Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
New Enhancements and Workload for Microsoft Exact Data Match
Published Apr 27 2021 10:00 AM 2,590 Views
Microsoft

Hello and welcome back to another blog post about new improvements with Microsoft Exact Data Match (EDM). I am going to first cover improvements launching today and upcoming, then I will circle back on some previously released improvements.

 

First up and launching today, is the ability to test the EDM based SITs just like you can currently do with all other SITS (All clouds)! Being able to do a quick test to ensure you got your EDM SITs correctly setup and that your data was correctly imported can help you get going rapidly. There are a lot of moving parts in EDM: schema, data uploads, SITs / rule package, and then policy setup. Trying to troubleshoot a SIT and a DLP Policy relying on EDM SIT at the same time is difficult. This will enable you to confirm EDM is working as expected before moving to use it in your DLP or auto labeling rules, and help you keep any required troubleshooting focused by excluding what you know is working correctly.

 

Picture1.pngFigure 1. Choose EDM SIT

 

Picture2.pngFigure 2. Select Test

 

Picture3.pngFigure 3. Upload file containing test data

 

Picture4.pngFigure 4. Review test results

 

The ability to apply a sensitivity label to content automatically using EDM Sensitive Information Types (SIT) will be coming soon (initially Commercial Cloud only)!  This will allow compliance admins to be able to scan the companies SharePoint Online and OneDrive for Business repositories and apply sensitivity labels, with or without encryption, to some of the most important and highly sensitive data they hold. 

While automatic labeling using regular Sensitive Information Types is functionality that has been available for some time, bulk labeling using this type of content detection can lead to some false positives, and while false positives may not be a big issue when occurring in front of a user that can notice and fix an incorrect labeling action, this is considerably more problematic when it’s done in bulk over a large number of documents without interactive human supervision. This is where EDM shines: its ability to detect matches to specific, actual sensitive data with minimal or no false positives is a great match for this scenario. This is important for our Regulated Industry customers, like my Health and Life Sciences (HLS) customers.  Electronic Medical Records (EMR) contain extremely sensitive information about every single patient a medical facility, company or doctor has had contact with.  Strict regulations and certifications standards such as HIPAA and HITRUST, require close control of Personal Health Information (PHI) and being able to easily identify and label data at rest will help everyone!

 

Another new feature that is in Public Preview right now is the use of Customer Key for Microsoft 365 at the tenant level to protect additional elements in your tenant including your EDM sensitive information tables. This is a broad preview and includes many more data points than just EDM, but that protection of EDM data is included in this preview shows it is now a first-class citizen in the Microsoft Compliance world.

 

The next two items are being covered together, Improved Auditability and Upload Notifications are GA (All clouds). This gives the Compliance admins to ability to audit and be alerted when these EDM related activities happen:

 

Picture5.png

 Figure 5. EDM Audit Activities

 

Along with the Sensitive Information Type activities:

 

Picture6.png

 Figure 6. SIT Audit Activities

 

To check out the new auditing features, I decided to do some cleanup of an EDM datastore I setup for fun and created a new EDM datastore and SITs. Now let’s go check out what this looks like in the Audit logs.

 

Picture7.png

 Figure 7. Audit Items

 

As you can see above, starting from the bottom up are the actions I took yesterday related to SITs. Now let’s take a closer look at some of these.  One way to take a closer look is to download the results. In Figure 5 you can see the Export item at the top left.

 

Picture8.png

 Figure 8. Sample export of audit items

 

You can also select one of the alerts to look at in in the interface.

 

Picture9.png

 Figure 9. Sample details of Audit Item

 

Audit data should appear in the log between 30 minutes and 2 hours.  This data is also available as part of the Office 365 Management Activity API reference | Microsoft Docs

I think this covers it for today. If you would like to learn more about EDM you can check out my previous blogs, Implementing Microsoft Exact Data Match (EDM) Part 1 - Microsoft Tech Community and Enhancements to Microsoft Exact Data Match - Microsoft Tech Community.

 

Version history
Last update:
‎May 11 2021 01:59 PM
Updated by: