Microsoft Purview in the Real World (Dec 30, 2022)

December 31, 2022

Disclaimer

This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.

All the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.

Target Audience

Presales Technical Specialist running Endpoint DLP testing

Document Scope

The purpose of this document (and series) is to provide insights into various user cases, announcements, customer driven questions, etc.

Topics for this blog entry

Here are the topics covered in this issue of the blog:

Data Classification – what are “Entity” types vs. “BundledEntity” types.
Latest medical industry related Sensitive Information Types (SITs) tracked my Microsoft Purview

Out-of-Scope

This blog series and entry is only meant to provide information, but for your specific use cases or needs, it is recommended that you contact your Microsoft Account Team to find other possible solutions to your needs.

Sensitive Information Types – What are BundledEntity vs Entity types? 2022)

In Microsoft Purview, what are “Entity” types and what are “BundledEntity” types? Let us look at the definitions”:

BundledEntity – “Bundled named entity SITs detect all possible matches. Use them as broad criteria in your DLP policies for detecting sensitive items.”
Entity (aka unbundled) – “Unbundled named entity SITs have a narrower focus, like a single country. Use them when you need a DLP policy with a narrower detection scope.”

Sensitive Information Types (SIT) for medical industry (as of December 30, 2022)

This list is only for medical related Sensitive Information Types (SITs) and does not include SITs that can be used in other health and personal related information types, for example – a Personal Health Information (PHI) or Personal Identifiable Information (PII). Exampls of data that would reside within PHI or PII would be Credit Card information or Social Security Numbers. If you wish to see the full list of Out-of-the-Box SITs in Microsoft Purview, please reference the official Microsoft links in the Appendix and Links section below. Please note that Microsoft is always updating its Data Classification tools and Sensitive Information Types, meaning you should always check the official links and documents for the latest information.

Here is the list of medical related SITs as of December 2022:

All Medical Terms and Conditions (BundledEntity)
Blood Test Terms (Entity)
Brand Medication Names (Entity)
Diseases (Entity)
Generic Medication Names (Entity)
Impairments Listed in the U.S. Disability Evaluation under Social Security (Entity)
International Classification of Diseases (ICD-9) (Entity)
International Classification of Diseases (ICD-10) (Entity)
Lab Test Terms (Entity)
Lifestyles that Relate to Medical Conditions (Entity)
Medical Specialties (Entity)
Surgical Procedures (Entity)
Types of Medication (Entity) (Entity)