I am trying to find all occurrences of protected health information (PHI) in Tenant

Copper Contributor

Great content in your Advanced Hunting series.  This may be outside of scope but is it possible to scavenge for PHI within Microsoft 365 using Advanced Hunting or might that be a completely different tool set?  I do see some information on SensitivityLabel and etc. in DeviceFileEvents; however, we have not yet classified our data yet -- this has to do with preparing to classify by first identifying where sensitive data resides.  Thanks!

1 Reply
So leave the Sensitivity Labels to one side for now and start using the SIT's to identify the Sensitive Data without having to apply labels.

Having said that do understand that the Content & Activity explorer tools in the compliance manager do not have any filters yet to help narrow down the false positives - so YMMV