Jan 28 2019 02:21 AM
Hi , In the Office365 portal, It is possible to add a custom sensitive information type via the GUI. It is possible to specify a minimum count for keywords but not for regex.
In reference to this article https://docs.microsoft.com/en-us/office365/securitycompliance/create-a-custom-sensitive-information-...
The image below displays how to specify a minimum count for keywords. I need to know how to specify a minimum count for a regex defined in the xml.
The reason I need this is to ensure eDiscovery search cases, provide the same response as DLP policies. When creating a DLP policy it is possible to specify the minimum count of sensitive information type and I want DLP and eDiscovery aligned.
Jan 28 2019 03:39 AM
Jan 28 2019 03:44 AM
Hi Chris, I know I can build custom information types in the GUI. The GUI does not allow the minimum count for regex, only keywords. That is why I am creating them in xml and then importing them via powershell.
Jan 28 2019 04:18 AM - edited Jan 28 2019 04:18 AM
Hi Sean,
Thanks - I read it as is it as opposed to it is!
I have raised a uservoice for you on the GUI.
https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/36648940-cu...
I am going to raise this to the Sec and Compliance Microsoft Team to see if we can get an answer -
@Ryan Heffernan - see above string from Sean. With regards custom sensitive information types how do we specify a minimum count for a regex defined in the xml? It would be great to get an answer on this.
Best, Chris
Jan 28 2019 03:09 PM - edited Jan 28 2019 03:11 PM
Adding @Caroline Shin and @Anthony Smith (A.J.). Can either of you speak to this question?
Jan 30 2019 06:46 AM
Posting this on behalf of the DLP product team:
In custom sensitive type is defined by patterns with 2 elements – idMatch and Match. Both these elements could take Regex, Keyword or Dictionary or built-in functions.
There are key differences between idMatch and Match.
Min Matches
For a match element, min match count allows setting requirement to minimum number of supporting evidence to found to match pattern. As mentioned match could be a keyword list or a Regex.
Single match of idMatch along with required matches will identify a sensitive content found in document. In DLP Policy, the customer could configure the min and max number of sensitive type (like Credit cards) required to be found.