Office 365 QA/Dev Tenant – Part 4

Last week, in part three in the Office 365 QA\DEV Tenant series we covered a few example areas that we could extract information from in order to create a copy of the setup in a QA\DEV tenant. This week we’ll cover how to take that information and import it into an Office 365 tenant.

The previous article covered two types of settings that are stored in the Security and Compliance Center. These two items were labels and sensitive information types. For this article we will cover the process for importing these settings and verifying that we have this set correctly. First, we will explore what is set by default, if there is anything done by default. Then we will import the changes. Finally we will review the changes made.

Export Labels and Settings – Improving Last Week’s Code

When I was working on importing my exported information last week, I ran into some issues with the settings parameter. As of the writing of this article, the ‘-Settings’ parameter does not technically exist. Apparently there was a coding issue in the PowerShell Module for the SCC and this parameter currently is ‘-Setting’. Also, exporting and importing it properly takes some doing. As such, I wrote a more formal version of last week and have included it here before the import:

###################################################################################
# Variables (Labels)
$Path = (Get-Item -Path ".\" -Verbose).FullName
$LabelFile = 'Labels.csv'
$LabelsDestination = $Path+"\"+$LabelFile
$LabelPolicyFile = 'LabelPolicies.csv'
$LabelsPolicyDestination = $Path+"\"+$LabelPolicyFile
###################################################################################

###################################################################################
# Export Labels
Get-Label | Export-Csv $LabelsDestination -NoTypeInformation
$Labels = Get-Label

Foreach ($Label in $Labels) {
    $Name = $Label.Name
    $File = "L-"+$Name+".txt"
    $LabelDestination = $Path+"\"+$File 
    $Label.settings > $LabelDestination
}

###################################################################################

###################################################################################
# Export Label Policies
Get-LabelPolicy | Export-Csv $LabelsPolicyDestination -NoTypeInformation
$LabelPolicies = Get-LabelPolicy

Foreach ($LabelPolicy in $LabelPolicies) {
    $Name = $LabelPolicy.Name
    $File = "P-"+$Name+".txt"
    $PolicyDestination = $Path+"\"+$File 
    $LabelPolicy.settings > $PolicyDestination
}
###################################################################################

IMPORTING LABELS

For our first setting to import, we will start with Labels and Label Policies. If you recall from the last article we exported labels and polices to CSV files. For this step we will need to reverse this process. This means reading in the CSV file from the production environment. Once imported into a the CSV variable we can reverse the process and import them into the QA\DEV Office 365 tenant.

###################################################################################
# Variables (Labels)
$Path = (Get-Item -Path ".\" -Verbose).FullName
$LabelFile = 'Labels.csv'
$LabelsSource = $Path+"\"+$LabelFile
$LabelsCSV = Import-CSV $LabelsSource
###################################################################################

###################################################################################
Foreach ($Label in $LabelsCSV) {

    # Variables
    $Name = $Label.Name
    $LabelActions = $Label.LabelActions
    $DisplayName = $Label.DisplayName
    $Tooltip = $Label.Tooltip
    $Comment = $Label.Comment
    
    # Settings
    $File = "L-"+$Name+".txt"
    $LabelSettingsSource = $Path+"\"+$File 
    $Settings =  ConvertFrom-StringData ([io.file]::ReadAllText("$LabelSettingsSource"))
    
    # Create the New Label
    New-Label -Setting $Settings -LabelActions $LabelActions -DisplayName $DisplayName -Tooltip $Tooltip -Comment $Comment -Name $Name
}
###################################################################################

IMPORTING LABEL POLICIES

In addition to Labels, we can import their respective Label Policies. Using code, very similar to the Label import code above:

###################################################################################
# Variables (Labels Policies)
$Path = (Get-Item -Path ".\" -Verbose).FullName
$LabelPolicyFile = 'LabelPolicies.csv'
$LabelsPolicySource = $Path+"\"+$LabelPolicyFile
$LabelsPolicyCSV = Import-CSV $LabelsPolicySource
###################################################################################

###################################################################################
Foreach ($LabelPolicy in $LabelsPolicyCSV) {

    # Variables
    $NameOld = $LabelPolicy.Name
    $Name = $NameOld+"-Imported"
    $Labels = $LabelPolicy.Labels
    $Comment = $LabelPolicy.Comment
    
    # Settings
    $File = "P-"+$Name+".txt"
    $LabelPolicySettingsSource = $Path+"\"+$File 
    $Settings =  ConvertFrom-StringData ([io.file]::ReadAllText("$LabelPolicySettingsSource"))
    
    # Create the New Label Policy
    New-LabelPolicy -Name $Name -Labels $Labels -Setting $Settings -Comment $Comment
}
###################################################################################

SENSITIVE INFORMATION TYPES

Now that we’ve completed the process of importing Labels and Label Policies, let’s work on importing Sensitive Information types.

Each sensitive information type should have its own XML File. We can use a one-liner for each file. Let’s take an example where we have 10 different rules all exported as XML files. These XML files are stored in this directory C:\SCC\XML. We can take a directory listing of the files there and then import each one in a loop like so:

$FileTypes = (Get-ChildItem C:\scc\xml\* -Include *.ps1).Name

Foreach ($FileType in $FileTypes) {
    $Name = $FileType.Name
    New-DlpSensitiveInformationTypeRulePackage -FileData (Get-Content -Path "C:\scc\xml\$Name" -Encoding Byte)
}

Conclusion
As you can see once we have the information exported in a structured manner, importing this into your QA\DEV tenant is an easy process. I did not document all of the settings that can be imported, but this is a good primer for those who manage their tenants.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s