Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCSensitivityLabel: Using different markings for Word, Excel, ... is not exported/imported as expected #2067

Closed
pgeislerkpmg opened this issue Jul 6, 2022 · 0 comments · Fixed by #2135 or #2143
Closed

SCSensitivityLabel: Using different markings for Word, Excel, ... is not exported/imported as expected #2067

pgeislerkpmg opened this issue Jul 6, 2022 · 0 comments · Fixed by #2135 or #2143
Labels
Enhancement New feature or request Security & Compliance Center

Comments

@pgeislerkpmg
Copy link

Hi all,

Details of the scenario you tried and the problem that is occurring

currently, I am using the If.App variable statement to configure the visual marking depending on the client application as it is documented here: https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide#setting-different-visual-markings-for-word-excel-powerpoint-and-outlook
After exporting the configuration from the tenant I got the following:

SCSensitivityLabel 08048998-fe40-4f8f-8206-0a29a8ef6b1a
{
    AdvancedSettings                            = @(
        MSFT_SCLabelSetting
        {
            Key   = 'contenttype'
            Value = 'File  Email'
        }
        MSFT_SCLabelSetting
        {
            Key   = 'tooltip'
            Value = 'Strong restrictions (i.e. personal data  board presentation). Everyone other than the owner has co-author rights (View  Open  Read  Save  Edit Content  Edit  Copy  View Rights  Allow Macros  Save As  Export  Print  Reply  Reply All  Forward).'
        }
        MSFT_SCLabelSetting
        {
            Key   = 'isparent'
            Value = 'False'
        }
        MSFT_SCLabelSetting
        {
            Key   = 'color'
            Value = '#ffa500'
        }
    );
    ApplyContentMarkingFooterAlignment          = "Center";
    ApplyContentMarkingFooterEnabled            = $True;
    ApplyContentMarkingFooterFontColor          = "#00253E";
    ApplyContentMarkingFooterFontName           = "Calibri";
    ApplyContentMarkingFooterFontSize           = 10;
    ApplyContentMarkingFooterMargin             = 5;
    ApplyContentMarkingFooterText               = "${If.App.PX}CONFIDENTIAL${If.End}";
    ApplyContentMarkingHeaderAlignment          = "Right";
    ApplyContentMarkingHeaderEnabled            = $True;
    ApplyContentMarkingHeaderFontColor          = "#00253E";
    ApplyContentMarkingHeaderFontName           = "Calibri";
    ApplyContentMarkingHeaderFontSize           = 10;
    ApplyContentMarkingHeaderMargin             = 5;
    ApplyContentMarkingHeaderText               = "${If.App.WO}CONFIDENTIAL${If.End}";
    ApplyWaterMarkingEnabled                    = $False;
    ApplyWaterMarkingFontColor                  = "#004666";
    ApplyWaterMarkingFontName                   = "Calibri";
    ApplyWaterMarkingFontSize                   = 30;
    ApplyWaterMarkingLayout                     = "Horizontal";
    ApplyWaterMarkingText                       = "This document is classified as ";
    Comment                                     = "Restricts the users with Co-Author rights";
    Credential                                  = $Credscredential;
    Disabled                                    = $False;
    DisplayName                                 = "Full Access";
    EncryptionContentExpiredOnDateInDaysOrNever = "Never";
    EncryptionEnabled                           = $True;
    EncryptionOfflineAccessDays                 = -1;
    EncryptionProtectionType                    = "Template";
    EncryptionRightsDefinitions                 = "$($OrganizationName):VIEW,VIEWRIGHTSDATA,DOCEDIT,EDIT,PRINT,EXTRACT,REPLY,REPLYALL,FORWARD,OBJMODEL;";
    Ensure                                      = "Present";
    LocaleSettings                              = @(
        MSFT_SCLabelLocaleSettings
        {
            LocaleKey = 'displayName'
            Settings  = @(
                MSFT_SCLabelSetting
                {
                    Key   = 'default'
                    Value = 'Full Access'
                }
                MSFT_SCLabelSetting
                {
                    Key   = 'en-us'
                    Value = 'Full Access'
                }
            )
        }
        MSFT_SCLabelLocaleSettings
        {
            LocaleKey = 'tooltip'
            Settings  = @(
                MSFT_SCLabelSetting
                {
                    Key   = 'default'
                    Value = 'Everyone other than the owner has co-author rights (View, Open, Read, Save, Edit Content, Edit, Copy, View Rights, Allow Macros, Save As, Export, Print, Reply, Reply All, Forward).'
                }
                MSFT_SCLabelSetting
                {
                    Key   = 'en-us'
                    Value = 'Everyone other than the owner has co-author rights (View, Open, Read, Save, Edit Content, Edit, Copy, View Rights, Allow Macros, Save As, Export, Print, Reply, Reply All, Forward).'
                }
            )
        }
    );
    Name                                        = "Confidential - Co-Author";
    ParentId                                    = "Confidential";
    Priority                                    = 3;
    Tooltip                                     = "Everyone other than the owner has co-author rights (View, Open, Read, Save, Edit Content, Edit, Copy, View Rights, Allow Macros, Save As, Export, Print, Reply, Reply All, Forward).";
}

But this leads to the issue. When trying to apply this configuration PowerShell tries to resolve "${If.App.WO}" which is empty.
So after running DSC to apply this configuration I would have "CONFIDENTIAL" in the header and the footer independent of the app.

Verbose logs showing the problem

N/A

Suggested solution to the issue

If possible it would be nice if such variable statements were found during the export if single-quotes could be used as those will lead to the correct/expected result.

    ApplyContentMarkingFooterText               = '${If.App.PX}CONFIDENTIAL${If.End}';

The DSC configuration that is used to reproduce the issue (as detailed as possible)

shown above

The operating system the target node is running

Currently, we are using the MS-managed virtual machines within Azure DevOps with the windows-latest image label. According to the documentation this are Windows Server 2022 with Visual Studio 2022.
OsArchitecture : 64-bit

Version of the DSC module that was used ('dev' if using current dev branch)

1.22.622.1

Hope that everything that is necessary is included and clear.
Thanks for all your effort! :-)

Best Regards, Patrick
NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Jul 22, 2022
@NikCharlebois
Fixes microsoft#2067
4768d40
NikCharlebois added a commit to NikCharlebois/Microsoft365DSC that referenced this issue Jul 22, 2022
@NikCharlebois
Merge remote-tracking branch 'upstream/dev' into Fix-microsoft#2067
a0b187f
@NikCharlebois NikCharlebois mentioned this issue Jul 22, 2022
Merged
NikCharlebois added a commit that referenced this issue Jul 22, 2022
@NikCharlebois
Merge pull request #2135 from NikCharlebois/Fix-#2067
fe72d77 
Fix #2067
@NikCharlebois NikCharlebois mentioned this issue Jul 27, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement New feature or request Security & Compliance Center
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #2067 NikCharlebois/Microsoft365DSC
Release 1.22.727.1 NikCharlebois/Microsoft365DSC
2 participants
@andikrueger @pgeislerkpmg