Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

How to use regex capturing-group in custom sensitive information in DLP Office365?

Copper Contributor

I'm triyng to create a custom sensitive information type in Office365 (Security & Compliance Center) to match possible passwords (at least 8 digits, a letter, a number and a special character).

 

Regex (it works - e.g. https://regex101.com/)

(?=.*[A-Za-z])(?=.*\d)(?=.*["!@#$%¨&()-_+])[A-Za-z\d"!@#$%¨&()-_+]{8,}

 

But when I try to set this code in Office365 I receive the error message below:

 

You cannot configure a pattern with groups or multiple match conditions like (.*,.+,.{0,n} or .{1,n}. Remove the group or the multiple match condition from the pattern to continue.

Is there a way to circunvent this situation? Is it possible to reach the same result in another way?

 

 
1 Reply
Looks like you encountered typical issue. If I remember correctly O365 uses Boost.Regex engine, regex101 doesn't have it (PCRE, ECMAScript, Python, GoLang), so your validation helps to find only issues which are in common for both.

At first sight: 8-infinite matches, positive lokahead,s, "anything between 0 and inifnite occurences" (aka "I have no idea what's there, but would like to match it") - which are not supported by Office's regex engine. Apart of that, they are also very dangerous and it's better to avoid them (despite that they are very convenient in many cirumstances).

Here is some more information from MS:
https://docs.microsoft.com/en-us/office365/securitycompliance/create-a-custom-sensitive-information-...

Btw, your regex for passwords - it won't work as you might think. Counter-examples for your regex (they will be matched, but cannot be a password if you set strong password configuration):
000aaa0000
10.10.10.10
mydomain.com
hellooo!