Office365 Sensitive Information Types

%3CLINGO-SUB%20id%3D%22lingo-sub-326454%22%20slang%3D%22en-US%22%3EOffice365%20Sensitive%20Information%20Types%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-326454%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%2C%20In%20the%20Office365%20portal%2C%20It%20is%20possible%20to%20add%20a%20custom%20sensitive%20information%20type%20via%20the%20GUI.%20It%20is%20possible%20to%20specify%20a%20minimum%20count%20for%20keywords%20but%20not%20for%20regex.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIn%20reference%20to%20this%20article%20%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Foffice365%252Fsecuritycompliance%252Fcreate-a-custom-sensitive-information-type-in-scc-powershell%26amp%3Bdata%3D02%257C01%257Co365sup4%2540microsoft.com%257C244b621c8bf64e52f22008d68061ba8b%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636837554577672119%26amp%3Bsdata%3DnyS21eJzILotLv%252BXgaiBsgN4qIyOHHUsewXmzc%252BdBmc%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fsecuritycompliance%2Fcreate-a-custom-sensitive-information-type-in-scc-powershell%3C%2FA%3E%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20image%20below%20displays%20how%20to%20specify%20a%20minimum%20count%20for%20keywords.%20I%20need%20to%20know%20how%20to%20specify%20a%20minimum%20count%20for%20a%20regex%20defined%20in%20the%20xml.%3C%2FSPAN%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20716px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F71160i0B616C3C9EC8154F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22mincount.png%22%20title%3D%22mincount.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20reason%20I%20need%20this%20is%20to%20ensure%20eDiscovery%20search%20cases%2C%20provide%20the%20same%20response%20as%20DLP%20policies.%20When%20creating%20a%20DLP%20policy%20it%20is%20possible%20to%20specify%20the%20minimum%20count%20of%20sensitive%20information%20type%20and%20I%20want%20DLP%20and%20eDiscovery%20aligned.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-326454%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EeDiscovery%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-327977%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20Sensitive%20Information%20Types%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-327977%22%20slang%3D%22en-US%22%3E%3CP%3EPosting%20this%20on%20behalf%20of%20the%20DLP%20product%20team%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20custom%20sensitive%20type%20is%20defined%20by%20patterns%20with%202%20elements%20%E2%80%93%20idMatch%20and%20Match.%20Both%20these%20elements%20could%20take%20Regex%2C%20Keyword%20or%20Dictionary%20or%20built-in%20functions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20are%20key%20differences%20between%20idMatch%20and%20Match.%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3E%3CSTRONG%3EidMatch%3C%2FSTRONG%3E%20%E2%80%93enables%20detecting%20the%20sensitive%20content%20in%20document%20(like%20a%20credit%20card%20number)%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3Ematch%3C%2FSTRONG%3E%20%E2%80%93%20enables%20detection%20of%20supporting%20evidence%20in%20the%20proximity%20of%20idMatch%20(like%20words%20like%20%E2%80%9CCVV%E2%80%9D%2C%20%E2%80%9CCredit%20Card%E2%80%9D%2C%20%E2%80%9CVISA%E2%80%9D%20etc..%2C)%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CU%3EMin%20Matches%3C%2FU%3E%3C%2FP%3E%0A%3CP%3EFor%20a%20%3CSTRONG%3Ematch%3C%2FSTRONG%3E%20element%2C%20min%20match%20count%20allows%20setting%20requirement%20to%20minimum%20number%20of%20supporting%20evidence%20to%20found%20to%20match%20pattern.%20As%20mentioned%20match%20could%20be%20a%20keyword%20list%20or%20a%20Regex.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESingle%20match%20of%20idMatch%20along%20with%20required%20matches%20will%20identify%20a%20sensitive%20content%20found%20in%20document.%20In%20DLP%20Policy%2C%20the%20customer%20could%20configure%20the%20min%20and%20max%20number%20of%20sensitive%20type%20(like%20Credit%20cards)%20required%20to%20be%20found.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-326912%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20Sensitive%20Information%20Types%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-326912%22%20slang%3D%22en-US%22%3E%3CP%3EAdding%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F50311%22%20target%3D%22_blank%22%3E%40Caroline%20Shin%3C%2FA%3E%26nbsp%3B%20and%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F51275%22%20target%3D%22_blank%22%3E%40Anthony%20Smith%20(A.J.)%3C%2FA%3E.%26nbsp%3BCan%20either%20of%20you%20speak%20to%20this%20question%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-326508%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20Sensitive%20Information%20Types%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-326508%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Sean%2C%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20-%20I%20read%20it%20as%20is%20it%20as%20opposed%20to%20it%20is!%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20raised%20a%20uservoice%20for%20you%20on%20the%20GUI.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Foffice365.uservoice.com%2Fforums%2F289138-office-365-security-compliance%2Fsuggestions%2F36648940-custom-sensitive-information-type-allow-minimum%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Foffice365.uservoice.com%2Fforums%2F289138-office-365-security-compliance%2Fsuggestions%2F36648940-custom-sensitive-information-type-allow-minimum%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI%20am%20going%20to%20raise%20this%20to%20the%20Sec%20and%20Compliance%20Microsoft%20Team%20to%20see%20if%20we%20can%20get%20an%20answer%20-%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F44888%22%20target%3D%22_blank%22%3E%40Ryan%20Heffernan%3C%2FA%3E%26nbsp%3B-%20see%20above%20string%20from%20Sean.%20With%20regards%20custom%20sensitive%20information%20types%20how%20do%20we%20specify%20a%20minimum%20count%20for%20a%20regex%20defined%20in%20the%20xml%3F%20It%20would%20be%20great%20to%20get%20an%20answer%20on%20this.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-326490%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20Sensitive%20Information%20Types%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-326490%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Chris%2C%20I%20know%20I%20can%20build%20custom%20information%20types%20in%20the%20GUI.%20The%20GUI%20does%20not%20allow%20the%20minimum%20count%20for%20regex%2C%26nbsp%3B%20only%20keywords.%20That%20is%20why%20I%20am%20creating%20them%20in%20xml%20and%20then%20importing%20them%20via%20powershell.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-326488%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20Sensitive%20Information%20Types%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-326488%22%20slang%3D%22en-US%22%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F116126%22%20target%3D%22_blank%22%3E%40Sean%20O'Farrell%3C%2FA%3E%2C%3CBR%20%2F%3E%3CBR%20%2F%3EYes%2C%20you%20can%20build%20custom%20sensitive%20information%20types%20in%20the%20GUI%20via%20the%20Security%20and%20Compliance%20centre%3CBR%20%2F%3E%3CBR%20%2F%3ESee%20this%20great%20article%20by%20Joanne%20Klein%20-%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fjoannecklein.com%2F2018%2F08%2F07%2Fbuild-and-use-custom-sensitive-information-types-in-office-365%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fjoannecklein.com%2F2018%2F08%2F07%2Fbuild-and-use-custom-sensitive-information-types-in-office-365%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EBut%20also%20here%20for%20official%20documentation%20which%20confirms%20it%20can%20be%20built%20in%20the%20GUI.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Foffice365%2Fsecuritycompliance%2Fcreate-a-custom-sensitive-information-type%3FredirectSourcePath%3D%25252fsl-si%25252farticle%25252fCreate-a-custom-sensitive-information-type-82c382a5-b6db-44fd-995d-b333b3c7fc30%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Foffice365%2Fsecuritycompliance%2Fcreate-a-custom-sensitive-information-type%3FredirectSourcePath%3D%25252fsl-si%25252farticle%25252fCreate-a-custom-sensitive-information-type-82c382a5-b6db-44fd-995d-b333b3c7fc30%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi , In the Office365 portal, It is possible to add a custom sensitive information type via the GUI. It is possible to specify a minimum count for keywords but not for regex.

 

In reference to this article https://docs.microsoft.com/en-us/office365/securitycompliance/create-a-custom-sensitive-information-...

 

The image below displays how to specify a minimum count for keywords. I need to know how to specify a minimum count for a regex defined in the xml.mincount.png

 

The reason I need this is to ensure eDiscovery search cases, provide the same response as DLP policies. When creating a DLP policy it is possible to specify the minimum count of sensitive information type and I want DLP and eDiscovery aligned. 

 

5 Replies
Highlighted
Hi @Sean O'Farrell,

Yes, you can build custom sensitive information types in the GUI via the Security and Compliance centre

See this great article by Joanne Klein -

https://joannecklein.com/2018/08/07/build-and-use-custom-sensitive-information-types-in-office-365/

But also here for official documentation which confirms it can be built in the GUI.

https://docs.microsoft.com/en-gb/office365/securitycompliance/create-a-custom-sensitive-information-...

Best, Chris
Highlighted

Hi Chris, I know I can build custom information types in the GUI. The GUI does not allow the minimum count for regex,  only keywords. That is why I am creating them in xml and then importing them via powershell.

Highlighted

Hi Sean,

Thanks - I read it as is it as opposed to it is!

I have raised a uservoice for you on the GUI.

https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/36648940-cu...

I am going to raise this to the Sec and Compliance Microsoft Team to see if we can get an answer -

@Ryan Heffernan - see above string from Sean. With regards custom sensitive information types how do we specify a minimum count for a regex defined in the xml? It would be great to get an answer on this.

Best, Chris

Highlighted

Adding @Caroline Shin  and @Anthony Smith (A.J.). Can either of you speak to this question?

Highlighted

Posting this on behalf of the DLP product team:

 

In custom sensitive type is defined by patterns with 2 elements – idMatch and Match. Both these elements could take Regex, Keyword or Dictionary or built-in functions.

 

There are key differences between idMatch and Match.

  1. idMatch –enables detecting the sensitive content in document (like a credit card number)
  2. match – enables detection of supporting evidence in the proximity of idMatch (like words like “CVV”, “Credit Card”, “VISA” etc..,)

 

Min Matches

For a match element, min match count allows setting requirement to minimum number of supporting evidence to found to match pattern. As mentioned match could be a keyword list or a Regex.

 

Single match of idMatch along with required matches will identify a sensitive content found in document. In DLP Policy, the customer could configure the min and max number of sensitive type (like Credit cards) required to be found.