Few DLP sensitive labels not working; ABA Routing number and Date of Birth(DOB)

%3CLINGO-SUB%20id%3D%22lingo-sub-1339674%22%20slang%3D%22en-US%22%3EFew%20DLP%20sensitive%20labels%20not%20working%3B%20ABA%20Routing%20number%20and%20Date%20of%20Birth(DOB)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1339674%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20almost%20a%20month%20that%20I'm%20struggling%20with%20DLP%20policy%20and%20it's%20sensitive%20labels.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20created%203%20DLP%20policies%20for%20with%20different%20default%20templates.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%2C%20ABA%20routing%20number%20is%20not%20getting%20detected%20by%20the%20DLP%20policy.%20It%20works%20for%20credit%20card%2C%20US%20account%20number%2C%20etc.%20Also%2C%20I'm%20unable%20to%20find%20the%20label%20in%20which%20includes%20Date%20of%20Birth(DOB).%20I%20tried%20SSN%20label%20but%20that%20didn't%20detect%20the%20DOB.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETroubleshooting%20steps%20performed%3A%3C%2FP%3E%3CP%3E1.%20Re-create%20the%20DLP%20policies%20for%20single%20label%20like%20Credit%20card%2C%20ABA%20Routing%20number%2C%20etc.%3C%2FP%3E%3CP%3E2.%20Tried%20in%20OWA%20as%20well%20but%20policy%20doesn't%20work.%3C%2FP%3E%3CP%3E3.%20Tried%20adjusting%20the%20max%20and%20min%20option%20in%20the%20policy%20but%20no%20luck.%3C%2FP%3E%3CP%3E4.%20Created%20Microsoft%20case%23%26nbsp%3B%3CSPAN%3E19260405%2C%20but%20no%20resolution%20in%20last%2030%20days%20and%20not%20even%20the%20case%20escalated%20to%20next%20level.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20or%20guidance%20will%20be%20appreciated!!%20Thanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1378590%22%20slang%3D%22en-US%22%3ERe%3A%20Few%20DLP%20sensitive%20labels%20not%20working%3B%20ABA%20Routing%20number%20and%20Date%20of%20Birth(DOB)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1378590%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20default%20DLP%20rule%20for%20ABA%20Routing%20Number%20will%20only%20trigger%20if%20there%20is%20a%20keyword%20within%20300%20characters%20of%20a%209%20digit%20number.%20Otherwise%20without%20the%20proximity%20match%2C%20it%20would%20generate%20high%20false%20positive%20rates%20since%20any%209%20digit%20number%20would%20trigger%20the%20rule.%20You%20can%20find%20definitions%20of%20what%20triggers%20a%20DLP%20rule%20here%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fwhat-the-sensitive-information-types-look-for%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fwhat-the-sensitive-information-types-look-for%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%3CP%3ERegarding%20the%20Date%20of%20Birth%2C%20you%20need%20to%20create%20a%20custom%20DLP%20policy%20as%20described%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fcustom-sensitive-info-types%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fcustom-sensitive-info-types%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20try%20the%20ABA%20test%20again%20with%20one%20of%20these%20keywords%20within%20300%20characters%20of%20a%209%20digit%20number.%20And%20send%20screen%20shots%20of%20your%20DLP%20Policy%20configuration.%3C%2FP%3E%3CUL%3E%3CLI%3Eaba%3C%2FLI%3E%3CLI%3Eaba%20%23%3C%2FLI%3E%3CLI%3Eaba%20routing%20%23%3C%2FLI%3E%3CLI%3Eaba%20routing%20number%3C%2FLI%3E%3CLI%3Eaba%23%3C%2FLI%3E%3CLI%3Eabarouting%23%3C%2FLI%3E%3CLI%3Eaba%20number%3C%2FLI%3E%3CLI%3Eabaroutingnumber%3C%2FLI%3E%3CLI%3Eamerican%20bank%20association%20routing%20%23%3C%2FLI%3E%3CLI%3Eamerican%20bank%20association%20routing%20number%3C%2FLI%3E%3CLI%3Eamericanbankassociationrouting%23%3C%2FLI%3E%3CLI%3Eamericanbankassociationroutingnumber%3C%2FLI%3E%3CLI%3Ebank%20routing%20number%3C%2FLI%3E%3CLI%3Ebankrouting%23%3C%2FLI%3E%3CLI%3Ebankroutingnumber%3C%2FLI%3E%3CLI%3Erouting%20transit%20number%3C%2FLI%3E%3CLI%3ERTN%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

It's almost a month that I'm struggling with DLP policy and it's sensitive labels.

 

I created 3 DLP policies for with different default templates. 

 

Now, ABA routing number is not getting detected by the DLP policy. It works for credit card, US account number, etc. Also, I'm unable to find the label in which includes Date of Birth(DOB). I tried SSN label but that didn't detect the DOB.

 

Troubleshooting steps performed:

1. Re-create the DLP policies for single label like Credit card, ABA Routing number, etc.

2. Tried in OWA as well but policy doesn't work.

3. Tried adjusting the max and min option in the policy but no luck.

4. Created Microsoft case# 19260405, but no resolution in last 30 days and not even the case escalated to next level.

 

Any help or guidance will be appreciated!! Thanks.

1 Reply

The default DLP rule for ABA Routing Number will only trigger if there is a keyword within 300 characters of a 9 digit number. Otherwise without the proximity match, it would generate high false positive rates since any 9 digit number would trigger the rule. You can find definitions of what triggers a DLP rule here:
https://docs.microsoft.com/en-us/microsoft-365/compliance/what-the-sensitive-information-types-look-...

Regarding the Date of Birth, you need to create a custom DLP policy as described here: https://docs.microsoft.com/en-us/microsoft-365/compliance/custom-sensitive-info-types?view=o365-worl...

 

Please try the ABA test again with one of these keywords within 300 characters of a 9 digit number. And send screen shots of your DLP Policy configuration.

  • aba
  • aba #
  • aba routing #
  • aba routing number
  • aba#
  • abarouting#
  • aba number
  • abaroutingnumber
  • american bank association routing #
  • american bank association routing number
  • americanbankassociationrouting#
  • americanbankassociationroutingnumber
  • bank routing number
  • bankrouting#
  • bankroutingnumber
  • routing transit number
  • RTN