Well hello! I’m back, yes I had been very busy last 2 months unable to write any new blog.
So when I was testing and playing with DLP and AIP in my test environment and I had 2 testing integration policy running and I found there was something wrong with my DLP policy and I went to trigger the delete via GUI at Security and Compliance and it basically will change its status to “Deletion pending” state. I know sometime these deletion takes up to 48 hours. However, it was more than 48 hours and the DLP policy is still showing the status “Deletion pending”.
So its time to use PowerShell to solve this deletion pending problem;
If you try to run the “Remove-DLPCompliancePolicy” this PowerShell without using the “–ForceDeletion” to delete this policy it won’t work and you will return with an error;
#Sample PowerShell Remove-DlpCompliancePolicy -Identity 58bed0c6-fbf9-41c4-b798-fdec65beae1c
We cannot remove policy ‘TopSecret_policy’ since it is already in pending deletion state.
+ CategoryInfo : InvalidOperation: (:) [Remove-DlpCompliancePolicy], ErrorCannotRemo…PolicyException
+ FullyQualifiedErrorId : [Server=xxxxxxxxxxxxxxx,RequestId=xxxxxxxx-xxxxx-xxxx-xxxxx-xxxxxxxxxxx5,TimeStamp=4/1/2019
8:26:50 AM] [FailureCategory=Cmdlet-ErrorCannotRemovePendingDeletionPolicyException] xxxxxx,Microsoft.Office.Com
+ PSComputerName : apc01b.ps.compliance.protection.outlook.com
What to do?
- First of all you need to using PowerShell and connect to Security and compliance
- Next run the command below to get your DLP information
Get-DLPCompliancePolicy | select Name, Guid
3. Than run this command
Remove-DLPCompliancePolicy -Identity “Policyname” -ForceDeletion
Remove-DLPCompliancePolicy -Identity “Policy GUID” -ForceDeletion
4. Select “A” , A is Yes to All
Below is a sample;
3 thoughts on “Office 365 Security and Compliance: Data Leak Protection (DLP) & Azure Information Protection (AIP) Integration Unable to delete DLP Policy”
Hi, error when use parameter -ForceDeletion.
PS C:\WINDOWS\system32> Remove-DLPCompliancePolicy -Identity “xxxxxxxxxxxxxxx” -ForceDeletion
A parameter cannot be found that matches parameter name ‘ForceDeletion’.
+ CategoryInfo : InvalidArgument: (:) [Remove-DlpCompliancePolicy], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Remove-DlpCompliancePolicy
+ PSComputerName : nam10b.ps.compliance.protection.outlook.com
LikeLiked by 1 person
Due to the powershell command has been updated, kindly refer to this link https://docs.microsoft.com/en-us/powershell/module/exchange/remove-dlpcompliancepolicy?view=exchange-ps
I’m guessing Microsoft has remove the parameter, you have to call up Microsoft Support to inform them to alter at their backend.