Sensitive info types (SITs) are pattern-based data classifiers in Microsoft 365 Purview. Microsoft has 300+ built-in sensitive info types and the list is continuously increasing. Organizations can automate compliance with built-in SITs or create custom sensitive info types to identify and classify their data crown jewels. In this article we look at 5 use cases where custom sensitive info types are used in various Microsoft Purview Compliance solutions.
An organisation is currently working on an acquisition project. All the documents related to the acquisition are identified through keyword ‘Project Oblivion’ and sequential document reference numbers OBV-22-AQ-xxxx. The organisation has the following requirements.
Requirement | Microsoft Purview Solution |
|---|---|
1. Classify all documents containing the project information as ‘Confidential’ with an MIP sensitivity label. | Information Protection |
2. Forward all emails and attachments containing the project information to data compliance team for approval | Data Loss Prevention |
3. Retain all the documents containing the project information for 5 years | Data Life Cycle Management |
4. Monitor all the data leakage activity by a project resource serving notice period | Insider Risk Management |
5. Search and export all the project related information from specific users for investigation | eDiscovery |
A custom sensitive info type named SIT-PRJ-OBV is created with a regex to identify the pattern OBV-22-AQ-xxxx with a supporting keyword ‘Project Oblivion’. The custom SIT is then used in the policies of the Microsoft Purview Compliance solutions.
1. Configure Information Protection auto label policy using the custom sensitive info type SIT-PRJ-OBV to apply ‘Confidential’ label on documents.
2. Configure Data Loss Prevention policy to forward all emails and attachments identified through custom Sensitive Info Type SIT-PRJ-OBV to data compliance team for approval
3. Configure Data Life Cycle Management auto label policy to apply a 5-year retention label to retain all the documents containing the project information identified through SIT-PRJ-OBV
4. Configure Insider Risk Management data leak policy targeted to the user and prioritise the documents identified through SIT-PRJ-OBV and monitor exfiltration activity.
5. Configure eDiscovery search to export all documents identified through custom sensitive information type SIT-PRJ-OBV. The id of the SIT can be obtained through Get-DlpSensitiveInformationType cmdlet.
Many organisations fail to effectively identify sensitive information due to lack of knowledge and skills in configuring keywords, dictionary and regular expressions which are essential to detect sensitive information. It is important to have the regular expressions and the supporting elements configured and fine tuned right to avoid large number of false positives in sensitive info types. Infotechtion experts can help you configure SITs and all Microsoft Purview Compliance solution policies based on our extensive experience with Microsoft Cloud. Feel free to contact us or request demo of purview solutions.
Comments