MicrosoftDocs · Ruchika-mittal01 · May 19, 2025 · May 16, 2025 · May 17, 2025 · May 19, 2025
diff --git a/exchange/exchange-ps/exchange/New-DlpCompliancePolicy.md b/exchange/exchange-ps/exchange/New-DlpCompliancePolicy.md
@@ -29,6 +29,7 @@ New-DlpCompliancePolicy [-Name] <String>
  [-EndpointDlpExtendedLocations <String>]
  [-EndpointDlpLocation <MultiValuedProperty>]
  [-EndpointDlpLocationException <MultiValuedProperty>]
+ [-EnforcementPlanes <MultiValuedProperty>]
  [-ExceptIfOneDriveSharedBy <RecipientIdParameter[]>]
  [-ExceptIfOneDriveSharedByMemberOf <RecipientIdParameter[]>]
  [-ExchangeAdaptiveScopes <MultiValuedProperty>]
@@ -294,6 +295,22 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -EnforcementPlanes
+{{ Fill EnforcementPlanes Description }}
+
+```yaml
+Type: MultiValuedProperty
+Parameter Sets: (All)
+Aliases:
+Applicable: Security & Compliance
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ExceptIfOneDriveSharedBy
 The ExceptIfOneDriveSharedBy parameter specifies the users to exclude from the DLP policy (the sites of the OneDrive for Business user accounts are included in the policy). You identify the users by UPN (laura@contoso.onmicrosoft.com).
 

diff --git a/exchange/exchange-ps/exchange/New-DlpComplianceRule.md b/exchange/exchange-ps/exchange/New-DlpComplianceRule.md
@@ -305,6 +305,22 @@ New-DLPComplianceRule -Name "Contoso Rule 1" -Policy "Contoso Policy 1" -Advance
 
 This example uses the AdvancedRule parameter to read the following complex condition from a file: "Content contains sensitive information: "Credit card number OR Highly confidential" AND (NOT (Sender is a member of "Jane's Team" OR Recipient is "adele@contoso.com")).
 
+### Example 4
+```powershell
+
+$myEntraAppId = ""
+
+$myEntraAppName = ""
+
+$locations = "[{`"Workload`":`"Applications`",`"Location`":`"$myEntraAppId`",`"LocationDisplayName`":`"$myEntraAppName`",`"LocationSource`":`"Entra`",`"LocationType`":`"Individual`",`"Inclusions`":[{`"Type`":`"Tenant`",`"Identity`":`"All`"}]}]"
+
+New-DlpCompliancePolicy -Name "Test Entra DLP" -Mode Enable -Locations $locations -EnforcementPlanes @("Entra")
+
+New-DlpComplianceRule -Name "Test Entra Rule" -Policy "Test Entra DLP" -ContentContainsSensitiveInformation @{Name = "credit card number"}  -GenerateAlert $true -GenerateIncidentReport @("siteadmin") -NotifyUser @("admin@contonso.onmicrosoft.com") -RestrictAccess @(@{setting="UploadText";value="Block"})
+```
+
+This is an example of applying a CCSI-based DLP rule that should be handled by an entra-registered enterprise application in the organization.
+
 ## PARAMETERS
 
 ### -Name
@@ -3344,11 +3360,11 @@ Accept wildcard characters: False
 ```
 
 ### -SharedByIRMUserRisk
-The SharedByIRMUserRisk paramter specifies the risk category of the user performing the violating action. Valid values are:
+The SharedByIRMUserRisk parameter specifies the risk category of the user performing the violating action. Valid values are:
 
-- Elevated Risk Level
-- Moderate Risk Level
-- Minor Risk Level
+- FCB9FA93-6269-4ACF-A756-832E79B36A2A (Elevated Risk Level)
+- 797C4446-5C73-484F-8E58-0CCA08D6DF6C (Moderate Risk Level)
+- 75A4318B-94A2-4323-BA42-2CA6DB29AAFE (Minor Risk Level)
 
 You can specify multiple values separated by commas.
 

diff --git a/exchange/exchange-ps/exchange/Set-DlpCompliancePolicy.md b/exchange/exchange-ps/exchange/Set-DlpCompliancePolicy.md
@@ -43,6 +43,7 @@ Set-DlpCompliancePolicy [-Identity] <PolicyIdParameter>
  [-EndpointDlpAdaptiveScopes <MultiValuedProperty>]
  [-EndpointDlpAdaptiveScopesException <MultiValuedProperty>]
  [-EndpointDlpExtendedLocations <String>]
+ [-EnforcementPlanes <MultiValuedProperty>]
  [-ExceptIfOneDriveSharedBy <RecipientIdParameter[]>]
  [-ExceptIfOneDriveSharedByMemberOf <RecipientIdParameter[]>]
  [-ExchangeAdaptiveScopes <MultiValuedProperty>]
@@ -570,6 +571,22 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -EnforcementPlanes
+{{ Fill EnforcementPlanes Description }}
+
+```yaml
+Type: MultiValuedProperty
+Parameter Sets: (All)
+Aliases:
+Applicable: Security & Compliance
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ExceptIfOneDriveSharedBy
 The ExceptIfOneDriveSharedBy parameter specifies the users to exclude from the DLP policy (the sites of the OneDrive for Business user accounts are included in the policy). You identify the users by UPN (laura@contoso.onmicrosoft.com).
 

diff --git a/exchange/exchange-ps/exchange/Set-DlpComplianceRule.md b/exchange/exchange-ps/exchange/Set-DlpComplianceRule.md
@@ -187,7 +187,7 @@ This example modifies the access scope and blocking behavior of a DLP compliance
 
 ### Example 2
 ```powershell
-Contents of the file named C:\Data\Sensitive Type.txt:
+# Contents of the file named C:\Data\Sensitive Type.txt:
 
 {
 "Version": "1.0",
@@ -3237,7 +3237,13 @@ Accept wildcard characters: False
 ```
 
 ### -SharedByIRMUserRisk
-{{ Fill SharedByIRMUserRisk Description }}
+The SharedByIRMUserRisk parameter specifies the risk category of the user performing the violating action. Valid values are:
+
+- FCB9FA93-6269-4ACF-A756-832E79B36A2A (Elevated Risk Level)
+- 797C4446-5C73-484F-8E58-0CCA08D6DF6C (Moderate Risk Level)
+- 75A4318B-94A2-4323-BA42-2CA6DB29AAFE (Minor Risk Level)
+
+You can specify multiple values separated by commas.
 
 ```yaml
 Type: MultiValuedProperty