Learn about named entities
Named entities are sensitive information types (SIT). They're complex dictionary and pattern-based classifiers that you can use to detect person names, physical addresses, and medical terms and conditions. You can see them in the Microsoft Purview compliance portal > Data classification > Sensitive info types. Here's a partial list of where you can use SITs:
- Microsoft Purview Data Loss Prevention policies (DLP)
- Sensitivity labels
- Insider risk management
- Microsoft Defender for Cloud Apps
- Microsoft Purview Information Protection
- Data Lifecycle Management
- Records management
- Microsoft Purview eDiscovery
- Microsoft Priva
- Exact data match sensitive information types
DLP makes special use of named entities in enhanced policy templates, which are preconfigured DLP policies that you can customize for your organizations needs. You can also create your own DLP policies from a blank template and use a named entity SIT as a condition. Entity Match and other advanced classifiers are offered only to users with E5 licenses.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.
Examples of named entity SITs
Named entity SITs come in two flavors, bundled and unbundled
Bundled named entity SITs detect all possible matches. Use them as broad criteria in your DLP policies for detecting sensitive items.
Unbundled named entity SITs have a narrower focus, like a single country. Use them when you need a DLP policy with a narrower detection scope.
Note
To use named entity SITs, you must activate Advanced classification scanning and protection for the relevant data loss prevention settings before they will be discoverable.
Here are some examples of named entity SITs. You can find all of them in Sensitive information type entity definitions.
Named Entity | Description | Bundled/Unbundled |
---|---|---|
All full names | Detects all possible matches of full names | bundled |
All physical addresses | Detects all possible matches of physical addresses | bundled |
All medical terms and conditions | Detects all possible matches of medical terms and conditions | bundled |
Australia Physical Addresses | Detects patterns related to physical addresses from Australia. Included in All physical addresses SIT. | unbundled |
Blood Test Terms | Detects terms related to blood tests, such as 'hCG'. English terms only. Included in All medical terms and conditions SIT | unbundled |
Brand Medication Names | Detects names of brand medication, such as 'Tylenol'. English terms only. Included in All medical terms and conditions. | unbundled |
Examples of enhanced DLP policies
Here are some examples of enhanced DLP policies that use named entity SITs. You can find all 10 of them in the Microsoft Purview compliance portal Navigate to Data loss prevention > Create policy. Enhanced templates can be used in DLP and auto-labeling.
Policy category | Template | Description |
---|---|---|
Financial | U.S. Gramm-Leach-Bliley Act (GLBA) Enhanced | Helps detect the presence of information subject to Gramm-Leach-Bliley Act (GLBA), including information like social security numbers or credit card numbers. This enhanced template extends the original by also detecting people's full names, U.S./U.K. passport number, U.S. driver's license number and U.S. physical addresses. |
Medical and health | Australia Health Records Act (HRIP Act) Enhanced | Helps detect the presence of information commonly considered to be subject to the Health Records and Information Privacy (HRIP) act in Australia, like medical account number and tax file number. This enhanced template extends the original by also detecting people's full names, medical terms and conditions, and Australia physical addresses. |
Privacy | General Data Protection Regulation (GDPR) Enhanced | Helps detect the presence of personal information for individuals inside the European Union (EU) to help meet GDPR privacy obligations. This enhanced template detects people's full names and physical addresses for countries in the EU. |
Next steps
For further information
- Sensitive information type entity definitions
- Learn about Sensitive information types
- Create a custom sensitive information type
- Create a custom sensitive information type in PowerShell
- Sensitivity labels
- Retention labels
- Communication compliance
- Autolabeling policies
- Create and Deploy data loss prevention policies