So as you all should know by now, Data Loss Protection (DLP) was introduced into SharePoint Online earlier this year. This is really just an extension of the eDiscovery process in SharePoint, it is really used for checking the content you have in the site already. As I have spoken with other SharePoint people in the community and clients I have been surprised that not many people have used or even seen it.
To learn more about DLP as a whole, then review this video and details from TechNet: http://technet.microsoft.com/library/jj150527%28v=exchg.150%29
So to hopefully help with this, let’s take a look at it. Firstly we are talking SharePoint Online, so you will first need to have access to your tenant, and a site/site collection based on the “eDiscovery” template.
To make sure it should be look like this:
To start, we need to create a new case. To do this simply click the “Create New Case” button.
I have set the properties as shown below:
You’re case site should then be created and you should be taken to that site and should be ready for you to use.
So the first part of the DLP “search” process is to perform a “Search and Export” query. I named mine “Credit Card PII” as shown below.
As you can see you are able to add some free-text query, dates, and names or email addresses as well as set a scope for the results. At the bottom of the screen you get results back from Exchange or SharePoint.
So the plan here is to find any content that contain credit card numbers, so first off make sure you actually have content in the site that contains credit cards or this won’t work. Then we will start to add a query to retrieve the content.
Let’s start by understanding the syntax that should be used. The queries should be set in the following format:
SensitiveType:”{Type}|{Count Range}|{Confidence Range}”
The “SensitiveType” is required whereas the ranges are optional. The syntax can also be added to using regular search syntax.
An example of this combination could be something like this that finds all documents that contain 2 to 15 “Credit Card Numbers“, within all file types except “PDF” files.
SensitiveType:”Credit Card Number| 2..15″ AND
NOT
FileExtension:PDF
If you want to learn more about using search query syntax in eDiscovery you can visit the following documentation.
So our example will be something simple to just get anything with credit card numbers in. We would use the following:
SensitiveType:”Credit Card Number”
We could have chosen something else instead of “Credit Card Number“, to see the fully supported list you see the table below, or visit the TechNet page.
http://technet.microsoft.com/library/jj150541%28v=exchg.150%29.aspx
Information type name | Primary region | Category |
ABA Routing Number | United States | finance |
Australia Bank Account Number | Australia | finance |
Australia Driver’s License Number | Australia | PII |
Australia Medical Account Number | Australia | health |
Australia Passport Number | Australia | PII |
Australia Tax File Number | Australia | finance |
Canada Bank Account Number | Canada | finance |
Canada Driver’s License Number | Canada | PII |
Canada Health Service Number | Canada | health |
Canada Passport Number | Canada | PII |
Canada Personal Health Identification Number (PHIN) | Canada | health |
Canada Social Insurance Number | Canada | PII |
Credit Card Number | All | finance |
Drug Enforcement Agency (DEA) Number | United States | PII |
EU Debit Card Number | European Union | finance |
Finland National ID1 | Finland | PII |
France Driver’s License Number | France | PII |
France National ID Card (CNI) | France | PII |
France Passport Number | France | PII |
France Social Security Number (INSEE) | France | PII |
German Driver’s License Number | Germany | PII |
German Passport Number | Germany | PII |
International Banking Account Number (IBAN) | All | finance |
IP Address | All | PII |
Israel Bank Account Number | Israel | finance |
Israel National ID | Israel | PII |
Italy Driver’s License Number | Italy | PII |
Japan Bank Account Number | Japan | finance |
Japan Driver’s License Number | Japan | PII |
Japan Passport Number | Japan | PII |
Japan Resident Registration Number | Japan | PII |
Japan Social Insurance Number (SIN) | Japan | PII |
New Zealand Ministry of Health Number | New Zealand | health |
Saudi Arabia National ID | Saudi Arabia | PII |
Poland National ID (PESEL)1 | Poland | PII |
Poland Identity Card1 | Poland | PII |
Poland Passport1 | Poland | PII |
Spain Social Security Number (SSN) | Spain | PII |
Sweden National ID | Sweden | PII |
Sweden Passport Number | Sweden | PII |
SWIFT Code | All | finance |
Taiwan National ID1 | Taiwan | PII |
U.K. Driver’s License Number | United Kingdom | PII |
U.K. Electoral Roll Number | United Kingdom | PII |
U.K. National Health Service Number | United Kingdom | health |
U.K. National Insurance Number (NINO) | United Kingdom | health |
U.S. / U.K. Passport Number | United States and United Kingdom | PII |
U.S. Bank Account Number | United States | finance |
U.S. Driver’s License Number | United States | PII |
U.S. Individual Taxpayer Identification Number (ITIN) | United States | finance |
U.S. Social Security Number (SSN) | United States | health |
So we can use any of the syntax above to search for any type of PII data. Next I am going to set the source to my team site, currently have a file stored there with the content in. To do this I click the “Modify Query Scope”
Next I will select the “Add Location” and past the URL of my Team Site and check it.
Now we should have a query form completed as shown below.
Adding a location will change the underlying the search query to be the following:
Now if we run the search we should get the results back as expected, obviously having to wait for Office 365 to perform a search crawl, which could take a while J
Of course the next step is to export the results or just to save it and perform the required hold and remedial work to fix this issue. This is the first implementation within the Office 365 platform, with great plans I am sure for future updates.
You must log in to post a comment.