Forum Discussion
Robert Woods
Sep 06, 2017Steel Contributor
US SSN DLP Policy
I have a Transport Rule set up to auto encrypt emails sent from our tenant to external users if they have an SSN in the body of the email or an attachment. It is hitting on some documents that do contain a pattern of SSN: xxx-xx-1234. I would like to figure out a way to exclude the document if the first 5 digits of the pattern are x's. Is this possible?
I guess modifying the default/creating a new custom sensitive type for SSN is one way to do this: https://support.office.com/en-us/article/Create-a-custom-sensitive-information-type-82c382a5-b6db-44fd-995d-b333b3c7fc30
Raising the confidence level might help as well.
- Robert WoodsSteel Contributor
Yea I read over that document. I just dont know what to modify in the XML to exlude the xxx-xx-1234 pattern.
I have exported the xml file of our current rules and located the US SSN Section, but I do not understand it well enough to modify it properly.
Well it's based on regex, so you just need to find the correct syntax. For example, this will match any SSN and not match any xxx-xx-1234 pattern
^(?!xxx-xx-\d{4})\d{3}-(?!00)\d{2}-(?!0{4})\d{4}$