Applies to: Exchange Server 2013, Exchange Online

Topic Last Modified: 2012-07-27

Use the Set-DlpPolicy cmdlet to modify data loss prevention (DLP) policies in your organization.

For information about the parameter sets in the Syntax section below, see Syntax.

Syntax

Set-DlpPolicy -Identity <DlpPolicyIdParameter> [-Confirm [<SwitchParameter>]] [-Description <String>] [-DomainController <Fqdn>] [-Mode <Audit | AuditAndNotify | Enforce>] [-Name <String>] [-State <Enabled | Disabled>] [-WhatIf [<SwitchParameter>]]

Examples

Example 1

This example disables the DLP policy named Employee Numbers.

Copy Code
Set-DlpPolicy "Employee Numbers" -State Disabled

Detailed Description

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Data loss prevention (DLP)" entry in the Messaging Policy and Compliance Permissions topic.

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.MessagingPolicies.CompliancePrograms.Tasks.DlpPolicyIdParameter

The Identity parameter specifies the DLP policy you want to modify. You can use any value that uniquely identifies the DLP policy. For example, you can specify the name, GUID, or distinguished name (DN) of the DLP policy.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.

Description

Optional

System.String

The Description parameter specifies an optional description for the DLP policy.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

Mode

Optional

Microsoft.Exchange.MessagingPolicies.Rules.RuleMode

The Mode parameter specifies the action and notification level of the DLP policy. Valid values for this parameter are:

  • Audit: When a message matches the conditions specified by the DLP policy, the actions specified by the policy aren't enforced, and no notification emails are sent.

  • AuditAndNotify: When a message matches the conditions specified by the DLP policy, the actions specified by the policy aren't enforced, but notification emails are sent.

  • Enforce: When a message matches the conditions specified by the DLP policy, the actions specified by the policy are enforced, and notification emails are sent.

If the State parameter is set to Disabled, the value of the Mode parameter is irrelevant.

Name

Optional

System.String

The Name parameter specifies a unique name for the DLP policy.

State

Optional

Microsoft.Exchange.MessagingPolicies.Rules.RuleState

The State parameter enables or disables the DLP policy. Valid input for this parameter is Enabled or Disabled.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

Input Types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

Return Types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.