using namespace System.Net
# Input bindings are passed in via param block.
param($Request, $TriggerMetadata)
# Write to the Azure Functions log stream.
Write-Host "PowerShell HTTP trigger function processed a request."
# Interact with the body of the request.
$inputSite = $Request.Body.sharepointSite
$accessType = $Request.Body.accessType
#sample set
#$inputSite = "https://luckyenv.sharepoint.com/sites/SampleSite"
#$accessType = "Site Level"
#admin center access is used to check if provided site exists in the tenant
$AdminCenterURL = "https://luckyenv-admin.sharepoint.com/"
Write-Host "provided site is $inputSite"
try {
#make sure this account has MFA disabled to work in azure functions automated way.
$user = $env:admin-username
$pw = $env:admin-password | ConvertTo-SecureString -AsPlainText
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $user, $pw
Write-Host "creds created."
#connect to sharepoint tenant to validate site url
Connect-PnPOnline -URL $AdminCenterURL -Credential $cred
#Check if site exists
$Site = Get-PnPTenantSite | Where { $_.Url -eq $inputSite }
If ($Site -ne $null) {
#disconnect from tenant
Disconnect-PnPOnline
try {
# we need to import the
Import-Module "D:\Home\site\wwwroot\updatedlppolicy\modules\ExchangeOnlineManagement\2.0.5\ExchangeOnlineManagement.psd1"
#Import-Module ExchangeOnlineManagement
#Connect to the session
Connect-IPPSSession -Credential $cred
Write-Host "dlp policy session connected."
#Exclude the site from default policy
Set-DlpCompliancePolicy "Sharing Outside of Org" -AddSharePointLocationException $inputSite -ErrorAction Stop
Write-Host "Site excluded from default policy"
#We have 2 policies based on Access type pased to API
if ( $accessType -eq "Site Level") {
$dlpPolicy = "External Collaboration Entire Site"
}
else {
$dlpPolicy = "External COllaboration Subset"
}
#Include the site to a specific policy
Set-DlpCompliancePolicy $dlpPolicy -AddSharePointLocation $inputSite -ErrorAction Stop
Write-Host "dlp policies updated."
#Disconnect ipps session. we need to disconnect, limited sessions allowed at a time
Disconnect-ExchangeOnline -Confirm:$false -InformationAction Ignore -ErrorAction SilentlyContinue
#Prepare response
$status = "Success"
$body = "successfully updated the DLP policy."
}
catch {
Write-host "Error caught and handled in catch."
Write-Error $_
Write-Error $_.ScriptStackTrace
#Prepare response
$status = "Failed"
$body = "An error occurred that could not be resolved. $_.Exception.Message"
#Disconnect ipps session.
Disconnect-ExchangeOnline -Confirm:$false -InformationAction Ignore -ErrorAction SilentlyContinue
}
}
Else {
#Prepare response
$status = "Failed"
$body = "Provided Sharepoint site doesn't exist in the tenant."
Disconnect-PnPOnline
}
}
catch {
Write-host "Error caught on high level and handled in catch."
Write-Error $_
Write-Error $_.ScriptStackTrace
#Prepare response
$status = "Failed"
$body = "An error occurred in connecting to system and could not be resolved. $_.Exception.Message"
#Disconnect from tenant, if connected
Disconnect-PnPOnline
}
# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = @{Status = $status; Message = $body } | ConvertTo-Json -Compress
})