Microsoft Purview Information Protection – Part 7 – Cloud Build

Thank you for continuing to follow along with the Microsoft Purview blog post series. If you missed any of the previous posts, you can find them listed below:

Part 1: Introduction to Microsoft Purview
Part 2: Microsoft Purview Portal
Part 3: Microsoft Purview Roles and Scopes
Part 4: Turn on audit logs in Microsoft Purview
Part 5: Microsoft Purview Device Onboarding
Part 6: Enable Insider Risk Analytics in Microsoft Purview

In this blog post, I’m introducing Sensitive Information Types (SITs), which are part of the Information Protection solution available under the Solutions menu in the Microsoft Purview portal: https://purview.microsoft.com

To keep this series beginner-friendly and easy to digest, each post focuses on one concept at a time.

In the next post, Part 8, I’ll walk through the process of deploying a Sensitive Information Type (SIT) within the Purview portal.

Within Information Protection, there are several menu items to explore.

To start, I’ll focus on Classifiers > Sensitive Info Types, as this is a key area for identifying and managing sensitive data across your organisation.

What are Sensitive info types (SIT)?

Identifying and classifying sensitive items within your organisation is the first step in the Information Protection process.

Microsoft Purview offers three primary methods for identifying sensitive data which we will explore in this blog post series:

• Manually, by users
• via automated pattern recognition, as with Sensitive Information Types (SITs)
• via machine learning

Also known as SITs for short, Sensitive information types are pattern based classifiers. They detect sensitive information within your organisation, such as social security, credit card, bank account numbers and more to identify sensitive items. Microsoft provides a large number of built-in SITs. A complete list of Sensitive Information Types is available in the official Microsoft documentation at the following Microsoft link, Sensitive information type entity definitions, and these are also accessible directly from the Purview portal.

Here are a few examples of Sensitive Information Type (SIT) entity definitions from Microsoft’s list:

– Bulgaria passport number
– Croatia passport number
– Credit card number
– Finland national ID
– France passport number
– Spain driver’s license number
– U.K. national insurance number (NINO)
– U.K. driver’s license number
– U.K. Unique Taxpayer Reference Number
– U.A.E. identity card number
– And more

If the preconfigured/built-in sensitive information types (SITs) don’t meet your organisation’s needs, you can create custom SITs that you fully define, or you copy and modify one of the built-in types to suit your requirements.

So, what’s the benefit of using Sensitive Information Types (SITs)?
SITs are foundational to many Microsoft Purview solutions. One key example is their use in Data Loss Prevention (DLP) policies, where SITs can be added to detect and prevent the sharing of sensitive data, such as credit card numbers via email, Teams, or other communication channels. (More on DLP in a future post.)

Beyond DLP, SITs are used across several Microsoft Purview features, including:

• Data Loss Prevention policies
• Sensitivity labels
• Retention labels
• Insider risk management
• Communication compliance
• Auto-labeling policies
• Microsoft Priva

This versatility makes SITs a powerful tool for enforcing data protection and compliance across your organisation.

Example – use case

Imagine your organisation handles customer transactions and stores credit card information as part of its operations. You want to ensure that this sensitive data is not accidentally or intentionally shared via email, Teams, or other communication channels.

To address this, you can use Microsoft Purview to:

1. Deploy a Sensitive Information Type (SIT)
   Microsoft already provides a built-in SIT for credit card numbers, which uses pattern recognition to detect sequences that match known credit card formats. You can use this built-in SIT or create a custom SIT to match your organisation’s specific data patterns.
2. Create a Data Loss Prevention (DLP) Policy
   In the Microsoft Purview portal, you can create a DLP policy that includes/attaches the credit card SIT. This policy can be configured to:
   • Monitor emails and messages for credit card numbers.
   • Alert users when they attempt to send sensitive data.
   • Block the transmission entirely, depending on the severity and policy settings.

Apart from the built-in Sensitive Information Types (SITs) provided by Microsoft, there are other types, such as custom SITs and Exact Data Match (EDM) SITs, which I’ll be covering later in this blog post series.

I hope you now have a basic understanding of Sensitive Information Types (SITs) and the important role they play in Microsoft Purview’s Information Protection capabilities.

Thank you for following along with this blog post series.

Join me in Part 8, where I’ll walk through the process of deploying a Sensitive Information Type (SIT) within the Purview portal.

Don’t forget to subscribe to new posts so you’re notified by email when the next one is published.