Listen to this Post
Introduction:
In the modern digital landscape, sensitive data is the lifeblood of organizations, but it also represents their greatest liability. Microsoft Purview Sensitive Information Types (SITs) are the foundational building blocks for classifying and protecting this critical data. By leveraging these intelligent classifiers, organizations can move from a reactive to a proactive security posture, automatically discovering and safeguarding information across their Microsoft 365 environment to meet stringent compliance demands and mitigate data loss risks.
Learning Objectives:
- Understand the core function of Sensitive Information Types (SITs) and their critical role in data loss prevention (DLP) and compliance frameworks.
- Learn how to create and implement custom SITs to protect unique organizational data, such as proprietary employee IDs.
- Master the process of integrating SITs into DLP policies within the Microsoft Purview portal to enforce automated protection measures.
You Should Know:
1. Demystifying Sensitive Information Types (SITs)
SITs are essentially intelligent patterns and classifiers used by Microsoft Purview to identify specific categories of sensitive information within your content. Think of them as highly trained sniffer dogs for your data, scanning for the digital fingerprints of items like credit card numbers, passports, or API keys. They matter because manual data classification is impractical at scale. SITs automate this discovery, forming the bedrock for enforcing security policies, preventing accidental or malicious data leaks, and demonstrating compliance with regulations like GDPR, HIPAA, and CCPA.
Step-by-step guide explaining what this does and how to use it.
Step 1: Access the Microsoft Purview Compliance Portal. Navigate to `https://compliance.microsoft.com` and sign in with an account that has the necessary compliance permissions.
Step 2: Navigate to SIT Management. In the left-hand navigation pane, go to Data classification > Sensitive info types. Here, you will see the vast library of built-in SITs provided by Microsoft.
Step 3: Analyze a Built-in SIT. Click on a built-in type, such as “Credit Card Number,” to understand its components. You will see it is defined by:
Pattern: A regular expression (e.g., `\b(4\d{12}(\d{3})?|5[1-5]\d{14}|3[bash]\d{13}|6(011|5\d{2})\d{12})\b` for credit cards).
Corroborative Evidence: Supporting keywords (e.g., “card,” “expiry”) or checksum validations (like the Luhn algorithm) that increase confidence.
Confidence Level: A rating (High, Medium, Low) based on the evidence found.
- Migrating from the Legacy Compliance Center to Purview
Microsoft is consolidating its compliance and data governance tools under the Purview umbrella. The legacy Security & Compliance Center (`https://protection.office.com`) is being deprecated in favor of the more robust and integrated Microsoft Purview Compliance Portal. This migration is not just a URL change; it represents a shift towards a unified data governance platform with enhanced capabilities for data discovery, classification, and protection across multi-cloud and on-premises environments.
Step-by-step guide explaining what this does and how to use it.
Step 1: Update Your Bookmarks. Immediately change your bookmarks from the legacy Office 365 Security & Compliance Center to the Purview Compliance Portal (`https://compliance.microsoft.com`).
Step 2: Familiarize Yourself with the Purview Interface. Spend time exploring the Purview dashboard. Key areas for SIT work include “Data Classification,” “Policies” for DLP, and “Information Protection.”
Step 3: Re-evaluate Existing Policies. If you are migrating old DLP policies, log into Purview and review them. The underlying SITs are more advanced, and you may be able to enhance your existing rules with the new context and features available.
- Creating a Custom SIT for Unique Organizational Data
While Microsoft provides over 100 built-in SITs, every organization has unique sensitive data. A common example is a custom Employee ID format (e.g., EZCLD-XXXXX). Relying on built-in types will not protect this. Creating a custom SIT allows you to define a precise pattern for this data, enabling Purview to detect and classify it with the same rigor as a social security number.
Step-by-step guide explaining what this does and how to use it.
Step 1: Plan Your Pattern. Define the exact structure of your data. For an Employee ID like EMP-12345, the pattern is three letters, a hyphen, and five digits. This can be expressed as a Regular Expression (Regex): EMP-\d{5}.
Step 2: Create the Custom SIT. In the Purview portal, go to Sensitive info types and click + Create. Give it a name like “Custom Employee ID.”
Step 3: Define the Pattern.
In the “Pattern” section, set the “Primary element” to a Regular Expression and enter your regex: EMP-\d{5}.
To increase accuracy, add a “Supporting element” with keywords like “employee,” “ID,” “badge.”
Step 4: Set Confidence Levels. Assign confidence levels based on the evidence. Finding the pattern and a keyword might yield “High confidence,” while the pattern alone might be “Medium confidence.”
- Leveraging SITs in Data Loss Prevention (DLP) Policies
Creating an SIT is only half the battle; its true power is unleashed when integrated into a DLP policy. A DLP policy uses SITs as its “condition.” When content containing data matching the SIT is detected, the policy automatically triggers protective actions, such as blocking the email from being sent, restricting file sharing, or alerting the security team.
Step-by-step guide explaining what this does and how to use it.
Step 1: Create a New DLP Policy. In the Purview portal, navigate to Data loss prevention > Policies and click + Create policy.
Step 2: Choose Locations and Template. Select the locations to protect (e.g., Exchange Online, SharePoint, OneDrive) and choose a template aligned with your compliance needs or start custom.
Step 3: Configure Advanced DLP Rules. Click “Create or customize advanced DLP rules.” In the rules editor, under “Conditions,” add a new condition and select “Content contains” > “Sensitive info types.” Search for and select your custom “Custom Employee ID” SIT.
Step 4: Set Actions. Under “Actions,” define what happens when a match is found. Common actions include “Block people from sharing, restrict access, or block people from sharing externally” and “Send an alert to admins.”
- Advanced SITs: Identifying Client Secrets and API Keys
The example of identifying “Client Secrets” is a critical advanced use case. These are often long, random strings used for authentication (e.g.,sk_live_51Haxxxxxxxxxxxxxxxxxxxx). They don’t follow a simple, predictable pattern like an Employee ID. For these, you must create a more complex SIT that combines a base pattern (e.g., a prefix likesk_live_) with a character pattern for the secret itself and high-confidence keywords.
Step-by-step guide explaining what this does and how to use it.
Step 1: Define the Complex Pattern. A Stripe secret key, for instance, can be defined with a regex that looks for the prefix and a long alphanumeric string: (sk_live_)[a-zA-Z0-9]{20,}.
Step 2: Add Strong Corroborative Evidence. Use supporting elements with keywords that are almost certainly present where these secrets are documented, such as “API key,” “secret,” “private key,” “Stripe.” Match these with high confidence.
Step 3: Test Extensively. Use the “Test” feature in the SIT creation wizard. Paste sample text containing a fake secret key (sk_live_51HaFAKEKEYFAKEKEY12345) and surrounding context like “Here is our Stripe secret key.” Verify it triggers a high-confidence match before deploying the policy.
What Undercode Say:
- Automation is Non-Negotiable: The scale and velocity of modern data creation make manual classification and protection a fool’s errand. SITs are the essential engine for automated, intelligent data security.
- Customization is Power: An organization’s most valuable data is often its most unique. The ability to create custom SITs transforms Microsoft Purview from a generic compliance tool into a tailored security asset that understands and protects your specific business context.
The strategic value of SITs lies in their position as the critical link between raw data and enforceable policy. They translate business logic (e.g., “our employee IDs are sensitive”) into machine-readable rules that the entire M365 security stack can act upon. While the migration to Purview represents a learning curve, it is a necessary evolution towards a more holistic and powerful governance model. Organizations that master the creation and deployment of custom SITs will gain a significant advantage, not just in compliance reporting, but in actively reducing their attack surface and preventing costly data breaches. Failing to leverage these tools means leaving a massive blind spot in your organization’s security posture.
Prediction:
The future of data classification and SITs is deeply intertwined with artificial intelligence and machine learning. We will see a rapid shift from purely regex-based pattern matching to AI models that understand context and intent. Future SITs will not just look for a pattern but will analyze the surrounding document semantics, user behavior, and data flow to make more accurate classifications. For instance, an AI-powered SIT could distinguish between a live API key in a production config file (high risk) versus the same pattern in a developer’s tutorial document (low risk). This will lead to a dramatic reduction in false positives and enable more granular, risk-based DLP policies that automatically adapt to the evolving tactics of both malicious actors and internal threats.
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Sathish Veerapandian – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
