If you read the Office 365 messages that appear in your tenant, then you will have noticed that a single announcement about Sensitive Types for Data Loss Prevention.
Clicking on the item, displays all the details about this change.
If you read the notice then you will see that Microsoft has expanded support for custom sensitive types beyond Exchange to also include SharePoint, OneDrive, Outlook, Office Clients, and supported mobile apps. In order to make the most of this you need to understand how to create a sensitive type using the XML definition format.
To retrieve any existing XML definitions, you must first connect to Office 365 and use the Get-ClassificationRuleCollection (more details on this command can be found here). To connect to Office 365, you can use the following PowerShell.
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Once this has completed you will be presented with a valid session displaying the list of commands that are now available to you in your PowerShell session.
Now we can run the Get-ClassificationRuleCollection command, which will probably prompt for credentials again and load that command into the PowerShell session too. Once loaded you can for example access the rule collection by name using the following PowerShell commands.
Get-ClassificationRuleCollection “Microsoft Rule Package” | Format-List
This will just return the basic properties of the category, to get an export of all the rules we would use the following PowerShell.
$rulesCollection = Get-ClassificationRuleCollection
Set-Content -path "C:\Output\exportedRules.xml" -Encoding Byte -Value $rulesCollection.SerializedClassificationRuleCollection
Once this has completed you can open the exported file, and using search/find go down to the “
From here you can modify or amend any of the values as needed. For this example though we will create a brand new policy and a new custom package that is unique. To do this first create a new XML file using your editor of choice and add the following:
Press the Next button and then you can specific whether to test it, turn if on or keep it off as you need. Once set, press Next and then press the Create button. This will then create the new rule, based on the custom XML we uploaded into the Security & Compliance center. Further changes can be made simply by exporting out the file and amending as needing then updating using the PowerShell command:
As an example if we wanted to find content that matched this format “274958HELLOITSL”, then we would use a regex to find this within the content we assign it too. Within the existing files we created we can add the following two blocks of XML:
Policy, Regex and Keyword to search on
String values associated to the new Policy
Now we can run the Set command using the following.
Set-DlpSensitiveInformationTypeRulePackage -FileData (Get-Content -Path “C:\Output\CustomRule.xml” -Encoding Byte)
This command, once validated the XML will prompt to update as needed.
The new one should then be listed alongside the original one and be available to use like the previously created one.
All in all, this is a great function allowing you to create rules that are organization specific to the content you wish to control.
More details of what you can do, along with examples of the XML structure can be found here.