New-DlpComplianceRule usage / example

I was messing around a little with Office 365 Compliance settings using Powershell, as I’d like to configure a large number of tenants with certain Data Loss Prevention (DLP) rules based on sensitive data in Sharepoint Online, Onedrive for Business and  Exchange Online.

I then noticed that it wasn’t possible to use New-DlpComplianceRule in conjunction with predefined or custom sensitive data types, my code + error:

New-DlpComplianceRule -Name "SocialSecurityRule" -Policy "JosLTest" -ContentContainsSensitiveInformatio
n @{Name="Credit Card Number"; minCount="2"} -BlockAccess $True
The value specified in sensitive information is invalid.
+ CategoryInfo : NotSpecified: (:) [New-DlpComplianceRule], InvalidContentC...mationException
+ FullyQualifiedErrorId : [Server=DB5EUR01WS007,RequestId=4a19a0bd-abea-4e06-9dc1-47fc35be9d63,TimeStamp=16-11-201
6 12:02:24] [FailureCategory=Cmdlet-InvalidContentContainsSensitiveInformationException] D7D004DA,Microsoft.Office
.CompliancePolicy.Tasks.NewDlpComplianceRule
+ PSComputerName : eur01b.ps.compliance.protection.outlook.com

Fun thing is, this is actually exactly as Technet shows how it should be done.

So I called support, apparently this is a bug. So, for now, if you want to create a DLP compliance policy and rule, follow this example: Continue reading New-DlpComplianceRule usage / example

Running OnedriveMapper from a shortcut

In some cases, your users might not want to use OnedriveMapper as a logon script, but want to manually start it, or both.

Powershell execution policy, and generally the complexity involved for most users in starting scripts can be avoided by building a ‘smart’ shortcut to the script with the following line as the ‘target’:

%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -ExecutionPolicy ByPass -File “C:\Program Files (x86)\Lieben.nu\OnedriveMapper\OnedriveMapper_v3.17.ps1”

Obviously you’ll have to modify the path used there 🙂

Office 365, Azure, Enterprise Mobility and DevOps