Ramesh's Web/SharePoint Blog

Thursday, September 27, 2018

Data Loss Protection Policy for SPO/ Online/Office 365, Azure

Problem: With Online and Cloud storage, sensitive user information and company details can be inadvertently disclosed. This results in a non-compliance with business standards and industry regulations as the private data is compromised and can make its way to non-intended users. Securing of sensitive information like Credit Card Number, SSN, Passport Number are of utmost priority while using SharePoint Online for content management.

Solution: Data Loss Prevention(DLP)

Set up DLP Policy: set up the Data Loss Prevention Policy for securing Credit Card information using Rules and Policies in SharePoint Online.

Step1: SharePoint Admin Centre and select Security and Compliance.

Step2: From threat management select ‘Data Loss Prevention’ option.

Step3: Click on the Plus icon to add a new DLP Policy

Step4: By clicking Plus button to add DLP Policy open up a window from where we can select the type of information that we would like to protect. We can either select already available templates or we can select Custom option to build a custom policy.

Now we should select the services that we would like to protect. Let’s select SharePoint Online and One Drive.

Setup Rules for DLP Policy:

As part of creating the Policy we should assign specific rules that will catch the sensitive information while in transit. Click on Plus icon to configure the Rule.

Click on Add Condition to add conditions that will form the satisfying condition for the DLP Rule.

Let’s select “Content contains sensitive information” as the main condition that will trigger the Policy.

We can select multiple sensitive information types. We will go ahead with Credit Card Number as the primary sensitive information that we would like to protect.

Now we should specify what action should be taken when the specific rule is met. Click on Add actions to trigger the resulting action.

Let’s select block the content as the first action.

Thus, we have set up the below actions by which the content will be blocked and notification will be sent to end user regarding the same.

We will save the rule by giving it a name and click on OK.

If we want to add more rules we can click on the Plus icon, else click Next.

Now let’s give the DLP Policy a name and click on Create. This will complete the creation of the DLP Policy.

Thus, we have completed the creation of the DLP Rule and the Policy.

Test the DLP Policy:

We can now test the DLP Policy we have created. I have uploaded few documents which contain the sensitive information – Credit Card Number. Upon sharing the document, the DLP policy should get triggered which will block the content and send a notification mail to the end user. To test DLP, let’s Share one of the documents that contains Sensitive information.

In a few minutes time, we will get a mail notification stating that the DLP rule has been matched and it has to be rectified.

Until the sensitive information has been removed from the user, the document access will be restricted to its owner, last modified and the Site owner.

If we go to the Library we can see that a blocked icon has come up against each of the documents that match the DLP Rule. Unless the specific sensitive information is removed from these documents, it will continue to be blocked from other users.

Clear sharepoint cache

## SharePoint Server 2013: PowerShell Script To Reset The Config Cache On All Servers In A Farm ##

Add-PSSnapin Microsoft.SharePoint.PowerShell

$Servers = Get-SPServer | ? {$_.Role -ne "Invalid"} | Select -ExpandProperty Address

Write-Host "This script will reset the SharePoint config cache on all farm servers:"

$Servers | Foreach-Object { Write-Host $_ }

Write-Host "Press enter to start."

Read-Host

Invoke-Command -ComputerName $Servers -ScriptBlock {

try {

Write-Host "$env:COMPUTERNAME - Stopping timer service"

Stop-Service SPTimerV4

$ConfigDbId = [Guid](Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\ConfigDB' -Name Id).Id #Path to the '15 hive' ConfigDB in the registry

$CacheFolder = Join-Path -Path ([Environment]::GetFolderPath("CommonApplicationData")) -ChildPath "Microsoft\SharePoint\Config\$ConfigDbId"

Write-Host "$env:COMPUTERNAME - Clearing cache folder $CacheFolder"

Get-ChildItem "$CacheFolder\*" -Filter *.xml | Remove-Item

Write-Host "$env:COMPUTERNAME - Resetting cache ini file"

$CacheIni = Get-Item "$CacheFolder\Cache.ini"

Set-Content -Path $CacheIni -Value "1"

}

finally{

Write-Host "$env:COMPUTERNAME - Starting timer service"

Start-Service SPTimerV4

}

Rename Site URL in SharePoint

cls

$site = Get-SPSite http://site.qa/site/disposal

#bloomington-in

#Write-Host $site.RecycleBin.Count.ToString();

#$site.RecycleBin.DeleteAll()

$uri = New-Object System.Uri("http://site.qa/site/loomington")

$site.Rename($uri)

Display developer dashboard

$svc = [Microsoft.SharePoint.Administration.SPWebService]::ContentService

$dds = $svc.DeveloperDashboardSettings

$dds.DisplayLevel = "on"

$dds.Update()

Feature Activation and deactivation.

cls

$sites=

"test1",

"test2"

$i=0;

foreach($site in $sites){

$i++;

$sitename = "http://site.qa/site/"+$site

Write-Host $sitename

Disable-SPFeature -Identity "CommonModules Feature" -Confirm:$false -Url $sitename

Disable-SPFeature -Identity "Webparts Feature" -Confirm:$false -Url $sitename

Enable-SPFeature -identity "CommonModules Feature" -confirm:$false -url $sitename

Enable-SPFeature -Identity "Webparts Feature" -Confirm:$false -Url $sitename

}

Write-Host $i

Creation Content DB for all site collections

. Content DB create

cls

$sites=

"county",

"or",

"llevue",

"in",

"ca",

"contra",

foreach($site in $sites){

$dbName = "WSS_Content_"+$site

Write-Host $dbName

New-SPContentDatabase $dbName -DatabaseServer "testSQL01.COM" -WebApplication http://test201304:3434

}

Getting Page WebAnalytics using Search REST Api

.tab-analytics {

BORDER-TOP: #000 1px solid; BORDER-RIGHT: #000 1px solid; BORDER-BOTTOM: #000 1px solid; BORDER-LEFT: #000 1px solid

}

.tab-analytics TD {

BORDER-TOP: black 1px solid; HEIGHT: 50px; BORDER-RIGHT: black 1px solid; BORDER-BOTTOM: black 1px solid; PADDING-BOTTOM: 2px; PADDING-TOP: 2px; PADDING-LEFT: 2px; BORDER-LEFT: black 1px solid; PADDING-RIGHT: 2px

}</style>

$(document).ready(

function SearchData() {

var searchQuery = "http://abc.com/Purchasing/_api/search/query?querytext='(contentclass:STS_ListItem OR IsDocument:True) Path:http://abc.com/Purchasing/Pages/National_Supplier_List_by_Category.aspx OR Path:http://abc.com/Purchasing/Pages/National_Supplier_List.aspx'";

$.ajax(

{

url: searchQuery,

method: "GET",

headers:

{

"accept": "application/json;odata=verbose",

"Access-Control-Allow-Origin": "*"

success: getSucessResults,

error: getFailureResults

}

);

}

);

function getSucessResults(data) {

var streetSweepingResults = data.d.query.PrimaryQueryResult.RelevantResults.Table.Rows.results;

debugger;

for (var i = 0; i < streetSweepingResults.length; i++)

{

var markUp = "";

var streetmarkup = "";

siteaddress = "";

var recent = "";

recent = getItem(streetSweepingResults[i].Cells.results, "ViewsRecent");

var lifetime = ""

lifetime = getItem(streetSweepingResults[i].Cells.results, "ViewsLifeTime");

if (i == 0) {

if (recent != undefined && recent != "") {

$("#recentViews1").html(recent);

}

else { $("#recentViews1").html("Not Available"); }

if (lifetime != undefined && lifetime != "") {

$("#lifeTimeViews1").html(lifetime);

}

else {

$("#lifeTimeViews1").html("Not Available");

}

if (i == 1) {

if (recent != undefined && recent != "") {

$("#recentViews2").html(recent);

}

else { $("#recentViews2").html("Not Available"); }

if (lifetime != undefined && lifetime != "") {

$("#lifeTimeViews2").html(lifetime);

}

else { $("#lifeTimeViews2").html("Not Available"); }

}

function getFailureResults() {

console.log("no Results");

}

function getItem(cells, name) {

var obj;

for (var i = 0; i < cells.length; i++) {

if (cells[i].Key == name) {

obj = cells[i].Value;

break;

}

return obj;

}

</script>

<tbody>

<span id="tab-heading" style="font-size: 20px">Recent Views</span></td>

<span id="tab-heading" style="font-size: 20px">Life Time Views</span></td>

</tr>

<span id="pageName1">National_Supplier_List</span></td>

</tr>

<span id="pageName2">National_Supplier_List_by_Category</span></td>

</tr>

</tbody>

</table>

Taking documents from shared drive and uploading into the library

cls

Add-PSSnapin "Microsoft.SharePoint.PowerShell";

function Filescopying()

{

$files = $DirectoryInfo.GetFiles();

foreach($file in $files)

{

$List = $spSourceWeb.GetFolder($sourceListName+$foldername)

$Files=$List.Files;

if($Files.Name -contains $file.Name){

write-host "File contains"+$file.Name

}

else{

$FileFullPath = $file.FullName

$fileStream= Get-ChildItem $FileFullPath

$spFile = $Files.Add($sourceListName+"/"+$foldername+"/"+$file.Name,$fileStream.OpenRead(),$true)

write-host -f Green "...Success!"

write-host -NoNewLine -f yellow "Update file properties " $spFile.Name "..."

}

function remoteSharepoint($filename)

{

try

{

$DirectoryInfo = New-Object IO.DirectoryInfo("\\test021\merica\files\"+$filename)

$sourceWebURL = "http://merica.qa"

$sourceListName = "merciaLibrary"

$visitorsSPGroup="merica QA FTP Files";

$spSourceWeb = Get-SPWeb $sourceWebURL

$spSourceDocument = $spSourceWeb.Lists[$sourceListName]

if(![string]::IsNullOrEmpty($sourceListName) )

{

$foldername = $filename;

$targetFolder = $spSourceWeb.GetFolder($spSourceDocument.RootFolder.ServerRelativeUrl + "/$foldername")

if($targetFolder.Exists -eq $false)

{

$spFolder = $spSourceDocument.AddItem("",[Microsoft.SharePoint.SPFileSystemObjectType]::Folder,$foldername)

$spFolder.Update()

$foldercoll=$spSourceDocument.Folders;

foreach($folder in $foldercoll)

{

if($foldername -eq $folder.Name)

{

#Break permission inheritance on a folder

$spFolder.BreakRoleInheritance($FALSE);

#$group = $spSourceWeb.SiteGroups[$visitorsSPGroup]

#$roleAssignment = new-object Micrlisosoft.SharePoint.SPRoleAssignment($group)

#$roleDefinition = $spSourceWeb.RoleDefinitions["Read"];

#$roleAssignment.RoleDefinitionBindings.Add($roleDefinition);

#$spFolder.RoleAssignments.Add($roleAssignment);

#$spFolder.SystemUpdate();

Filescopying

}

#Remove-Item $DirectoryInfo

}

else

{

Write-Host $foldername Folder Already exist -ForegroundColor Red

Filescopying

}

Remove-Item -Recurse -Force $DirectoryInfo

#Remove-Item $DirectoryInfo

}

catch [Exception]

{

Write-Host $_.Exception.Message

}

cls

try{

write-host "Started Uploading Files from FileSystem to Sharepoint Document Library" -foregroundcolor Green

$Dir = get-childitem \\test021\merica\files -recurse;

foreach($file in $dir)

{

[decimal] $de = $file.Length/1024;

$fileSize = [math]::floor($de);

if( $fileSize -le 61440)

{

remoteSharepoint $file.Name

}

write-host "Completed Successfully uploading to Sharepoint Document Library" -foregroundcolor Green

}

catch [Exception]

{

Write-Host $_.Exception.Message

}

Ramesh's Web/SharePoint Blog

Labels

Thursday, September 27, 2018

Data Loss Protection Policy for SPO/ Online/Office 365, Azure

Clear sharepoint cache

Rename Site URL in SharePoint

Display developer dashboard

Feature Activation and deactivation.

Creation Content DB for all site collections

Getting Page WebAnalytics using Search REST Api

Taking documents from shared drive and uploading into the library

Search This Blog

Blogger templates

Popular Posts

Followers

About Me

Total Pageviews

Blog Archive