SCDLPCompliancePolicy - option not available when using application and certification settings.

[hvdbrink]

Description of the issue

When deploying SCDLPCompliancePolicy the option EndpointDlpLocationException and EndpointDlpLocation are missing in the commandlet "New-DLPCompliancyPolicy". When connecting locally with "Connect-ippsession" it's there with username and password. But when connecting the same way but with appid and certificate the options are missing. Microsoft learn about the commandlet says you need compliance admin of compliance data admin for it to become available. but for APPID this doesn't work even with the compliance admin

Microsoft 365 DSC Version

1.24.424.1

Which workloads are affected

Security & Compliance Center

The DSC configuration

SCDLPCompliancePolicy "SCDLPCompliancePolicy-SSB Exchange - Block Label Depv\Organisatie Intern"
        {
            ApplicationId                         = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint                 = $ConfigurationData.NonNodeData.CertificateThumbprint;
            Comment                               = "Block Label Depv\Organisatie Intern naar externe personen";
            EndpointDlpLocationException          = @();
            Ensure                                = "Present";
            ExchangeLocation                      = "All";
            ExchangeSenderMemberOf                = @();
            ExchangeSenderMemberOfException       = @();
            Mode                                  = "Enable";
            Name                                  = "SSB Exchange - Block Label Depv\Organisatie Intern";
            OneDriveLocationException             = @();
            OnPremisesScannerDlpLocationException = @();
            PowerBIDlpLocationException           = @();
            Priority                              = 0;
            SharePointLocationException           = @();
            TeamsLocationException                = @();
            TenantId                              = $OrganizationName;
            ThirdPartyAppDlpLocationException     = @();
        }
        SCDLPCompliancePolicy "SCDLPCompliancePolicy-SSB Device Restrictions"
        {
            ApplicationId                         = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint                 = $ConfigurationData.NonNodeData.CertificateThumbprint;
            Comment                               = "Helps detect the presence of personal information for individuals inside the European Union (EU) to assist in meeting GDPR privacy obligations. This enhanced template extends the original by also detecting people's full names and physical addresses for countries in the EU. We have enhanced it with Trainable Classifiers HR, Tax, Healthcare, and Legal Affairs to detect documents containing healthcare, tax fillings, legal terminology and HR records.";
            EndpointDlpLocation                   = "All";
            EndpointDlpLocationException          = @();
            Ensure                                = "Present";
            ExchangeSenderMemberOf                = @();
            ExchangeSenderMemberOfException       = @();
            Mode                                  = "Enable";
            Name                                  = "SSB Device Restrictions";
            OneDriveLocationException             = @();
            OnPremisesScannerDlpLocationException = @();
            PowerBIDlpLocationException           = @();
            Priority                              = 1;
            SharePointLocationException           = @();
            TeamsLocationException                = @();
            TenantId                              = $OrganizationName;
            ThirdPartyAppDlpLocationException     = @();
        }

Verbose logs showing the problem

VERBOSE: [LAPTOP01]:                            [[SCDLPCompliancePolicy]SCDLPCompliancePolicy-SSB Exchange - Block Label Depv\Organisatie Intern] Getting configuration of DLPCompliancePolicy for SSB Exchange
- Block Label Depv\Organisatie Intern
VERBOSE: [LAPTOP01]:                            [[SCDLPCompliancePolicy]SCDLPCompliancePolicy-SSB Exchange - Block Label Depv\Organisatie Intern] DLPCompliancePolicy SSB Exchange - Block Label
Depv\Organisatie Intern does not exist.
A parameter cannot be found that matches parameter name 'EndpointDlpLocationException'.
    + CategoryInfo          : InvalidArgument: (:) [], CimException
    + FullyQualifiedErrorId : NamedParameterNotFound,New-DlpCompliancePolicy
    + PSComputerName        : localhost

VERBOSE: [LAPTOP01]: LCM:  [ End    Set      ]  [[SCDLPCompliancePolicy]SCDLPCompliancePolicy-SSB Exchange - Block Label Depv\Organisatie Intern]  in 1435.0710 seconds.

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Pro
OsOperatingSystemSKU : 48
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, en-GB}

Name                           Value
----                           -----
PSVersion                      5.1.22621.2506
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2506
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1