Preventing sensitive information from leaving your organization can be accomplished with the user of Data Loss Prevention policies - in this example we will be ensuring that credit card data does not get sent anywhere inside or outside the organizaion.
We should firstly create a new data loss prevention policy:
New-DlpPolicy -Name "PCI-CreditCard" -Mode Enforce
We then want to decide which data classification property we wish to use - you can either use one of the built-in properties (from the "Microsoft Rule Pack"):
Get-DataClassification
Or we can create and import our own:
https://technet.microsoft.com/en-GB/library/jj674703%28v=exchg.150%29.aspx
and to import the custom rule:
Import-DlpPolicyCollection -FileData ([Byte[]]$(Get-Content -Path " C:\My Documents\DLP Backup.xml " -Encoding Byte -ReadCount 0))
We will now create the transport rule that will perform the DLP check:
New-TransportRule -Name "Notify in Outlook:External Recipient Credit Cards" -NotifySender RejectMessage -RuleSubType DLP -DlpPolicy "PCI-CreditCard" -Mode Enforce -SentToScope NotInOrganization -MessageContainsDataClassification @{Name="Credit Card Number"}
And if we wish to remove the DLP and transport rule we can use the following cmdlets:
Remove-DlpPolicy "PCI-CreditCard"
Remove-TransportRule "Notify in Outlook:External Recipient Credit Cards"
No comments:
Post a Comment