Jaa


Create custom sensitive information types

If the preconfigured sensitive information types (SITs) don't meet your needs, you can create and define customized SITs that meet your needs. You can also copy and then edit a built-in SIT.

The custom SITs are added to the Microsoft.SCCManaged.CustomRulePack rule package.

There are two methods for creating a new SIT:

Tip

If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.

Before you begin

SKU/subscriptions and licensing

Before you start using DLP policies, confirm your Microsoft 365 subscription and any add-ons.

For information on licensing, see Microsoft 365, Office 365, Enterprise Mobility + Security, and Windows 11 Subscriptions for Enterprises.

Important

Microsoft Customer Service & Support can't assist with creating custom classifications or regular expression patterns. Support engineers can provide limited support for the feature, such as, providing sample regular expression patterns for simulation purposes, or helping to troubleshoot an existing regular expression pattern that's not triggering as expected. However, they can't provide assurances that any custom content-matching development will fulfill your requirements or obligations.

Create a custom SIT from scratch

Note

Microsoft Purview supports creating custom SITs that use double-byte character languages, such as Chinese, Japanese, and Korean. Because these languages do not use delimiters the way that single-byte languages do, Purview adds a space between each word in languages that use double-byte characters. It also removes special characters, such as punctuation.

Use the following procedure to fully define a brand new sensitive information type.

Select the appropriate tab for the portal you're using. Depending on your Microsoft 365 plan, the Microsoft Purview compliance portal is retired or will be retired soon.

To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal.

  2. In the Microsoft Purview compliance portal, navigate to Information Protection > Classifiers > Sensitive info types and choose Create sensitive info type.

  3. Fill in values for Name and Description and choose Next.

  4. Choose Create pattern. You can create multiple patterns, each with different elements and confidence levels, as you define your new sensitive information type.

  5. Choose the default confidence level for the pattern. The values are Low confidence, Medium confidence, and High confidence.

  6. Choose and define the Primary element. The primary element can be a Regular expression with an optional validator, a Keyword list, a Keyword dictionary, or one of the pre-configured Functions. For more information on the SIT functions used for data loss prevention, see Sensitive information type functions. For more information on the date and the checksum validators, see Sensitive Information Type regular expression validators.

  7. Fill in a value for Character proximity.

  8. (Optional) Add supporting elements if you have any. Supporting elements can be a regular expression with an optional validator, a keyword list, a keyword dictionary or one of the predefined functions. Supporting elements can have their own Character proximity configuration.

  9. (Optional) Add any additional checks from the list of available checks.

  10. Choose Create.

  11. Choose Next.

  12. Choose the recommended confidence level for this sensitive information type.

  13. Check your settings and choose Save.

    Important

    Microsoft 365 uses the search crawler to identify and classify sensitive information in SharePoint and OneDrive sites. To identify your new custom sensitive information type in existing content, the content must be re-crawled. Content is crawled based on a schedule, but you can manually re-crawl content for a site collection, list, or library. For more information, see Manually request crawling and re-indexing of a site, a library or a list.

  14. The Sensitive info types tab of the Classifiers page, lists all of the sensitive information types. Choose Refresh and then or use the search tool or browse the list to find your new SIT.

Copy and modify an existing SIT

This procedure explains how to copy and modify an existing SIT using the Compliance Portal.

Alternatively, you can copy and modify custom SITs using PowerShell and leveraging Purview's Exact Data Match (EDM) capabilities. To learn more about those methods, see:

Note

These SITs can't be copied:

  • Canada driver's license number
  • EU driver's license number
  • EU national identification number
  • EU passport number
  • EU social security number or equivalent identification
  • EU tax identification number
  • International classification of diseases (ICD-10-CM)
  • International classification of diseases (ICD-9-CM)
  • U.S. driver's license number

Copy and modify an existing SIT using the Microsoft Purview or Compliance portal

Select the appropriate tab for the portal you're using. Depending on your Microsoft 365 plan, the Microsoft Purview compliance portal is retired or will be retired soon.

To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal.

  2. Information Protection > Classifiers > Sensitive info types and select the sensitive information type that you want to copy.

  3. The overview page for the sensitive information type opens. Choose Copy. When the copy is ready, a message stating that the copy was created appears with an option to edit it. Choose Yes.

  4. Give your new sensitive information type a new Name and Description.

  5. You can choose to create a new pattern, or edit or remove some or all of the existing patterns.

    1. To create a new pattern, choose Create.
    2. To edit an existing pattern, choose the Edit (pencil) icon next to the pattern you want to change.
    3. To remove a pattern, choose the Delete icon next to the pattern you want to remove.
  6. When creating or editing a pattern, choose the default confidence level for the pattern. The values are Low confidence, Medium confidence, and High confidence.

  7. Choose and define Primary element. The primary element can be a Regular expression, a Keyword list, a Keyword dictionary, or one of the preconfigured Functions. See, Sensitive information type functions.

  8. Fill in a value for Character proximity.

  9. (Optional) If you have Supporting elements or any additional checks you want to run, add them. If needed, you can organize your Supporting elements into groups.

  10. If you're creating a new pattern, choose Create. If you are editing an existing pattern, choose Update.

  11. Choose Next.

  12. Confirm the confidence level selection for this sensitive information type and then choose Next.

  13. Review your settings and then choose Save.

  14. Your new sensitive information type is created. At the confirmation message, choose *Done

Note

Microsoft Purview information protection supports double byte character set languages for:

  • Chinese (simplified)
  • Chinese (traditional)
  • Korean
  • Japanese

This support is available for sensitive information types. For more information, seeInformation protection support for double byte character sets release notes (preview).

Tip

To detect patterns containing Chinese/Japanese characters and single byte characters, or to detect patterns containing Chinese/Japanese and English, define two variants of the keyword or regex.

  • For example, to detect a keyword like "机密的document", use two variants of the keyword; one with a space between the Japanese and English text and another without a space between the Japanese and English text. So, the keywords to be added in the SIT should be "机密的 document" and "机密的document". Similarly, to detect a phrase "東京オリンピック2020", two variants should be used; "東京オリンピック 2020" and "東京オリンピック2020".

Along with Chinese/Japanese/double byte characters, if the list of keywords/phrases also contain non Chinese/Japanese words also (for instance, English only), creating two dictionaries/keyword lists is recommended. Create one for keywords containing Chinese/Japanese/double byte characters and another for English-only.

  • For example, if you want to create a keyword dictionary/list with three phrases "Highly confidential", "機密性が高い", and "机密的document", you should create two keyword lists.
    1. Highly confidential
    2. 機密性が高い, 机密的document and 机密的 document

While creating a regex using a double byte hyphen or a double byte period, make sure to escape both the characters in the same way that you would escape a hyphen or period in a regex. Here is a sample regex for reference:

(?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4})

Double-byte special characters should not be used in the keyword.

We recommend using a string match instead of a word match in a keyword list.