This script could be used to create an XML file for Exchange 2013 or Exchange 2016. For office 365 the XML file was importable into Exchange Online (ExO). Times have changed. The XML file is no longer something we can import into Exchange Online. With Microsoft’s emphasis on the Security and Compliance Center and the de-emphasis of the crossover features in Exchange Online, this would seem to be a natural progression. If we attempt to connect to ExO and import the new data type with the New-ClassificationRuleCollection, we see that this function has been neutered and unusable:
So what to do? We need to connect PowerShell to the Security and Compliance Center. We need to run these three lines in PowerShell:
$LiveCred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $LiveCred -Authentication Basic -AllowRedirection Import-PSSession $Session
Once we’re connected we can attempt the rule creation. Before we do, we need to understand the new cmdlets set that is present in the Security and Compliance Center. These cmdlets were referenced in the error message above:
-
New-DlpSensitiveInformationRulePackage
Get-DlpSensitiveInformationRulePackage
Set-DlpSensitiveInformationRulePackage
Remove-DlpSensitiveInformationRulePackage
Microsoft provides documentation for this HERE.
However, we have an issue. These cmdlets don’t exist. Yes, you read that right. THEY DONT EXIST….
So… uh, what to do?
From the PowerShell console type in ‘New-DlpSensitiveInformation’ and hit TAB. Then we see that the base of the cmdlets is actually ‘DlpSensitiveInformationTypeRulePackage’ and NOT ‘DlpSensitiveInformationRulePackage’. The list of cmdlets is actually these:
Get-Command *DlpSensitiveInformation* Get-DlpSensitiveInformationType Get-DlpSensitiveInformationTypeRulePackage New-DlpSensitiveInformationTypeRulePackage Remove-DlpSensitiveInformationTypeRulePackage Set-DlpSensitiveInformationTypeRulePackage
So, now that we have the correct cmdlets, how do we add the data type in the new Security and Compliance Center? Sample Code below:
$FullDirectory = "C:\temp\xmlscript\ConfidentialInformation.xml" New-DlpSensitiveInformationTypeRulePackage -FileData ([Byte[]]$(get-content -Path $fulldirectory -Encoding Byte -ReadCount 0))
What was the result?
Success!!
Verification
How can we verify that this was indeed created – Get-DlpSensitiveInformationTypeRulePackage
Hi,
I am working right now with this and ran into an error, that I can upload just 10 SensitiveTypeCollections into EXO (“The number of sensitive information type collections 10 exceeds the limit of 10”).
On Exchange 2013 there was no limit.
Question: I have about 40 XML files to upload. Either I try to combine them into 1 XML file or is it possible to create 1 “SensitiveTypeCollectionRulePackage” and upload each XML into it?