SCDLPComplianceRule: Attributes are missing when exporting

Question

SCDLPComplianceRule: Attributes are missing when exporting

michaelbaltes opened this issue 22 days ago · 0 comments

Description of the issue

When I do an export of SCDLPComplianceRule I wondered becuase settings like this are missing:

ExceptIfSubjectContainsWords : {}
SubjectOrBodyMatchesPatterns : {}
ExceptIfSubjectOrBodyMatchesPatterns : {}
SubjectOrBodyContainsWords : {}
ExceptIfSubjectOrBodyContainsWords : {}
DocumentMatchesPatterns : {}
ExceptIfDocumentMatchesPatterns : {}
DocumentContainsWords : {}
ExceptIfDocumentContainsWords : {}
SenderADAttributeMatchesPatterns :
ExceptIfSenderADAttributeMatchesPatterns :
SenderADAttributeContainsWords :
ExceptIfSenderADAttributeContainsWords :
RecipientADAttributeMatchesPatterns :
ExceptIfRecipientADAttributeMatchesPatterns :
RecipientADAttributeContainsWords :
ExceptIfRecipientADAttributeContainsWords :
ContentCharacterSetContainsWords : {}
ExceptIfContentCharacterSetContainsWords : {}
DocumentNameMatchesPatterns : {}
ExceptIfDocumentNameMatchesPatterns : {}

When I use Get-DlpComplianceRule -Identity "INT_DLP_RULE_OneDrive_UnallowedUploadDetected" | fl *
I get all settings, but missing them inside m365config.ps1, so I can't startdscconfig. (see error below)

Microsoft 365 DSC Version

1.24.605.1

Which workloads are affected

Security & Compliance Center

The DSC configuration

SCDLPComplianceRule "SCDLPComplianceRule-INT_DLP_RULE_OneDrive_UnallowedUploadDetected"
        {
            BlockAccess                         = $False;
            Comment                             = "Mit dieser Rule wird der Upload von Dokumenten mit der Klassifizierung `"2 - VERTRAULICH`"  oder `"3 - GEHEIM`" auf OneDrive detektiert.";
            ContentIsNotLabeled                 = $False;
            Credential                          = $Credscredential;
            Disabled                            = $False;
            DocumentIsPasswordProtected         = $False;
            DocumentIsUnsupported               = $False;
            Ensure                              = "Present";
            ExceptIfDocumentIsPasswordProtected = $False;
            ExceptIfDocumentIsUnsupported       = $False;
            ExceptIfHasSenderOverride           = $False;
            ExceptIfProcessingLimitExceeded     = $False;
            GenerateAlert                       = @("mail@mail.com");
            HasSenderOverride                   = $False;
            Name                                = "INT_DLP_RULE_OneDrive_UnallowedUploadDetected";
            NotifyUser                          = @("SiteAdmin");
            Policy                              = "INT_DLP_POL_OneDrive_UnallowedUploadDetected";
            ProcessingLimitExceeded             = $False;
            RemoveRMSTemplate                   = $False;
            ReportSeverityLevel                 = "High";
            StopPolicyProcessing                = $False;
        }`

Verbose logs showing the problem

Getting message from error object       |Microsoft.Exchange.Management.UnifiedPolicy.NoMandatoryPredicatePresentException|Every rule must contain one or more of these         conditions: 'ContentPropertyContainsWords, ContentContainsSensitiveInformation, SenderIPRanges, RecipientDomainIs, SentTo,             FromAddressContainsWords, FromAddressMatchesPatterns, AnyOfRecipientAddressContainsWords, AnyOfRecipientAddressMatchesPatterns,        SubjectMatchesPatterns, SubjectContainsWords, DocumentContainsWords, DocumentMatchesPatterns, SubjectOrBodyMatchesPatterns,            SubjectOrBodyContainsWords, SenderADAttributeMatchesPatterns, SenderADAttributeContainsWords, RecipientADAttributeContainsWords,       RecipientADAttributeMatchesPatterns, DocumentNameMatchesPatterns, DocumentNameMatchesWords, ContentExtensionMatchesWords,
ContentFileTypeMatches, DocumentIsPasswordProtected, ProcessingLimitExceeded, DocumentIsUnsupported, DocumentSizeOver,
MessageSizeOver, MessageTypeMatches, SenderDomainIs, SentToMemberOf, From, UnscannableDocumentExtensionIs, HeaderContainsWords,
HeaderContainsTokens, ContentCharacterSetContainsWords, HeaderMatchesPatterns, FromMemberOf, FromScope, HasSenderOverride,
NonBifurcatingAccessScope, ContentMissingSensitivityLabel, DocumentCreatedBy, DocumentCreatedByMemberOf, HasLabelDowngradedFrom,
RestrictBrowserAccess, ContentIsNotLabeled, AttachmentIsNotLabeled, MessageIsNotLabeled, AttachmentCountOver, SharedByIRMUserRisk,
DeviceManagementType, AccessedBy, AccessedByMemberOf, MessageLabelChangeDetected, ExceptIfMessageLabelChangeDetected'.
    + CategoryInfo          : NotSpecified: (:) [], CimException
    + FullyQualifiedErrorId : [TimeStamp=Fri, 14 Jun 2024 04:58:01 GMT],Write-ErrorMessage
    + PSComputerName        : localhost

Environment Information + PowerShell Version

Name                           Value
----                           -----
PSVersion                      5.1.22621.3672
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.3672
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1