Office365 Sensitive Information Types

Copper Contributor

Hi , In the Office365 portal, It is possible to add a custom sensitive information type via the GUI. It is possible to specify a minimum count for keywords but not for regex.

 

In reference to this article https://docs.microsoft.com/en-us/office365/securitycompliance/create-a-custom-sensitive-information-...

 

The image below displays how to specify a minimum count for keywords. I need to know how to specify a minimum count for a regex defined in the xml.mincount.png

 

The reason I need this is to ensure eDiscovery search cases, provide the same response as DLP policies. When creating a DLP policy it is possible to specify the minimum count of sensitive information type and I want DLP and eDiscovery aligned. 

 

5 Replies
Hi @Sean O'Farrell,

Yes, you can build custom sensitive information types in the GUI via the Security and Compliance centre

See this great article by Joanne Klein -

https://joannecklein.com/2018/08/07/build-and-use-custom-sensitive-information-types-in-office-365/

But also here for official documentation which confirms it can be built in the GUI.

https://docs.microsoft.com/en-gb/office365/securitycompliance/create-a-custom-sensitive-information-...

Best, Chris

Hi Chris, I know I can build custom information types in the GUI. The GUI does not allow the minimum count for regex,  only keywords. That is why I am creating them in xml and then importing them via powershell.

Hi Sean,

Thanks - I read it as is it as opposed to it is!

I have raised a uservoice for you on the GUI.

https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/36648940-cu...

I am going to raise this to the Sec and Compliance Microsoft Team to see if we can get an answer -

@Ryan Heffernan - see above string from Sean. With regards custom sensitive information types how do we specify a minimum count for a regex defined in the xml? It would be great to get an answer on this.

Best, Chris

Adding @Caroline Shin  and @Anthony Smith (A.J.). Can either of you speak to this question?

Posting this on behalf of the DLP product team:

 

In custom sensitive type is defined by patterns with 2 elements – idMatch and Match. Both these elements could take Regex, Keyword or Dictionary or built-in functions.

 

There are key differences between idMatch and Match.

  1. idMatch –enables detecting the sensitive content in document (like a credit card number)
  2. match – enables detection of supporting evidence in the proximity of idMatch (like words like “CVV”, “Credit Card”, “VISA” etc..,)

 

Min Matches

For a match element, min match count allows setting requirement to minimum number of supporting evidence to found to match pattern. As mentioned match could be a keyword list or a Regex.

 

Single match of idMatch along with required matches will identify a sensitive content found in document. In DLP Policy, the customer could configure the min and max number of sensitive type (like Credit cards) required to be found.