In Part 2 I’ll show you how to customize your existing policy and add Sensitive Info Types, Policy Tips and notifications to the policy. Please see Part 1 for the policy creation
1. Open the ‘Security and Compliance‘ from the Microsoft Admin Center
2. Find the policy you created in Part 1 and select it
3. Edit the policy
4. On the next screen select ‘Policy Settings‘ and ‘Low volume of content detected PII Demo‘
What is Low volume of content detected PII Demo ?
Low volume of content detected PII Demo This rule looks for files containing between 1 and 10 occurrences of each of two types of sensitive information (U.K. National Insurance Number (NINO) U.S. / U.K. Passport Number), where the files are shared with people outside the organization. If found, the rule sends an email notification to the primary site collection administrator, document owner, and person who last modified the document.
5. Edit the ‘Low volume of content detected PII Demo‘ setting
6. Add a new ‘Sensitive Info Type‘
7. Click ‘Add’ on the next screen to select a Sensitive Info Type
8. Add in the following:
EU Debit Card Number
Credit Card Number
I found an issue when testing these (which I will explain in Part 3)
9. Next select ‘Actions’
Under ‘User Notifications‘ ensure notifications are set to on. You can also customize the e-mail, policy tip text and also to additional people where sensitive information is attempted to be sent to external recipients.
10. Scroll down to the ‘User Overrides‘ and ‘Incident Reports‘
- User Overrides all users to provide business justification to override the policy
- Incident Reports is way to capture the activity where data has left the organisation
11. Save the policy
In Part 3 I’ll show you how to test the policy