DLP OneDrive

Occasional Contributor

I'm a little confused over the DLP settings for OneDrive. Currently it seems I can only create the policy based on the pre-existing sensitive information types alternatively on the document property rules. What options do I have to create a custom type for sensitive information or do I have any? 

 

Is the document fingerprinting available for SPO/OD DLP policies as I can only find it for EXO.

 

Basically I wish to use the policy tip for content stored in OD that does not follow our policies (aka educate the users), however the pre-existing sensitive information types are not suitable.

 

Suggestions please.

1 Reply

You can define your own custom sensitive type and upload to security and compliance center. Once it is uploaded, you can define your DLP policy using custom sensitive type. You can refer below link for the same

 

https://support.office.com/en-us/article/Create-a-custom-sensitive-information-type-82c382a5-b6db-44...

 

Few things to keep in mind:

1) You can define your custom regular expression to look for patters for sensitive data.However, Microsoft has imposed many limitations on what cannot be used for defining regular expression. Check this thing as it sometime become a big issue.

2) Custom sensitive types are supported but as per our experience , MS still has this feature pretty immature. We deployed custom sensitive type in our dev tenant and figured searched stopped working. We opened case with Microsoft and got to know that crawlers were in stopped state because of custom sensitive type present.