Windows/Office 365: Creating a DLP Policy and associated DLP Rule via Powershell

Created: 8-30-21

Updated: 8-30-21

Use the following PowerShell commands to create a DLP Policy and Associate DLP Policy Rule, also please note you need to be connect to Office 365 Security & Compliance via PowerShell prior to executing this script, how to do that can be found: here

Note: this information was acquired from a video series by Adam Gordon, and with this being replaced by a new exam revision, this is merely a repository of this information for future use.

In This example, we create DLP Policy and Rule for words that contain “SSN”:

# Create DLP Policy

New-DlpCompliancePolicy -Name “PHI Policy” -ExchangeLocation All -SharepointLocation All -OneDriveLocation All -Mode enable

# Create the DLP Rule for the aforementioned Policy

New-DlpComplianceRule -Name “Block SSN” -Policy “PHI Policy” -AccessScope NotInOrganization -BlockAccess $true -ContentPropertyContainsWords “Property1:SSN ” -Disabled $false

# Find DLP Policy in O365
Get-DlpCompliancePolicy | select Name,DistributionStatus,DistributionResults -ExpandProperty DistributionResults

=================================================

Special Note (1): – “-TeamsLocation -All” in DLP Policy

New-DlpCompliancePolicy -Name “PHI Policy” -ExchangeLocation All -SharepointLocation All -OneDriveLocation All -TeamsLocation All -Mode enable

# Note: “-TeamsLocation -All” Currently doesn’t work (~Credit: Adam Gordon)

Special Note (2): – “-ContentPropertyContainsWords” in DLP Rule

# URL: https://docs.microsoft.com/en-us/powershell/module/exchange/new-dlpcompliancerule?view=exchange-ps
# Note: “-ContentPropertyContainsWords” on MS Docs page
# Note: “-ContentPropertyContainsWords” is only supported for Exchange, Sharepoint, & OneDrive but NOT Teams