Last week, in part three in the Office 365 QA\DEV Tenant series we covered a few example areas that we could extract information from in order to create a copy of the setup in a QA\DEV tenant. This week we’ll cover how to take that information and import it into an Office 365 tenant.
The previous article covered two types of settings that are stored in the Security and Compliance Center. These two items were labels and sensitive information types. For this article we will cover the process for importing these settings and verifying that we have this set correctly. First, we will explore what is set by default, if there is anything done by default. Then we will import the changes. Finally we will review the changes made.
Export Labels and Settings – Improving Last Week’s Code
When I was working on importing my exported information last week, I ran into some issues with the settings parameter. As of the writing of this article, the ‘-Settings’ parameter does not technically exist. Apparently there was a coding issue in the PowerShell Module for the SCC and this parameter currently is ‘-Setting’. Also, exporting and importing it properly takes some doing. As such, I wrote a more formal version of last week and have included it here before the import:
###################################################################################
# Variables (Labels)
$Path = (Get-Item -Path ".\" -Verbose).FullName
$LabelFile = 'Labels.csv'
$LabelsDestination = $Path+"\"+$LabelFile
$LabelPolicyFile = 'LabelPolicies.csv'
$LabelsPolicyDestination = $Path+"\"+$LabelPolicyFile
###################################################################################
###################################################################################
# Export Labels
Get-Label | Export-Csv $LabelsDestination -NoTypeInformation
$Labels = Get-Label
Foreach ($Label in $Labels) {
$Name = $Label.Name
$File = "L-"+$Name+".txt"
$LabelDestination = $Path+"\"+$File
$Label.settings > $LabelDestination
}
###################################################################################
###################################################################################
# Export Label Policies
Get-LabelPolicy | Export-Csv $LabelsPolicyDestination -NoTypeInformation
$LabelPolicies = Get-LabelPolicy
Foreach ($LabelPolicy in $LabelPolicies) {
$Name = $LabelPolicy.Name
$File = "P-"+$Name+".txt"
$PolicyDestination = $Path+"\"+$File
$LabelPolicy.settings > $PolicyDestination
}
###################################################################################
IMPORTING LABELS
For our first setting to import, we will start with Labels and Label Policies. If you recall from the last article we exported labels and polices to CSV files. For this step we will need to reverse this process. This means reading in the CSV file from the production environment. Once imported into a the CSV variable we can reverse the process and import them into the QA\DEV Office 365 tenant.
###################################################################################
# Variables (Labels)
$Path = (Get-Item -Path ".\" -Verbose).FullName
$LabelFile = 'Labels.csv'
$LabelsSource = $Path+"\"+$LabelFile
$LabelsCSV = Import-CSV $LabelsSource
###################################################################################
###################################################################################
Foreach ($Label in $LabelsCSV) {
# Variables
$Name = $Label.Name
$LabelActions = $Label.LabelActions
$DisplayName = $Label.DisplayName
$Tooltip = $Label.Tooltip
$Comment = $Label.Comment
# Settings
$File = "L-"+$Name+".txt"
$LabelSettingsSource = $Path+"\"+$File
$Settings = ConvertFrom-StringData ([io.file]::ReadAllText("$LabelSettingsSource"))
# Create the New Label
New-Label -Setting $Settings -LabelActions $LabelActions -DisplayName $DisplayName -Tooltip $Tooltip -Comment $Comment -Name $Name
}
###################################################################################
IMPORTING LABEL POLICIES
In addition to Labels, we can import their respective Label Policies. Using code, very similar to the Label import code above:
###################################################################################
# Variables (Labels Policies)
$Path = (Get-Item -Path ".\" -Verbose).FullName
$LabelPolicyFile = 'LabelPolicies.csv'
$LabelsPolicySource = $Path+"\"+$LabelPolicyFile
$LabelsPolicyCSV = Import-CSV $LabelsPolicySource
###################################################################################
###################################################################################
Foreach ($LabelPolicy in $LabelsPolicyCSV) {
# Variables
$NameOld = $LabelPolicy.Name
$Name = $NameOld+"-Imported"
$Labels = $LabelPolicy.Labels
$Comment = $LabelPolicy.Comment
# Settings
$File = "P-"+$Name+".txt"
$LabelPolicySettingsSource = $Path+"\"+$File
$Settings = ConvertFrom-StringData ([io.file]::ReadAllText("$LabelPolicySettingsSource"))
# Create the New Label Policy
New-LabelPolicy -Name $Name -Labels $Labels -Setting $Settings -Comment $Comment
}
###################################################################################
SENSITIVE INFORMATION TYPES
Now that we’ve completed the process of importing Labels and Label Policies, let’s work on importing Sensitive Information types.
Each sensitive information type should have its own XML File. We can use a one-liner for each file. Let’s take an example where we have 10 different rules all exported as XML files. These XML files are stored in this directory C:\SCC\XML. We can take a directory listing of the files there and then import each one in a loop like so:
$FileTypes = (Get-ChildItem C:\scc\xml\* -Include *.ps1).Name
Foreach ($FileType in $FileTypes) {
$Name = $FileType.Name
New-DlpSensitiveInformationTypeRulePackage -FileData (Get-Content -Path "C:\scc\xml\$Name" -Encoding Byte)
}
Conclusion
As you can see once we have the information exported in a structured manner, importing this into your QA\DEV tenant is an easy process. I did not document all of the settings that can be imported, but this is a good primer for those who manage their tenants.
