Set-DlpCompliancePolicy

This cmdlet is available only in Security & Compliance Center PowerShell. For more information, see Security & Compliance Center PowerShell.

Use the Set-DlpCompliancePolicy cmdlet to modify Data Loss Prevention (DLP) policies in the Security & Compliance Center.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Set-DlpCompliancePolicy
   [-Identity] <PolicyIdParameter>
   [-AddEndpointDlpLocation <MultiValuedProperty>]
   [-AddEndpointDlpLocationException <MultiValuedProperty>]
   [-AddExchangeLocation <MultiValuedProperty>]
   [-AddOneDriveLocation <MultiValuedProperty>]
   [-AddOneDriveLocationException <MultiValuedProperty>]
   [-AddSharePointLocation <MultiValuedProperty>]
   [-AddSharePointLocationException <MultiValuedProperty>]
   [-AddTeamsLocation <MultiValuedProperty>]
   [-AddTeamsLocationException <MultiValuedProperty>]
   [-Comment <String>]
   [-Confirm]
   [-ExchangeSenderMemberOf <SmtpAddress[]>]
   [-ExchangeSenderMemberOfException <SmtpAddress[]>]
   [-Force]
   [-Mode <PolicyMode>]
   [-Priority <Int32>]
   [-RemoveEndpointDlpLocation <MultiValuedProperty>]
   [-RemoveEndpointDlpLocationException <MultiValuedProperty>]
   [-RemoveExchangeLocation <MultiValuedProperty>]
   [-RemoveOneDriveLocation <MultiValuedProperty>]
   [-RemoveOneDriveLocationException <MultiValuedProperty>]
   [-RemoveSharePointLocation <MultiValuedProperty>]
   [-RemoveSharePointLocationException <MultiValuedProperty>]
   [-RemoveTeamsLocation <MultiValuedProperty>]
   [-RemoveTeamsLocationException <MultiValuedProperty>]
   [-WhatIf]
   [<CommonParameters>]
Set-DlpCompliancePolicy
   [-Identity] <PolicyIdParameter>
   [-RetryDistribution]
   [-Confirm]
   [-WhatIf]
   [<CommonParameters>]

Description

You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center.

Examples

Example 1

Set-DlpCompliancePolicy -Identity "Main PII" -AddSharePointLocation "https://my.url1","https://my.url2" -AddOneDriveLocation "https://my.url3","https://my.url4"

This example adds the specified URLs to the SharePoint Online and OneDrive for Business locations for the DLP policy named Main PII without affecting the existing URL values.

Example 2

Set-DlpCompliancePolicy -Identity MainPII -Mode Disable

This example disables the "MainPII" policy.

Parameters

-AddEndpointDlpLocation

This parameter is reserved for internal Microsoft use.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-AddEndpointDlpLocationException

This parameter is reserved for internal Microsoft use.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-AddExchangeLocation

This parameter is reserved for internal Microsoft use.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-AddOneDriveLocation

The AddOneDriveLocation parameter specifies the OneDrive for Business sites to add to the list of included sites when you aren't using the value All for the OneDriveLocation parameter. You identify the site by its URL value.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-AddOneDriveLocationException

This parameter specifies the OneDrive for Business sites to add to the list of excluded sites when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-AddSharePointLocation

The AddSharePointLocation parameter specifies the SharePoint Online sites to add to the list of included sites when you aren't using the value All for the SharePointLocation parameter. You identify the site by its URL value.

SharePoint Online sites can't be added to the policy until they have been indexed.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-AddSharePointLocationException

This parameter specifies the SharePoint Online sites to add to the list of excluded sites when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-AddTeamsLocation

The AddTeamsLocation parameter specifies the Teams accounts to add to the list of included accounts when you aren't using the value All for the TeamsLocation parameter. You identify the account by its name or email address.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-AddTeamsLocationException

The AddTeamsLocationException parameter specifies the Teams accounts to add to the list of excluded accounts when you use the value All for the TeamsLocation parameter. You identify the account by its name or email address.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Comment

The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks ("), for example: "This is an admin note".

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.

  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExchangeSenderMemberOf

The ExchangeSenderMemberOf parameter specifies the distribution groups, mail-enabled security groups, or dynamic distribution groups to include in the DLP policy. You identify the group by its email address.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>.

You can't use this parameter to specify Microsoft 365 Groups.

Type:SmtpAddress[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-ExchangeSenderMemberOfException

The ExchangeSenderMemberOf parameter specifies the distribution groups, mail-enabled security groups, or dynamic distribution groups to exclude from the DLP policy. You identify the group by its email address.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>.

You can't use this parameter to specify Microsoft 365 Groups.

Type:SmtpAddress[]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Force

The Force switch specifies whether to suppress warning or confirmation messages. You can use this switch to run tasks programmatically where prompting for administrative input is inappropriate. You don't need to specify a value with this switch.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Identity

The Identity parameter specifies the DLP policy that you want to modify. You can use any value that uniquely identifies the policy. For example:

  • Name

  • Distinguished name (DN)

  • GUID

  • Id

Type:PolicyIdParameter
Position:1
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Mode

The Mode parameter specifies the action and notification level of the DLP policy. Valid values are:

  • Enable: The policy is enabled for actions and notifications. This is the default value.

  • Disable: The policy is disabled.

  • TestWithNotifications: No actions are taken, but notifications are sent.

  • TestWithoutNotifications: An audit mode where no actions are taken, and no notifications are sent.

Type:PolicyMode
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-Priority

The Priority parameter specifies a priority value for the policy that determines the order of policy processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and policies can't have the same priority value.

Valid values and the default value for this parameter depend on the number of existing policies. For example, if there are 5 existing policies:

  • Valid priority values for the existing 5 policies are from 0 through 4.

  • Valid priority values for a new 6th policy are from 0 through 5.

  • The default value for a new 6th policy is 5.

If you modify the priority value of a policy, the position of the policy in the list changes to match the priority value you specify. In other words, if you set the priority value of a policy to the same value as an existing policy, the priority value of the existing policy and all other lower priority policies after it is increased by 1.

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveEndpointDlpLocation

This parameter is reserved for internal Microsoft use.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveEndpointDlpLocationException

This parameter is reserved for internal Microsoft use.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveExchangeLocation

This parameter is reserved for internal Microsoft use.

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveOneDriveLocation

The RemoveOneDriveLocation parameter specifies the OneDrive for Business sites to remove from the list of included sites when you aren't using the value All for the OneDriveLocation parameter. You identify the site by its URL value.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveOneDriveLocationException

This parameter specifies the OneDrive for Business sites to remove from the list of excluded sites when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveSharePointLocation

The RemoveSharePointLocation parameter specifies the SharePoint Online sites to remove from the list of included sites when you aren't using the value All for the SharePointLocation parameter. You identify the site by its URL value.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveSharePointLocationException

This parameter specifies the SharePoint Online sites to remove from the list of excluded sites when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveTeamsLocation

The RemoveTeamsLocation parameter specifies the Teams accounts to remove from the list of included accounts when you use the value All for the TeamsLocation parameter. You identify the account by its name or email address.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RemoveTeamsLocationException

The RemoveTeamsLocation parameter specifies the Teams accounts to remove from the list of excluded accounts when you aren't using the value All for the TeamsLocation parameter. You identify the account by its name or email address.

To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".

Type:MultiValuedProperty
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-RetryDistribution

The RetryDistribution switch redistributes the policy to all OneDrive for Business and SharePoint Online locations. Locations whose initial distributions succeeded aren't included in the retry. Policy distribution errors are reported when you use this switch.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center
-WhatIf

The WhatIf switch doesn't work in Security & Compliance Center PowerShell.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Security & Compliance Center

Inputs

Outputs