Forum Discussion
DLP Policy Rule "U.S. Physical Address" exclusion
My custom SIT may have broken it entirely as my test email sent to outside our Org never set off an alert.
I'd see instructions to make a custom SIT but I never understood the options. I found the following https://learn.microsoft.com/en-us/purview/sit-create-a-custom-sensitive-information-type and also looked over "Sensitive information type functions". This led me to "Func_us_address". Building a custom sensitive information type has the Exclude Specific Matches at the bottom of the Edit Pattern flyout. I added every possible spelling of our address to exclude.
Confidence Level = Medium
Primary Element = Function processors: Func_us_address
Character proximity = Detect primary AND supporting elements​ within 300 characters (without Anywhere in the document checked)
Supporting elements = Did not add any
Additional checks = Exclude specific matches: All possible spellings of our physical address and PO Box
I MIGHT have it fixed. Not only does the following Regular Expression pass the test at regex101 dot com but Purview actually accepts it:
^[#.0-9a-zA-Z\s,-]+$
All the others I entered either errored at MSFT with "You cannot configure a pattern with groups or multiple match conditions like (.*, .+, .{0,n} or .{1,n}). Remove the group or the multiple match condition from the pattern to continue" or regex101 said they didn't work. Ones regex101 said didn't work would enter into Purview but do nothing when the Text option was hit.
Under Additional Checks, I entered every combination of our physical address and PO box. The simulation is now running.
Again, thanks for your response.