DSCResources/cSCDLPComplianceRule/cSCDLPComplianceRule.schema.psm1

configuration cSCDLPComplianceRule {
    param (
        [Parameter()]
        [hashtable[]]
        $Items
)

<#
SCDLPComplianceRule [String] #ResourceName
{
    Name = [string]
    Policy = [string]
    [AccessScope = [string]{ InOrganization | None | NotInOrganization }]
    [AccessTokens = [string[]]]
    [AnyOfRecipientAddressContainsWords = [string[]]]
    [AnyOfRecipientAddressMatchesPatterns = [string[]]]
    [ApplicationId = [string]]
    [BlockAccess = [bool]]
    [BlockAccessScope = [string]{ All | None | PerUser }]
    [CertificatePassword = [PSCredential]]
    [CertificatePath = [string]]
    [CertificateThumbprint = [string]]
    [Comment = [string]]
    [ContentCharacterSetContainsWords = [string[]]]
    [ContentContainsSensitiveInformation = [MSFT_SCDLPContainsSensitiveInformation]]
    [ContentExtensionMatchesWords = [string[]]]
    [ContentIsNotLabeled = [bool]]
    [ContentPropertyContainsWords = [string[]]]
    [Credential = [PSCredential]]
    [DependsOn = [string[]]]
    [Disabled = [bool]]
    [DocumentContainsWords = [string[]]]
    [DocumentIsPasswordProtected = [bool]]
    [DocumentIsUnsupported = [bool]]
    [DocumentNameMatchesPatterns = [string[]]]
    [DocumentNameMatchesWords = [string[]]]
    [Ensure = [string]{ Absent | Present }]
    [ExceptIfAnyOfRecipientAddressContainsWords = [string[]]]
    [ExceptIfAnyOfRecipientAddressMatchesPatterns = [string[]]]
    [ExceptIfContentCharacterSetContainsWords = [string[]]]
    [ExceptIfContentContainsSensitiveInformation = [MSFT_SCDLPContainsSensitiveInformation]]
    [ExceptIfContentExtensionMatchesWords = [string[]]]
    [ExceptIfContentPropertyContainsWords = [string[]]]
    [ExceptIfDocumentIsPasswordProtected = [bool]]
    [ExceptIfDocumentIsUnsupported = [bool]]
    [ExceptIfDocumentNameMatchesPatterns = [string[]]]
    [ExceptIfDocumentNameMatchesWords = [string[]]]
    [ExceptIfFromAddressContainsWords = [string[]]]
    [ExceptIfFromAddressMatchesPatterns = [string[]]]
    [ExceptIfFromScope = [string[]]]
    [ExceptIfHasSenderOverride = [bool]]
    [ExceptIfMessageTypeMatches = [string[]]]
    [ExceptIfProcessingLimitExceeded = [bool]]
    [ExceptIfRecipientDomainIs = [string[]]]
    [ExceptIfSenderDomainIs = [string[]]]
    [ExceptIfSenderIPRanges = [string[]]]
    [ExceptIfSentTo = [string[]]]
    [ExceptIfSubjectContainsWords = [string[]]]
    [ExceptIfSubjectMatchesPatterns = [string[]]]
    [ExceptIfSubjectOrBodyContainsWords = [string[]]]
    [ExceptIfSubjectOrBodyMatchesPatterns = [string[]]]
    [FromAddressContainsWords = [string[]]]
    [FromAddressMatchesPatterns = [string[]]]
    [FromScope = [string[]]]
    [GenerateAlert = [string[]]]
    [GenerateIncidentReport = [string[]]]
    [HasSenderOverride = [bool]]
    [IncidentReportContent = [string[]]{ All | Default | DetectionDetails | Detections | DocumentAuthor | DocumentLastModifier | MatchedItem | OriginalContent | RetentionLabel | RulesMatched | SensitivityLabel | Service | Severity | Title }]
    [MessageTypeMatches = [string[]]]
    [NotifyAllowOverride = [string[]]{ FalsePositive | WithJustification | WithoutJustification }]
    [NotifyEmailCustomText = [string]]
    [NotifyPolicyTipCustomText = [string]]
    [NotifyUser = [string[]]]
    [ProcessingLimitExceeded = [bool]]
    [PsDscRunAsCredential = [PSCredential]]
    [RecipientDomainIs = [string[]]]
    [RemoveRMSTemplate = [bool]]
    [ReportSeverityLevel = [string]{ High | Low | Medium | None }]
    [RuleErrorAction = [string]{ Ignore | RetryThenBlock }]
    [SentToMemberOf = [string[]]]
    [SetHeader = [string[]]]
    [StopPolicyProcessing = [bool]]
    [SubjectContainsWords = [string[]]]
    [SubjectMatchesPatterns = [string[]]]
    [SubjectOrBodyContainsWords = [string[]]]
    [SubjectOrBodyMatchesPatterns = [string[]]]
    [TenantId = [string]]
}
 
#>



    Import-DscResource -ModuleName PSDesiredStateConfiguration
    Import-DscResource -ModuleName Microsoft365DSC

    $dscResourceName = 'SCDLPComplianceRule'

    $param = $PSBoundParameters
    $param.Remove("InstanceName")

    $dscParameterKeys = 'Name' -split ', '

        foreach ($item in $Items)
        {
            if (-not $item.ContainsKey('Ensure'))
            {
                $item.Ensure = 'Present'
            }
            $keyValues = foreach ($key in $dscParameterKeys)
        {
            $item.$key
        }
        $executionName = $keyValues -join '_'
        $executionName = $executionName -replace "[\s()\\:*-+/{}```"']", '_'
        (Get-DscSplattedResource -ResourceName $dscResourceName -ExecutionName $executionName -Properties $item -NoInvoke).Invoke($item)
    }
}