To allow specific departments to send sensitive information, create exceptions for those departments in your DLP policy. Alternatively, you might want to let your legal department be able to send patents to other organizations because it has a business need for doing so. After you associate the fingerprint with a DLP policy, DLP detects any outbound emails containing content that matches the patent fingerprint and deals with it according to your organization's policy.įor example, if you set up a DLP policy that prevents regular employees from sending outgoing messages containing patents, DLP uses the patent fingerprint to detect patents and block those emails. The original document can't be reconstructed from the hash value.) The patent fingerprint then becomes a SIT that you can associate with a DLP policy. (As a security measure, the original document itself isn't stored on the service only the hash value is stored. The fingerprint is saved as a data classification in Active Directory. DLP converts this word pattern into a document fingerprint, which is a small Unicode XML file containing a unique hash value that represents the original text. When you upload the original patent template, it's in one of the supported file types and in plain text. The patent template contains the blank fields "Patent title," "Inventors," and "Description", along with descriptions for each of those fields-that's the word pattern. If the outbound document isn't password protected and contains all the text from the original form, DLP can determine whether the document matches the document fingerprint. Everyone who fills out a form uses the same original set of words and then adds their own words to the document. That's why uploading a form or template creates the most effective type of document fingerprint. When you upload a file, DLP identifies the unique word pattern in the document, creates a document fingerprint based on that pattern, and uses that document fingerprint to detect outbound documents containing the same pattern. In the same way that a person's fingerprints have unique patterns, documents have unique word patterns. You have probably already guessed that documents don't have actual fingerprints, but the name helps explain the feature. Once you complete these steps, DLP detects any documents in outbound mail that match that fingerprint. To enable detection, upload an empty form to be converted to a document fingerprint. Ideally, your organization already has an established business practice of using certain forms to transmit sensitive information. Custom forms created specifically for your organization.Employee information forms for Human Resources departments.Health Insurance Portability and Accountability Act (HIPAA) compliance forms.Other examples of forms that you can upload include: This process works with any text-based forms used in your organization. Optionally, you can set up policy tips to notify senders that they might be sending sensitive information, and that the sender should verify that the recipients are qualified to receive the patents. For example, you can create a document fingerprint based on a blank patent template and then create a DLP policy that detects and blocks all outgoing patent templates with sensitive content filled in. Basic scenario for document fingerprintingĭocument fingerprinting is a Microsoft Purview Data Loss Prevention (DLP) feature that converts a standard form into a sensitive information type (SIT), which you can use in the rules of your DLP policies. If you choose not to, you won't be able to modify existing fingerprints or create new ones after April, 2023. If you are an E3 customer, we recommend upgrading to an E5 license. If you are an E5 customer, we recommend updating your existing fingerprints to take advantage of the full document fingerprint feature set.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |