Testing a sensitive information type- Microsoft SC-400 Certification

Microsoft’s best practice recommendation is that once you have created a sensitive information type, it should be tested to ensure it is working as expected. You can then deploy this to the wider organization. Let’s explore this by performing the following steps:

  1. Create two files; for example, two Microsoft Word documents. Add data that matches the components you configured in your sensitive information type to one of the documents, and then add content that does not match the other.
  2. From the Microsoft compliance center, navigate to Data Classification | Sensitive info types and select the sensitive information type. This will open a pane containing the specific configuration. Now, select Test.
  3. Upload the files, then select Test.
  4. Review the findings on the Matches results page and click on Finish.

Although the sensitive information type is available to the entire tenant, once you have created and tested the custom sensitive information type, you can assign this to groups and users. However, you may need to edit this in the future, which will be covered in the next part of this chapter.

Modifying custom sensitive information types in the compliance center

In this next section, we will go through the steps you need to follow to modify an already existing custom sensitive information type from the Microsoft 365 compliance center. Let’s get started:

  1. From within the compliance center, navigate to Data Classification | Sensitive info types, select the sensitive information type you want to amend, and choose Edit.
  2. From within this menu, you can add other patterns with supporting elements, character proximity, confidence levels, and additional checks. You can also modify or delete the existing ones if you so wish.

Once you have modified the custom sensitive information type, you will find yourself back on the sensitive information type pane, where we will now look at how to delete an existing sensitive information type.

Removing custom sensitive information types in the compliance center

It is important to note that at this stage, you can’t remove built-in sensitive information types. You are only able to remove any custom sensitive information types that are created by you or another administrator. Let’s take a look at how to do this:

  1. From within the compliance center, navigate to Data Classification | Sensitive info types and select the sensitive information type that needs to be removed.
  2. Select Delete in the pop-up window that opens.

You should now be able to create, test, modify, and delete a custom sensitive information type from the Microsoft 365 compliance center. Next, we are going to cover the same tasks, but this time with custom sensitive information types with exact data matches.

Creating custom sensitive information types with exact data matches

Custom sensitive information types match several business needs for a lot of organizations. However, there is also a use case where you may want a custom sensitive information type that uses exact data values, rather than the sensitive information types that have matched based on common patterns.

EDM-based classifications will enable you to build a custom sensitive information type that is design to be more scalable and secure, as well as having integration with the Microsoft 365 and Azure ecosystem.

EDM-based classification will allow an admin to build custom sensitive information types that apply to particular values in a database. This database of sensitive information can be rejuvenated daily and may contain up to 100 million rows of information. You can also utilize EDM-based classifications with multiple different policies, including data loss prevention (DLP) policies.

Please note that EDM-based classification is available as part of the following subscriptions:

  • Office 365 E5
  • Microsoft 365 E5
  • Microsoft 365 E5 Compliance
  • Microsoft 365 E5/A5 Information Protection and Governance

There are three parts to creating and implementing an EDM-based classification, as follows:

  1. Saving sensitive data in a .csv or .tsv file structure
  2. Defining your sensitive information in your database schema
  3. Building a ruler package

We’ll look at these closely in the next few sections.

Leave a Reply

Your email address will not be published. Required fields are marked *