Regarding Exact Data Matches (EDM)

%3CLINGO-SUB%20id%3D%22lingo-sub-2749350%22%20slang%3D%22en-US%22%3ERegarding%20Exact%20Data%20Matches%20(EDM)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2749350%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20configured%20EDM%20sensitive%20types.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20got%20a%20couple%20of%20questions%20regarding%20the%20hash%20file%20of%20customer%20data%20that%20us%20uploaded%20using%20thr%20EDM%20Upload%20Agent.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Where%20are%20the%20hash%20files%20stored%20in%20M365%3C%2FP%3E%3CP%3E2.What%20happens%20to%20the%20old%20hash%20file%20once%20a%20new%20is%20uploaded%3C%2FP%3E%3CP%3E3.%20Can%20the%20EDM%20upload%20agent%20work%20in%20presence%20of%20a%20proxy%20like%20Zscaler%20or%20MWG%3C%2FP%3E%3CP%3E4.Can%20we%20access%20the%20uploaded%20hash%20file%20on%20M365%20Compliance%20portal%3C%2FP%3E%3CP%3E5.%20What%20is%20the%20best%20location%20(on-premise)%20to%20deploy%20the%20EDM%20Upload%20Agent%20VM%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20provide%20help%20ASAP%20as%20I%20need%20to%20provide%20info%20on%20this%20to%20my%20team%20by%20the%20end%20of%20this%20week.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2749350%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EData%20Loss%20Prevention%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20And%20Compliance%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783716%22%20slang%3D%22en-US%22%3ERe%3A%20Regarding%20Exact%20Data%20Matches%20(EDM)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783716%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F694219%22%20target%3D%22_blank%22%3E%40Rhul1545%3C%2FA%3E%26nbsp%3B-%20please%20see%20below%20for%20answers%20to%20your%20EDM%20related%20questions.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhere%20are%20the%20hash%20files%20stored%20in%20M365%3F%3C%2FSTRONG%3E%3CBR%20%2F%3EThe%20hashed%20data%20uploaded%20is%20securely%20stored%20encrypted%20in%20an%20Azure%20table%20storage%20and%20always%20remains%20in%20the%20same%20geo%20as%20where%20it%20was%20uploaded%20from.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20happens%20to%20the%20old%20hash%20file%20once%20a%20new%20is%20uploaded%3F%3C%2FSTRONG%3E%3CBR%20%2F%3EOld%20hashed%20data%20gets%20deleted%20after%20new%20hashed%20%2F%20salted%20EDM%20data%20file%20is%20uploaded.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ECan%20the%20EDM%20upload%20agent%20work%20in%20presence%20of%20a%20proxy%20like%20Zscaler%20or%20MWG%3F%3C%2FSTRONG%3E%3CBR%20%2F%3EThe%20EDM%20upload%20agent%20is%20used%20to%20salt%2Fhash%2Fupload%20the%20EDM%20sensitive%20data%20that%20is%20to%20be%20protected.%20Though%20it%20has%20not%20been%20tested%20explicitly%20with%20the%20proxies%20mentioned%20here%2C%20it%20should%20work%20in%20presence%20of%20any%20proxy%20as%20long%20as%20outbound%20connectivity%20to%20Microsoft%20Graph%2C%20Azure%20Blob%20storage%20and%20Azure%20AD%20endpoints%20is%20allowed.%20EDM%20detections%20from%20the%20Microsoft%20EDM%20can%20be%20detected%20in%20parallel%20with%20other%20EDM%20vendors%2C%20such%20as%20Zscaler%20and%20McAfee%2C%20but%20conflicts%20may%20arise%20if%20various%20DLP%20solutions%20are%20actively%20protecting%20the%20same%20content.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ECan%20we%20access%20the%20uploaded%20hash%20file%20on%20M365%20Compliance%20portal%3F%3C%2FSTRONG%3E%3CBR%20%2F%3ENo%2C%20the%20uploaded%20hash%20file%20is%20not%20available%20for%20access%3B%20however%2C%20the%20hash%20file%20generated%20prior%20to%20upload%20is%20written%20locally%20and%20can%20be%20accessed.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20is%20the%20best%20location%20(on-premise)%20to%20deploy%20the%20EDM%20Upload%20Agent%20VM%3F%3C%2FSTRONG%3E%3CBR%20%2F%3EIt%20should%20be%20deployed%20in%20a%20location%20that%20the%20compliance%20admin%20or%20tenant%20admin%20has%20full%20access%20to.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20regards%2C%3C%2FP%3E%0A%3CP%3EMartin%20Berzin%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi All,

 

We have configured EDM sensitive types.

 

We have got a couple of questions regarding the hash file of customer data that us uploaded using thr EDM Upload Agent.

 

1. Where are the hash files stored in M365

2.What happens to the old hash file once a new is uploaded

3. Can the EDM upload agent work in presence of a proxy like Zscaler or MWG

4.Can we access the uploaded hash file on M365 Compliance portal

5. What is the best location (on-premise) to deploy the EDM Upload Agent VM

 

Please provide help ASAP as I need to provide info on this to my team by the end of this week.

 

 

2 Replies

Hi @Rhul1545 - please see below for answers to your EDM related questions. 

 

Where are the hash files stored in M365?
The hashed data uploaded is securely stored encrypted in an Azure table storage and always remains in the same geo as where it was uploaded from.

 

What happens to the old hash file once a new is uploaded?
Old hashed data gets deleted after new hashed / salted EDM data file is uploaded.

 

Can the EDM upload agent work in presence of a proxy like Zscaler or MWG?
The EDM upload agent is used to salt/hash/upload the EDM sensitive data that is to be protected. Though it has not been tested explicitly with the proxies mentioned here, it should work in presence of any proxy as long as outbound connectivity to Microsoft Graph, Azure Blob storage and Azure AD endpoints is allowed. EDM detections from the Microsoft EDM can be detected in parallel with other EDM vendors, such as Zscaler and McAfee, but conflicts may arise if various DLP solutions are actively protecting the same content.

 

Can we access the uploaded hash file on M365 Compliance portal?
No, the uploaded hash file is not available for access; however, the hash file generated prior to upload is written locally and can be accessed.

 

What is the best location (on-premise) to deploy the EDM Upload Agent VM?
It should be deployed in a location that the compliance admin or tenant admin has full access to.

 

Best regards,

Martin Berzin

Hi Martin,
Thanks for the reply.
In addition to above I also had below question:
1. EDM usually send the hash via public internet. Is there any encryption in place to secure it.?
2. Also can we use express route instead of public internet?