Purview Security M365

Implementing Information Protection with M35 DSC

Script using M35 DSC to implement basic Information Protection for SharePoint site

Introduction

Microsoft Purview is a comprehensive data governance solution that helps organisations manage and protect their data across various environments. It provides tools for data discovery, classification, and protection, ensuring that sensitive information is safeguarded and compliance requirements are met. With Microsoft Purview, businesses can gain insights into their data landscape, enforce data protection policies, and mitigate risks associated with data breaches.

Step-by-Step Implementation Guide

Prerequisites

Before you begin, ensure you have the following:

  • A Microsoft 365 subscription
  • Microsoft 365 DSC (Desired State Configuration) module installed
  • PowerShell installed on your machine
  • Basic understanding of Microsoft Purview and information protection policies

Using Microsoft 365 DSC to Implement Information Protection

Step 1: Install the Microsoft 365 DSC Module

Open PowerShell and run the following command to install the Microsoft 365 DSC module:

1

Install-Module -Name Microsoft365DSC -Force -AllowClobber

Step 2: Export the Current Configuration

Export the current configuration of your Microsoft 365 environment to a .ps1 file. This will help you understand the existing setup and make necessary adjustments.

1

Export-M365DSCConfiguration -Components @("InformationProtection") -FilePath "C:\M365DSC\CurrentConfig.ps1"

Step 3: Define the Desired Configuration

Create a new PowerShell script (e.g., InformationProtectionConfig.ps1) and define the desired state for your information protection policies. Below is an example configuration:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

Configuration InformationProtectionConfig
{
    param (
        [Parameter(Mandatory = $true)]
        [PSCredential] $Creds
    )

    Import-DscResource -ModuleName Microsoft365DSC

    Node localhost
    {
        SPOInformationRightsManagementSettings SPOIRMSettings
        {
            SiteUrl = "https://yourtenant.sharepoint.com/sites/yoursite"
            AllowPrint = $false
            AllowScript = $false
            AllowWriteCopy = $false
            Credentials = $Creds
        }

        EXOInformationBarrierPolicy EXOIBPolicy
        {
            Name = "ConfidentialPolicy"
            AssignedSegment = "Confidential"
            SegmentFilter = "Department -eq 'Finance'"
            Credentials = $Creds
        }
    }
}

InformationProtectionConfig -Creds (Get-Credential)

Step 4: Apply the Desired Configuration

Run the following command to apply the desired configuration to your Microsoft 365 environment:

1

Start-DscConfiguration -Path "C:\M365DSC\InformationProtectionConfig" -Wait -Verbose

Step 5: Verify the Configuration

After applying the configuration, verify that the information protection policies have been implemented correctly. You can do this by checking the Microsoft Purview portal and ensuring that the policies are in place and functioning as expected.

Conclusion

Implementing information protection with Microsoft Purview and Microsoft 365 DSC allows organisations to automate and enforce data protection policies effectively. By following the steps outlined in this guide, you can ensure that your sensitive information is safeguarded and compliance requirements are met. Microsoft Purview provides a robust solution for managing and protecting your data across various environments.

Learn More

For more detailed information and tutorials, visit the following Microsoft Learn resources: