Table Of Contents
Introduction
In today’s global business environment, it’s essential to ensure that Data Loss Prevention (DLP) policies are effective across multiple languages. This guide will show you how to create multilingual DLP policies using PowerShell, allowing you to protect sensitive information in various languages.
Prerequisites
Before we begin, ensure you have the necessary permissions to create and manage DLP policies in the Microsoft Purview compliance portal. You will need to be assigned to one of the following role groups:
- Compliance administrator
- Compliance data administrator
- Information Protection administrator
- Security administrator
Connecting to Microsoft Purview Compliance PowerShell
First, connect to the Microsoft Purview compliance PowerShell:
# Connect to Microsoft Purview compliance PowerShellConnect-IPPSSession
Creating Multilingual DLP Policies
Example: Shared Passwords - Teams
Policy Creation
To create a DLP policy for detecting shared passwords in Teams, use the New-DlpCompliancePolicy cmdlet. This policy will block access without override and notify users to follow internal password sharing policies.
# Create Password policy for Teams$PassTeamsPolicyName = "Pilot | Password | Teams | All"$PassTeamsPolicyDesc = "Detect password shared internally using Teams. Follow internal policy for password sharing."$PassTeamsPolicy = New-DlpCompliancePolicy -Name $PassTeamsPolicyName -Comment $PassTeamsPolicyDesc -TeamsLocation "All"
Rule Creation with Translations
Next, create a rule for the policy using the New-DlpComplianceRule cmdlet. This rule will block access to content containing shared passwords and provide policy tips in multiple languages.
# Define parameters for the DLP rule with translations$RuleParams = @{Name = "Pilot | Password | Teams | Internal | Any | Block"Policy = $PassTeamsPolicyNameBlockAccess = $trueContentContainsSensitiveInformation = @{Name = "Shared password (EN/SV)" }NotifyUser = "LastModifier"NotifyPolicyTipCustomText = "Sensitive information detected. Please follow the internal policy for password sharing."NotifyPolicyTipCustomTextTranslations = "fr:Informations sensibles détectées. Veuillez suivre la politique interne de partage des mots de passe.", "de:Sensible Informationen erkannt. Bitte befolgen Sie die interne Richtlinie zur Passwortfreigabe."}# Create the DLP rule with translationsNew-DlpComplianceRule @RuleParams
Example: Encrypted Labels - SharePoint and OneDrive
Policy Creation
To create a DLP policy for detecting encrypted labels in SharePoint and OneDrive, use the New-DlpCompliancePolicy cmdlet. This policy will block access with override.
# Create Encrypted Labels policy for SharePoint and OneDrive$LabelsPolicyName = "Pilot | Encrypted labels | SP/ODB | All"$LabelsPolicyDesc = "Detect encrypted labels shared in SharePoint and OneDrive."$LabelsPolicy = New-DlpCompliancePolicy -Name $LabelsPolicyName -Comment $LabelsPolicyDesc -SharePointLocation "All" -OneDriveLocation "All"
Rule Creation with Translations
Next, create a rule for the policy using the New-DlpComplianceRule cmdlet. This rule will block access to content containing encrypted labels and allow override, with policy tips in multiple languages.
# JSON example for external rule using multiple labels$ExternalString = @'{"Version": "1.0","Condition": {"Operator": "And","SubConditions": [{"ConditionName": "ContentContainsSensitiveInformation","Value": [{"Groups": [{"Name": "Standard","Operator": "Or","Labels": [{"Name": "contoso-confidential-encrypted-full","Type": "Sensitivity"},{"Name": "contoso-confidential-encrypted-edit","Type": "Sensitivity"},{"Name": "contoso-confidential-encrypted-view","Type": "Sensitivity"},{"Name": "contoso-strictly-confidential-encrypted-full","Type": "Sensitivity"},{"Name": "contoso-strictly-confidential-encrypted-view","Type": "Sensitivity"}]}],"Operator": "And"}]},{"ConditionName": "AccessScope","Value": "NotInOrganization"}]},"Actions": [{"ActionType": "BlockAccess","BlockAccessScope": "All","NotifyUser": "LastModifier","NotifyAllowOverride": "FalsePositive, WithJustification","NotifyPolicyTipCustomText": "Sensitive information detected. Please make sure you follow the organisation guidelines for sharing information.","NotifyPolicyTipCustomTextTranslations": {"fr": "Informations sensibles détectées. Veuillez suivre les directives de l'organisation pour le partage des informations.","de": "Sensible Informationen erkannt. Bitte befolgen Sie die Richtlinien der Organisation für die Weitergabe von Informationen."}}]}'@# Create external rule for Encrypted Labels policyNew-DlpRules -Policy $LabelsPolicy -RuleName "Pilot | Encrypted labels | SP/ODB | External | Block" -AdvancedRule $ExternalString -NotifyUser "LastModifier" -NotifyAllowOverride "FalsePositive, WithJustification" -NotifyPolicyTipCustomText "Sensitive information detected. Please make sure you follow the organisation guidelines for sharing information." -BlockAccess $true -BlockAccessScope "All"
Wrapping Up
Creating multilingual DLP policies with PowerShell allows you to protect sensitive information across different languages, ensuring compliance and data security in a global business environment. By following the steps outlined in this guide, you can create and manage multilingual DLP policies efficiently.
Thank you for reading!
/Simon
Related Posts
