent <ReportContentOption[]>]
   [-Name <String>]
   [-NotifyAllowOverride <OverrideOption[]>]
   [-NotifyEmailCustomText <String>]
   [-NotifyPolicyTipCustomText <String>]
   [-NotifyPolicyTipCustomTextTranslations <MultiValuedProperty>]
   [-NotifyUser <MultiValuedProperty>]
   [-ProcessingLimitExceeded <$true | $false>]
   [-ReportSeverityLevel <Low | Medium | High | None>]
   [-RuleErrorAction <Ignore | RetryThenBlock>]
   [-WhatIf]
   [<CommonParameters>]

Description

You need to be assigned permissions in the Office 365 Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in Office 365 Security & Compliance Center (https://go.microsoft.com/fwlink/p/?LinkId=511920).

Examples

-------------------------- Example 1 --------------------------

Set-DlpComplianceRule -Identity 25bf67b6-3783-4f74-bde9-98dd40333082 -AccessScope NotInOrganization -BlockAccess $true

This example modifies the access scope and blocking behavior of a DLP compliance rule that's identified by its GUID value.

Required Parameters

-Identity

The Identity parameter specifies the DLP rule that you want to modify. You can use any value that uniquely identifies the rule. For example:

  • Name

  • Distinguished name (DN)

  • GUID

  • Id

Type:ComplianceRuleIdParameter
Position:1
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center

Optional Parameters

-AccessScope

The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope. Valid values are:

  • InOrganization: The rule is applied to content that's accessible inside the organization.

  • NotInOrganization: The rule is applied to content that's accessible outside the organization.

  • None: The condition isn't used.

Type:InOrganization | NotInOrganization | None
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-AccessTimeControl

This parameter is reserved for internal Microsoft use.

Type:PswsHashtable
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ActivationDate

This parameter is reserved for internal Microsoft use.

Type:DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-BlockAccess

The BlockAccess parameter specifies an action for the DLP rule that blocks access to the source item when the conditions of the rule are met. Valid values are:

  • $true: Blocks further access to the source item that matched the rule. The owner, author, and site owner can still access the item.

  • $false: Allows access to the source item that matched the rule. This is the default value.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-BlockAccessScope

The BlockAccessScope parameter specifies the scope of the block access action. Valid values are:

  • All: Block access to everyone except the owner and the last modifier.

  • PerUser: Block access to external users.

Position:Named
Accept pipeline input:false
Accept wildcard characters:False
-Comment

The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note".

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.

  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ContentContainsSensitiveInformation

The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type.

This parameter uses the basic syntax @(@{Name="<SensitiveInformationType1>";[minCount="<Value>"],@{Name="<SensitiveInformationType2>";[minCount="<Value>"],...). For example, @(@{Name="U.S. Social Security Number (SSN)"; minCount="2"},@{Name="Credit Card Number"}).

Use the Get-DLPSensitiveInformationType cmdlet to list the sensitive information types for your organization. For more information on sensitive information types, see Sensitive information types inventory (https://go.microsoft.com/fwlink/p/?LinkId=529420).

Type:PswsHashtable[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ContentPropertyContainsWords

The ContentPropertyContainsWords parameter specifies a condition for the DLP rule that's based on a property match in content. The rule is applied to content that contains the specified property.

This parameter accepts values in the format: "<Property1>:<Value1>,<Value2>","<Property2>:<Value3>,<Value4>",..."<PropertyN>:<ValueN>,<ValueN>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-Disabled

The Disabled parameter specifies whether the DLP rule is disabled. Valid values are:

  • $true: The rule is disabled.

  • $false: The rule is enabled. This is the default value.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-DocumentIsUnsupported

This parameter is reserved for internal Microsoft use.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ExceptIfAccessScope

This parameter is reserved for internal Microsoft use.

Type:InOrganization | NotInOrganization | None
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ExceptIfContentContainsSensitiveInformation

This parameter is reserved for internal Microsoft use.

Type:PswsHashtable[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ExceptIfContentPropertyContainsWords

This parameter is reserved for internal Microsoft use.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ExceptIfDocumentIsUnsupported

This parameter is reserved for internal Microsoft use.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ExceptIfFrom

This parameter is reserved for internal Microsoft use.

Type:SmtpAddress[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ExceptIfFromMemberOf

This parameter is reserved for internal Microsoft use.

Type:SmtpAddress[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ExceptIfProcessingLimitExceeded

This parameter is reserved for internal Microsoft use.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ExpiryDate

This parameter is reserved for internal Microsoft use.

Type:DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-From

This parameter is reserved for internal Microsoft use.

Type:SmtpAddress[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-FromMemberOf

This parameter is reserved for internal Microsoft use.

Type:SmtpAddress[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-GenerateAlert

The GenerateAlert parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met. Valid values are:

  • An email address.

  • SiteAdmin

You can specify multiple values separated by commas.

The email message that's generated by this action contains a link to detailed information in the Security & Compliance Center (the details aren't in the email message itself).

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-GenerateIncidentReport

The GenerateIncidentReport parameter specifies an action for the DLP rule that sends an incident report to the specified users when the conditions of the rule are met. Valid values are:

  • An email address.

  • SiteAdmin

You can specify multiple values separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-IncidentReportContent

The IncidentReportContent parameter specifies the content to include in the report when you use the GenerateIncidentReport parameter. Valid values are:

  • All

  • Default

  • Detections

  • DocumentAuthor

  • DocumentLastModifier

  • MatchedItem

  • RulesMatched

  • Service

  • Severity

  • Service

  • Title

You can specify multiple values separated by commas. You can only use the value All by itself. If you use the value Default, the report includes the following content:

  • DocumentAuthor

  • MatchedItem

  • RulesMatched

  • Service

  • Title

Therefore, if you use any of these redundant values with the value Default, they will be ignored.

Type:ReportContentOption[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-Name

This parameter is reserved for internal Microsoft use.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-NotifyAllowOverride

The NotifyAllowOverride parameter specifies the notification override options when the conditions of the rule are met. Valid values are:

  • FalsePositive: Allows overrides in the case of false positives.

  • WithoutJustification: Allows overrides without justification.

  • WithJustification: Allows overrides with justification.

You can specify multiple values separated by commas. The values WithoutJustification and WithJustification are mutually exclusive.

Type:OverrideOption[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-NotifyEmailCustomText

The NotifyEmailCustomText parameter specifies the custom text in the email notification message that's sent to recipients when the conditions of the rule are met.

This parameter has a 5000 character limit, and supports plain text, HTML tags and the following tokens (variables):

  • %%AppliedActions%%: The actions applied to the content.

  • %%ContentURL%%: The URL of the document on the SharePoint site or OneDrive for Business site.

  • %%MatchedConditions%%: The conditions that were matched by the content. Use this token to inform people of possible issues with the content.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-NotifyPolicyTipCustomText

The NotifyPolicyTipCustomText parameter specifies the custom text in the Policy Tip notification message that's shown to recipients when the conditions of the rule are met. The maximum length is 256 characters. HTML tags and tokens (variables) aren't supported.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-NotifyPolicyTipCustomTextTranslations

This parameter is reserved for internal Microsoft use.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-NotifyUser

The NotifyUser parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met. Valid values are:

  • An email address.

  • LastModifier

  • Owner

  • SiteAdmin

You can specify multiple values separated by commas.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ProcessingLimitExceeded

This parameter is reserved for internal Microsoft use.

Type:$true | $false
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-ReportSeverityLevel

The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule. Valid values are:

  • None: You can't select this value if the rule has no actions configured.

  • Low: This is the default value.

  • Medium

  • High

Type:Low | Medium | High | None
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-RuleErrorAction

The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. Valid values are:

  • Ignore

  • RetryThenBlock

  • Blank (the value $null): This is the default value.

Type:Ignore | RetryThenBlock
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center
-WhatIf

The WhatIf switch doesn't work in the Office 365 Security & Compliance Center.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Office 365 Security & Compliance Center

Inputs

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types (https://go.microsoft.com/fwlink/p/?linkId=616387). If the Input Type field for a cmdlet is blank, the cmdlet doesn't accept input data.

Outputs

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types (https://go.microsoft.com/fwlink/p/?linkId=616387). If the Output Type field is blank, the cmdlet doesn't return data.