Custom Sensitive Info Type - Email Headers and Document Properties

%3CLINGO-SUB%20id%3D%22lingo-sub-1372460%22%20slang%3D%22en-US%22%3ECustom%20Sensitive%20Info%20Type%20-%20Email%20Headers%20and%20Document%20Properties%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1372460%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20the%20'Sensitive%20Info%20Type'%20only%20find%20matches%20within%20the%20content%20of%20documents%20and%20emails%20or%20it%20can%20also%20match%20email%20headers%20or%20document%20properties%3F%20We%20are%20trying%20to%20create%20a%20'Sensitive%20Info%20Type'%20that%20matches%20the%20sensitivity%20label%20applied%20to%20a%20document%20or%20email.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1372460%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1377025%22%20slang%3D%22en-US%22%3ERe%3A%20Custom%20Sensitive%20Info%20Type%20-%20Email%20Headers%20and%20Document%20Properties%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1377025%22%20slang%3D%22en-US%22%3Eas%20far%20as%20I%20know%2C%20DLP%20Sensitive%20Information%20types%20cannot%20inspect%20email%20headers%20or%20document%20properties.%20DLP%20Sensitive%20Information%20types%20are%20limited%20to%20the%20contents%20of%20the%20email%2C%20the%20contents%20of%20an%20attachment%2C%20or%20the%20contents%20of%20a%20document%20stored%20in%20SharePoint%2C%20OneDrive%2C%20Teams%2C%20or%20the%20contents%20of%20a%20message%20sent%20inside%20Teams%20chat.%3CBR%20%2F%3EDepending%20on%20the%20scenario%20you%20are%20trying%20to%20achieve%2C%20you%20might%20consider%20document%20fingerprinting%20for%20Exchange%20Online%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fdocument-fingerprinting%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fdocument-fingerprinting%3Fview%3Do365-worldwide%3C%2FA%3E%3CBR%20%2F%3Eor%20Trainable%20Classifiers%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fclassifier-getting-started-with%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fclassifier-getting-started-with%3Fview%3Do365-worldwide%3C%2FA%3E%3CBR%20%2F%3EOr%20using%20Exchange%20Online%20Transport%20rules%20to%20look%20for%20documents%20that%20have%20a%20Sensitive%20Information%20type%20in%20the%20document%20metadata.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fconfigure-exo-rules%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fconfigure-exo-rules%3C%2FA%3E%3CBR%20%2F%3EIf%20these%20suggestions%20didn't%20help%2C%20can%20you%20explain%20your%20use%20case%20a%20bit%20further%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%2C%3CBR%20%2F%3EJoe%20Stocker%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

Does the 'Sensitive Info Type' only find matches within the content of documents and emails or it can also match email headers or document properties? We are trying to create a 'Sensitive Info Type' that detects the sensitivity label applied to a document or email.

1 Reply
Highlighted
as far as I know, DLP Sensitive Information types cannot inspect email headers or document properties. DLP Sensitive Information types are limited to the contents of the email, the contents of an attachment, or the contents of a document stored in SharePoint, OneDrive, Teams, or the contents of a message sent inside Teams chat.
Depending on the scenario you are trying to achieve, you might consider document fingerprinting for Exchange Online:
https://docs.microsoft.com/en-us/microsoft-365/compliance/document-fingerprinting?view=o365-worldwid...
or Trainable Classifiers:
https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-getting-started-with?view=o365-...
Or using Exchange Online Transport rules to look for documents that have a Sensitive Information type in the document metadata.
https://docs.microsoft.com/en-us/azure/information-protection/configure-exo-rules
If these suggestions didn't help, can you explain your use case a bit further?

Thanks,
Joe Stocker