SCDLPComplianceRule : Complexe rules are not saved/managed

[pkernevez]

Description of the issue

When defined a compliance rule.
When running the command 'Get-DlpComplianceRule' it returns:

ContentContainsSensitiveInformation          :     <== Empty
AdvancedRule                                 : {
                                                 "Version": "1.0",
                                                 "Condition": {
                                                   "Operator": "And",
                                                   "SubConditions": [
                                                     {
                                                       "ConditionName": "ContainsSensitiveInformation",
                                                       "Value": [
                                                         {
                                                           "Groups": [
                                                             {
                                                               "Name": "RuleOn-Email - medium",
                                                               "Operator": "Or",
                                                               "Sensitivetypes": [
                                                                 {
                                                                   "Name": "RuleOn-Email",
                                                                   "Id": "123345-b316-678-6789-1233387878",
                                                                   "Mincount": 1,
                                                                   "Maxcount": 3,
                                                                   "Confidencelevel": "Medium",
                                                                   "Minconfidence": 75,
                                                                   "Maxconfidence": 100
                                                                 }
                                                               ]
                                                             }
                                                           ],
                                                           "Operator": "And"
                                                         }
                                                       ]
                                                     }
                                                   ]
                                                 }
                                               }

The Dsc365 module is only dealing with the field 'ContentContainsSensitiveInformation'.

In our case the export is empty (no rule) et updating erase the configuration.

The sensitivity type is a custom one.

I don't find what is exactly decide to not create the hashmap ContentContainsSensitiveInformation but our case it's a big issue.

May should we replace ContentContainsSensitiveInformation fields with AdvancedRule that is supported in the xxx-DlpComplianceRule commands.
But it could be a breaking change.

Microsoft 365 DSC Version

1.23.1018.1 & 1.23.1025.1

Which workloads are affected

Security & Compliance Center

The DSC configuration

No response

Verbose logs showing the problem

No response

Environment Information + PowerShell Version

No response

[pkernevez]

Hello,
An idea of how addressing the issue ?
I may work on it, but I would like to know the direction you want to follow.

[andikrueger]

In this instance, I would add a null check for both properties. Is there any chance to add these in a meaningful way into the current parameter set?