SharePoint Online and Data Loss Protection (DLP)

So as you all should know by now, Data Loss Protection (DLP) was introduced into SharePoint Online earlier this year. This is really just an extension of the eDiscovery process in SharePoint, it is really used for checking the content you have in the site already. As I have spoken with other SharePoint people in the community and clients I have been surprised that not many people have used or even seen it.

To learn more about DLP as a whole, then review this video and details from TechNet: http://technet.microsoft.com/library/jj150527%28v=exchg.150%29

So to hopefully help with this, let’s take a look at it. Firstly we are talking SharePoint Online, so you will first need to have access to your tenant, and a site/site collection based on the “eDiscovery” template.

To make sure it should be look like this:

To start, we need to create a new case. To do this simply click the “Create New Case” button.

I have set the properties as shown below:

 

You’re case site should then be created and you should be taken to that site and should be ready for you to use.

So the first part of the DLP “search” process is to perform a “Search and Export” query. I named mine “Credit Card PII” as shown below.

As you can see you are able to add some free-text query, dates, and names or email addresses as well as set a scope for the results. At the bottom of the screen you get results back from Exchange or SharePoint.

So the plan here is to find any content that contain credit card numbers, so first off make sure you actually have content in the site that contains credit cards or this won’t work. Then we will start to add a query to retrieve the content.

Let’s start by understanding the syntax that should be used. The queries should be set in the following format:

SensitiveType:”{Type}|{Count Range}|{Confidence Range}”

The “SensitiveType” is required whereas the ranges are optional. The syntax can also be added to using regular search syntax.

An example of this combination could be something like this that finds all documents that contain 2 to 15 “Credit Card Numbers“, within all file types except “PDF” files.

SensitiveType:”Credit Card Number| 2..15″ AND
NOT
FileExtension:PDF

If you want to learn more about using search query syntax in eDiscovery you can visit the following documentation.

http://blogs.technet.com/b/quentin/archive/2014/07/30/using-search-properties-and-operators-with-ediscovery.aspx

So our example will be something simple to just get anything with credit card numbers in. We would use the following:

SensitiveType:”Credit Card Number

We could have chosen something else instead of “Credit Card Number“, to see the fully supported list you see the table below, or visit the TechNet page.

http://technet.microsoft.com/library/jj150541%28v=exchg.150%29.aspx

Information type name Primary region Category
ABA Routing Number United States finance
Australia Bank Account Number Australia finance
Australia Driver’s License Number Australia PII
Australia Medical Account Number Australia health
Australia Passport Number Australia PII
Australia Tax File Number Australia finance
Canada Bank Account Number Canada finance
Canada Driver’s License Number Canada PII
Canada Health Service Number Canada health
Canada Passport Number Canada PII
Canada Personal Health Identification Number (PHIN) Canada health
Canada Social Insurance Number Canada PII
Credit Card Number All finance
Drug Enforcement Agency (DEA) Number United States PII
EU Debit Card Number European Union finance
Finland National ID1 Finland PII
France Driver’s License Number France PII
France National ID Card (CNI) France PII
France Passport Number France PII
France Social Security Number (INSEE) France PII
German Driver’s License Number Germany PII
German Passport Number Germany PII
International Banking Account Number (IBAN) All finance
IP Address All PII
Israel Bank Account Number Israel finance
Israel National ID Israel PII
Italy Driver’s License Number Italy PII
Japan Bank Account Number Japan finance
Japan Driver’s License Number Japan PII
Japan Passport Number Japan PII
Japan Resident Registration Number Japan PII
Japan Social Insurance Number (SIN) Japan PII
New Zealand Ministry of Health Number New Zealand health
Saudi Arabia National ID Saudi Arabia PII
Poland National ID (PESEL)1 Poland PII
Poland Identity Card1 Poland PII
Poland Passport1 Poland PII
Spain Social Security Number (SSN) Spain PII
Sweden National ID Sweden PII
Sweden Passport Number Sweden PII
SWIFT Code All finance
Taiwan National ID1 Taiwan PII
U.K. Driver’s License Number United Kingdom PII
U.K. Electoral Roll Number United Kingdom PII
U.K. National Health Service Number United Kingdom health
U.K. National Insurance Number (NINO) United Kingdom health
U.S. / U.K. Passport Number United States and United Kingdom PII
U.S. Bank Account Number United States finance
U.S. Driver’s License Number United States PII
U.S. Individual Taxpayer Identification Number (ITIN) United States finance
U.S. Social Security Number (SSN) United States health

 

So we can use any of the syntax above to search for any type of PII data. Next I am going to set the source to my team site, currently have a file stored there with the content in. To do this I click the “Modify Query Scope

Next I will select the “Add Location” and past the URL of my Team Site and check it.

Now we should have a query form completed as shown below.

Adding a location will change the underlying the search query to be the following:

Now if we run the search we should get the results back as expected, obviously having to wait for Office 365 to perform a search crawl, which could take a while J

Of course the next step is to export the results or just to save it and perform the required hold and remedial work to fix this issue. This is the first implementation within the Office 365 platform, with great plans I am sure for future updates.

Liam Cleary

I work as an Associate Director for Protiviti in Virginia. My main focus is to ensure that SharePoint can either natively or with minimal customization meet the business requirement securely. I am currently a SharePoint MVP focused on Architecture but also cross the boundary into Development and Security. I am often found at user groups, conferences speaking, offering advice, spending time in the community, teaching my kids how to code, raspberry PI programming, hacking the planet and sometimes building Lego robots.

You may also like...