Introduction

In today’s digital landscape, protecting sensitive information is crucial for businesses of all sizes. Data Loss Prevention (DLP) policies help safeguard your organization’s data by identifying, monitoring, and protecting sensitive information. In this guide, we’ll explore how to create basic DLP policies using PowerShell.

Prerequisites

Before we begin, ensure you have the necessary permissions to create and manage DLP policies in the Microsoft Purview compliance portal. You will need to be assigned to one of the following role groups:

• Compliance administrator
• Compliance data administrator
• Information Protection administrator
• Security administrator

Connecting to Microsoft Purview Compliance PowerShell

First, connect to the Microsoft Purview compliance PowerShell:

# Connect to Microsoft Purview compliance PowerShell
Connect-IPPSSession

Creating Simple DLP Policies

Step 1: Create a Basic DLP Policy

To create a basic DLP policy, use the New-DlpCompliancePolicy cmdlet. Here is an example of creating a policy named “GlobalPolicy” that applies to all SharePoint locations:

# Create a basic DLP policy
New-DlpCompliancePolicy -Name "GlobalPolicy" -Comment "Global policy for SharePoint" -SharePointLocation "All"

Step 2: Create a Simple DLP Rule

Next, create a simple DLP rule using the New-DlpComplianceRule cmdlet. This rule will block access to content containing sensitive information. Here is an example:

# Define parameters for the simple DLP rule
$SimpleRuleParams = @{
    Name                                = "GlobalRule"
    Policy                              = "GlobalPolicy"
    BlockAccess                         = $true
    ContentContainsSensitiveInformation = @{Name = "Sensitive Info Type" }
}

# Create the simple DLP rule
New-DlpComplianceRule @SimpleRuleParams

Simple vs. Advanced Rules

In this post, we’ve focused on creating simple DLP policies and rules. Simple rules are straightforward and easy to implement, making them ideal for basic data protection needs. However, DLP policies can also be configured with advanced settings to provide more granular control and flexibility.

Wrapping up

Creating DLP policies with PowerShell allows you to automate and streamline your data protection efforts, ensuring sensitive information is safeguarded across your organization. By following the steps outlined in this guide, you can create and manage basic DLP policies efficiently.

Thank you for reading!
/Simon