From 6e521ccc0775e35b3e6602ef9be259e65cdb52af Mon Sep 17 00:00:00 2001
From: Arpitha <55504922+arpitha-dhanapathi@users.noreply.github.com>
Date: Fri, 16 May 2025 18:36:19 -0700
Subject: [PATCH] Update New-DlpComplianceRule.md

Removed IRM policies for now (it will come in June)
updated CCSI rule along with description.
---
 .../exchange/New-DlpComplianceRule.md         | 23 ++++++-------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/exchange/exchange-ps/exchange/New-DlpComplianceRule.md b/exchange/exchange-ps/exchange/New-DlpComplianceRule.md
index c186e7490f..f2dda8e7e9 100644
--- a/exchange/exchange-ps/exchange/New-DlpComplianceRule.md
+++ b/exchange/exchange-ps/exchange/New-DlpComplianceRule.md
@@ -305,31 +305,22 @@ New-DLPComplianceRule -Name "Contoso Rule 1" -Policy "Contoso Policy 1" -Advance
 
 This example uses the AdvancedRule parameter to read the following complex condition from a file: "Content contains sensitive information: "Credit card number OR Highly confidential" AND (NOT (Sender is a member of "Jane's Team" OR Recipient is "adele@contoso.com")).
 
+
 ### Example 4
 ```powershell
-$locations = '[{"Workload":"Applications","Location":"83ef198a-0396-4893-9d4f-d36efbffc8bd","LocationDisplayName":"Purview API Explorer","LocationSource":"Entra","LocationType":"Individual","Inclusions":[{"Type":"Tenant","Identity":"All"}]}]'
-
-New-DlpCompliancePolicy -Name "Test Risky user Entra DLP Policy" -Mode Enable -Locations $locations
-
-New-DlpComplianceRule -Name "Test Risky User Entra DLP Rule" -Policy "Test Risky user Entra DLP Policy" -SharedByIRMUserRisk @("FCB9FA93-6269-4ACF-A756-832E79B36A2A") -RestrictAccess @(@{setting="UploadText";value="Block"}) -GenerateAlert $true -GenerateIncidentReport @("siteadmin") -NotifyUser @("kyra@contoso.onmicrosoft.com")
-```
-
-This is an example of a risky user indicator rule.
 
-### Example 5
-```powershell
-$myEntraAppId = "72e39dca-38f3-4814-b93b-a7ed0a5a4b74"
+$myEntraAppId = ""
 
-$myEntraAppName = "Contoso Demo"
+$myEntraAppName = ""
 
-$locations = '[{"Workload":"Applications","Location":$myEntraAppId,"LocationDisplayName":$myEntraAppName,"LocationSource":"Entra","LocationType":"Individual","Inclusions":[{"Type":"Tenant","Identity":"All"}]}]'
+$locations = "[{`"Workload`":`"Applications`",`"Location`":`"$myEntraAppId`",`"LocationDisplayName`":`"$myEntraAppName`",`"LocationSource`":`"Entra`",`"LocationType`":`"Individual`",`"Inclusions`":[{`"Type`":`"Tenant`",`"Identity`":`"All`"}]}]"
 
-New-DlpCompliancePolicy -Name "Entra DLP Policy for CC" -Mode Enable -Locations $locations
+new-dlpcompliancepolicy -Name "Test Entra DLP" -Mode Enable -Locations $locations -EnforecementPlanes @("Entra")
 
-New-DlpComplianceRule -Name "Entra DLP Rule for CC" -Policy "Entra DLP Rule for CC" -ContentContainsSensitiveInformation @{Name = "credit card number"} -GenerateAlert $true -GenerateIncidentReport @("siteadmin") -NotifyUser @("arpitha@contonso.onmicrosoft.com" )-RestrictAccess @(@{setting="UploadText";value="Block"})
+new-dlpcompliancerule -Name "Test Entra Rule" -Policy "Test Entra DLP" -ContentContainsSensitiveInformation @{Name = "credit card number"}  -GenerateAlert $true -GenerateIncidentReport @("siteadmin") -NotifyUser @("admin@contonso.onmicrosoft.com") -RestrictAccess @(@{setting="UploadText";value="Block"})
 ```
 
-This is an example of a CCSI rule.
+This is an example of applying a CCSI based DLP rule that should be handled by an entra-registered enterprise application in the tenant 
 
 ## PARAMETERS