Default DLP policy templates

Brass Contributor

Hello All,


I wanted to check in DLP, Microsoft has default policy templates for US PII and HIPAA compliance. Are those templates proven? it contains few out-of-the box  trainable classifiers with AND condition for different sensitive info types.


is it recommended to follow those conditions as defined in default template if we are creating custom policy?





1 Reply
best response confirmed by Afsar_Shariff (Brass Contributor)

Hi, @Afsar_Shariff,


Admittedly, the pre-built templates tend to be looking for a substantial amount of data that has to be met and this likely will lead to catching everything as desired, specifically due to the AND statement. I have found it best to maybe use these templates to identify the out-of-the-box SITs and Trainable Classifiers for a specific category like PII and then build my own custom policy based on the client and which of the data types they have in their environment. Hope this helps but essentially, yes, I would recommend build a custom policy.