Office365 Sensitive Information Types

Question

Hi , In the Office365 portal, It is possible to add a custom sensitive information type via the GUI. It is possible to specify a minimum count for keywords but not for regex.

In reference to this article https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fcreate-a-custom-sensitive-information-type-in-scc-powershell&data=02%7C01%7Co365sup4%40microsoft.com%7C244b621c8bf64e52f22008d68061ba8b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636837554577672119&sdata=nyS21eJzILotLv%2BXgaiBsgN4qIyOHHUsewXmzc%2BdBmc%3D&reserved=0

The image below displays how to specify a minimum count for keywords. I need to know how to specify a minimum count for a regex defined in the xml.

The reason I need this is to ensure eDiscovery search cases, provide the same response as DLP policies. When creating a DLP policy it is possible to specify the minimum count of sensitive information type and I want DLP and eDiscovery aligned.

ryan heffernan · Answer

Adding Caroline Shin&nbsp; and&nbsp;Anthony Smith (A.J.).&nbsp;Can either of you speak to this question?

chrishoardmvp · Answer

Hi Sean O'Farrell,Yes, you can build custom sensitive information types in the GUI via the Security and Compliance centreSee this great article by Joanne Klein -https://joannecklein.com/2018/08/07/build-and-use-custom-sensitive-information-types-in-office-365/But also here for official documentation which confirms it can be built in the GUI.https://docs.microsoft.com/en-gb/office365/securitycompliance/create-a-custom-sensitive-information-type?redirectSourcePath=%252fsl-si%252farticle%252fCreate-a-custom-sensitive-information-type-82c382a5-b6db-44fd-995d-b333b3c7fc30Best, Chris

sean o&apos;farrell · Answer

Hi Chris, I know I can build custom information types in the GUI. The GUI does not allow the minimum count for regex,&nbsp; only keywords. That is why I am creating them in xml and then importing them via powershell.

chrishoardmvp · Answer

Hi Sean,Thanks - I read it as is it as opposed to it is!I have raised a uservoice for you on the GUI.https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/36648940-custom-sensitive-information-type-allow-minimumI am going to raise this to the Sec and Compliance Microsoft Team to see if we can get an answer -Ryan Heffernan&nbsp;- see above string from Sean. With regards custom sensitive information types how do we specify a minimum count for a regex defined in the xml? It would be great to get an answer on this.Best, Chris

adam jung · Answer

Posting this on behalf of the DLP product team:
&nbsp;
In custom sensitive type is defined by patterns with 2 elements – idMatch and Match. Both these elements could take Regex, Keyword or Dictionary or built-in functions.
&nbsp;
There are key differences between idMatch and Match.

idMatch –enables detecting the sensitive content in document (like a credit card number)
match – enables detection of supporting evidence in the proximity of idMatch (like words like “CVV”, “Credit Card”, “VISA” etc..,)

&nbsp;
Min Matches
For a match element, min match count allows setting requirement to minimum number of supporting evidence to found to match pattern. As mentioned match could be a keyword list or a Regex.
&nbsp;
Single match of idMatch along with required matches will identify a sensitive content found in document. In DLP Policy, the customer could configure the min and max number of sensitive type (like Credit cards) required to be found.

Forum Discussion

Office365 Sensitive Information Types

5 Replies

Resources