US SSN DLP Policy

Steel Contributor

I have a Transport Rule set up to auto encrypt emails sent from our tenant to external users if they have an SSN in the body of the email or an attachment. It is hitting on some documents that do contain a pattern of SSN: xxx-xx-1234. I would like to figure out a way to exclude the document if the first 5 digits of the pattern are x's. Is this possible?DLP.PNG

 

 

 

 

 

3 Replies

I guess modifying the default/creating a new custom sensitive type for SSN is one way to do this: https://support.office.com/en-us/article/Create-a-custom-sensitive-information-type-82c382a5-b6db-44...

 

Raising the confidence level might help as well.

Yea I read over that document. I just dont know what to modify in the XML to exlude the xxx-xx-1234 pattern.

 

I have exported the xml file of our current rules and located the US SSN Section, but I do not understand it well enough to modify it properly.

Well it's based on regex, so you just need to find the correct syntax. For example, this will match any SSN and not match any xxx-xx-1234 pattern

 

^(?!xxx-xx-\d{4})\d{3}-(?!00)\d{2}-(?!0{4})\d{4}$