Forum Discussion

sumo83's avatar
sumo83
Iron Contributor
Jun 26, 2025
Solved

Search for Credit Card Numbers within tenant

Hello all,   for audit purposes, I need to discover if there are any PAN/Credit Card numbers stored anywhere within our tenant - we use M365 E3/E5 (Sharepoint, onedrive, exchange online).   I'm s...
  • vicwingsing's avatar
    vicwingsing
    Jun 26, 2025

    You are in the right path:

    Using eDiscovery, you can use the Content search function. Once content search finishes searching for information > you can export a report that contains details (there is a limit of 2TB for the exported file)
    Exporting data from Content Search: https://learn.microsoft.com/en-us/purview/ediscovery-export-search-results 

    Additionally, you can create a DLP policy that points inwards. You're DLP policy would have the following in the rules: 
    Policy is for SharePoint and OneDrive
       Rule: IF data contains Sensitive Information Type (1) PAN or (2) CCN then trigger. Recommended to change the confidence level to High. No action taken
           Run policy: Simulation/ Audit mode. So that it doesn't change or affect anything in your org. 

    Another option:
    In Content explorer, there is an SIT section, you'll get ALL (and I do mean ALL) data that matches PAN and CCN. You can export this list too in excel. Then you can use excel to count.

BrianStephen's avatar
BrianStephen
Icon for Microsoft rankMicrosoft
Jun 26, 2025

Hi sumo83​ 

While you can use eDiscovery in Microsoft Purview to search content across Exchange Online, it’s important to note that eDiscovery does not support direct querying of Sensitive Information Types (SITs) such as credit card numbers or Social Security numbers.

If your objective is to identify or manage sensitive data, consider using the following Microsoft Purview tools and features.

1. Microsoft Purview Content Explorer and Data Explorer

Use Content Explorer or Data Explorer to:

  • View where sensitive information types are detected across Microsoft 365 services, including Exchange Online, SharePoint Online, and OneDrive for Business.
  • Gain visibility into the distribution and types of sensitive data in your organization.
  • Support compliance and risk management initiatives.

NOTE:
Access to Content Explorer and Data Explorer requires appropriate Microsoft Purview compliance role group permissions.

2. Data Loss Prevention (DLP) Policies

Configure DLP policies in Microsoft Purview to:

  • Automatically detect sensitive information in email messages and attachments (In-Transit).
  • Apply protective actions such as blocking, alerting, or auditing based on policy rules.
  • Help prevent unintentional sharing of sensitive data outside your organization.
Limitations of eDiscovery for SITs
  • eDiscovery (Standard or Premium) allows keyword and metadata-based searches but does not support direct filtering by SITs.
  • To investigate sensitive data exposure, use DLP alerts or Content Explorer insights instead.

 

Data Explorer in Microsoft Purview
https://learn.microsoft.com/en-us/purview/data-classification-data-explorer

Content Explorer in Microsoft Purview
https://learn.microsoft.com/en-in/purview/data-classification-content-explorer

Review and Analyze Data Classification and Protection (Training Module)
https://learn.microsoft.com/en-us/training/modules/purview-review-analyze-data-classification/

Keyword queries and search conditions for eDiscovery | Microsoft Learn

I hope that helps!

-Brian ✌️ 

Resources