Forum Discussion
Find sensitive data types in Outlook mailboxes
Hi all,
I want to help my users reduce the size of their large Outlook inboxes, for efficiency and security purposes. I want them to start with the sensitive data, such as Swift codes, credit card numbers etc. I want to use Purview to highlight who has what, and where exactly to find it in their mailbox, so that these emails can be filed in the right file storage system we have, rather than sitting in their mailbox.
I want an accurate report to show that user 1 has x amount of that data, including the sensitive data type to help with prioritising their efforts, the email Subject to identify and locate the relevant email for filing etc.
I can see in the Purview Content explorer that there are x amount of credit card data, of which A of that total are in Exchange, B is in Sharepoint etc.
If I expand the Exchange section, I can see which mailbox has what, as a count summary. If I click on each individual mailbox, I can see the sum total of the different data types that Purview has detected. However, in the portal I can see that some of the results are low and medium confidence.
If I export the data as .xlsx for that one mailbox as a test, I see a bunch of script in the formula bar that is difficult to read, let alone separate out easily to find only the high confidence stuff.
Am I going about this the right way?
If so, how can I make this as quick and painless as possible for myself, to be able to say who has what and where, or at least verify what Purview is telling me?
If not, what should/can I do to help our users cull their risk?
Hi GI472,
Your use case is in other words about data discovery.
Content Explorer is good place to look for such content but you have to parse the data to be able to read it correctly.
Get started with content explorer - Microsoft Purview (compliance) | Microsoft Learn
You can try to extract the data and visualize it using Power BI for example similar to what was done in this reference Microsoft 365 Compliance audit log activities via O365 Management API - Part 2 - Microsoft Community Hub
As for confidence level indicated in the content explorer it is based on confidence level of the SITs and this can be changed Increase Classifier Accuracy - Microsoft Purview (compliance) | Microsoft Learn
If you need to look from now on, I would suggest to add some policies to inspect content using one of multiple options available. Such as a file policy within Microsoft Defender for Cloud Apps with filter App=ExchangeOnline to discover specific SITs or Trainable Classifiers using content inspection.
File policies - Microsoft Defender for Cloud Apps | Microsoft Learn
Here you have to be careful since you are looking at real user data and you may have legal obligations for your actions.
Thank you and kind regards
