Updates from: 08/02/2022 01:27:44
Category Microsoft Docs article Related commit history on GitHub Change details
includes Defender Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/includes/defender-content-updates.md
+<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
+++
+## Week of July 18, 2022
++
+| Published On |Topic title | Change |
+|||--|
+| 7/18/2022 | [Defender Threat Intelligence](/defender/threat-intelligence/index) | added |
++
+## Week of June 20, 2022
++
+| Published On |Topic title | Change |
+|||--|
+| 6/23/2022 | [Defender Threat Intelligence](/defender-threat-intelligence/index) | modified |
threat-intelligence Analyst Insights https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/analyst-insights.md
+
+ Title: 'Microsoft Defender Threat Intelligence (Defender TI) Analyst Insights'
+description: 'In this overview article, learn about the Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs analyst insights feature.'
++++ Last updated : 08/02/2022+++
+# Analyst insights
+
+In Microsoft Defender Threat Intelligence (Defender TI), the Analyst Insights section provides quick insights about the artifact that may help determine the next step in an investigation. This section will list any insights that apply to the artifact, as well as those that do not apply for additional visibility. In the below example, we can quickly determine that the IP Address is routable, hosts a web server, and had an open port within the past five days. Furthermore, the system displays rules that were not triggered, which can be equally helpful when kickstarting an investigation.
+
+![Analyst Insights Edge Screenshot](media/analystInsightsEdgeScreenshot.png)
+
+## Analyst insight types and questions they can address
+
+| Analyst insight types | Questions they can address |
+|--||
+| Blocklisted | Is/when was the domain, host, or IP address blocklisted? |
+| | How many times has Defender TI blocklisted the domain, host, or IP? |
+| Registered & Updated | How many days, months, years ago was the domain registered? |
+| | When was the domain WHOIS Record updated? |
+| Subdomain IP count | How many different IPs are associated with the subdomains of the domain? |
+| New subdomain observations | When was the last time Microsoft observed a new subdomain for the domain in question? |
+| Registered & Resolving | Does the domain queried exist? |
+| | Does the domain resolve to an IP address? |
+| Number of Domains sharing the WHOIS record | What other domains share the same WHOIS record? |
+| Number of domains sharing the Name Server | What other domains share the same name server record? |
+| Crawled by RiskIQ | When was this host or domain last crawled by Microsoft? |
+| International Domain | Is the domain queried for an international domain name (IDN)? |
+| Blocklisted by Third Party | Is this indicator blocklisted by a third-party? |
+| Tor Exit Node Status | Is the IP address in questions associated with The Onion Router Network (Tor)? |
+| Open Ports Detected | When did Microsoft last port scan this IP address? |
+| Proxy Status | What is the proxy status of this indicator? |
+| Host Last Observed | Is the IP address in question internet accessible? |
+| Hosts a Web Server | Does the IP address have a DNS server that uses its resources to resolve the name into it for the appropriate web server? |
+
+## Next steps
+
+For more information, see:
+
+- [Reputation scoring](reputation-scoring.md)
+- [Using tags](using-tags.md)
threat-intelligence Data Sets https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/data-sets.md
+
+ Title: 'Microsoft Defender Threat Intelligence (Defender TI) Data Sets'
+description: 'In this overview article, learn about Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs data sets feature.'
++++ Last updated : 08/02/2022+++
+# Data sets
+
+Microsoft centralizes numerous data sets into a single platform, Microsoft Defender Threat Intelligence (Defender TI), making it easier for MicrosoftΓÇÖs community and customers to conduct infrastructure analysis. MicrosoftΓÇÖs primary focus is to provide as much data as possible about Internet infrastructure to support a variety of security use cases.
+
+Microsoft collects, analyzes, and indexes internet data to assist users in detecting and responding to threats, prioritizing incidents, and proactively identifying adversariesΓÇÖ infrastructure associated with actor groups targeting their organization. Microsoft collects internet data via itsΓÇÖ PDNS sensor network, global proxy network of virtual users, port scans, and leverages third-party sources for malware and added Domain Name System (DNS) data.
+
+This internet data is categorized into two distinct groups: traditional and advanced. Traditional data sets include Resolutions, Whois, SSL Certificates, Subdomains, Hashes, DNS, Reverse DNS, and Services. Advanced data sets include Trackers, Components, Host Pairs, and Cookies. Trackers, Components, Host Pairs, and Cookies data sets are collected from observing the Document Object Model (DOM) of web pages crawled. Additionally, Components and Trackers are also observed from detection rules that are triggered based on the banner responses from port scans or SSL Certificate details.
+
+![Data Sets Edge Screenshot](media/dataSetsEdgeScreenshot.png)
+
+## Resolutions
+
+Passive DNS (PDNS) is a system of record that stores DNS resolution data for a given location, record, and timeframe. This historical resolution data set allows users to view which domains resolved to an IP address and vice versa. This data set allows for time-based correlation based on domain or IP overlap.
+PDNS may enable the identification of previously unknown or newly stood-up threat actor infrastructure. Proactive addition of indicators to blocklists can cut off communication paths before campaigns take place. Users will find A record resolution data within the Resolutions data set tab and will find more types of DNS records in the DNS data set tab.
+
+Our PDNS resolution data includes the following:
+
+- **Resolve:** the name of the resolving entity (either an IP Address or Domain)
+- **Location:** the location the IP address is hosted in.
+- **Network:** the netblock or subnet associated with the IP address.
+- **ASN:** the autonomous system number and organization name
+- **First Seen:** a timestamp that displays the date that we first observed this resolution.
+- **Last Seen:** a timestamp that displays the date that we last observed this resolution.
+- **Source:** the source that enabled the detection of the relationship.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Resolutions](media/dataTabResolutions.png)
+
+## Questions this data set may help answer:
+
+### Domains
+- When was the domain first observed resolving to an IP address by Defender TI?
+
+ ![Data Sets Domain First Seen](media/dataSetsDomainFirstSeen.png)
+
+- When was the last time it was seen actively resolving to an IP address by Defender TI?
+ ![Data Sets Domain Last Seen](media/dataSetsDomainLastSeen.png)
+
+- What IP address(s) does it currently resolve to?
+ ![Data Sets Domain Active Re solutions](media/dataSetsDomainActiveResolutions.png)
+
+### IP Addresses
+- Is the IP address routable?
+
+ ![Data Sets Routable IPs](media/dataSetsRoutableIPs.png)
+
+- What subnet is it part of?
+
+ ![Data Sets IP Subnet](media/dataSetsIPSubnet.png)
+
+- Is there an owner associated with the subnet?
+
+ ![Data Sets IP Owner](media/dataSetsIPOwner.png)
+
+- What AS is it part of?
+
+ ![Data Sets IPASN](media/dataSetsIPASN.png)
+
+- What geolocation is there?
+ ![Data Sets IP Geo location](media/dataSetsIPGeolocation.png)
+
+## Whois
+
+Thousands of times a day, domains are bought and/or transferred between individuals and organizations. The process to make all of this happen is easy and only takes a few minutes and roughly $7 depending on the registrar provider. Beyond payment details, you must supply additional information about yourself, some of which gets stored as part of a Whois record once the domain has been set up. This would be considered a public domain registration. However, there are private domain registration services, where you can hide your personal information from your domainΓÇÖs Whois record. In these situations, the domain ownerΓÇÖs information is safe and replaced by their registrarΓÇÖs information. More actor groups are performing private domain registrations to make it more difficult for analysts to find other domains that they own. Defender TI provides a variety of data sets to find actorsΓÇÖ shared infrastructure when Whois records donΓÇÖt provide leads.
+
+Whois is a protocol that lets anyone query information about a domain, IP address, or subnet. One of the most common functions for Whois in threat infrastructure research is to identify or connect disparate entities based on unique data shared within Whois records. If you were reading carefully or ever purchased a domain yourself, you may have noticed that the content requested from the registrars is never verified. In fact, you could have put anything in the record (and a lot of people do) which would then be displayed to the world.
+
+Each Whois record has several different sections, all of which could include different information. Commonly found sections include ΓÇ£registrarΓÇ¥, ΓÇ£registrantΓÇ¥, ΓÇ£administratorΓÇ¥, and ΓÇ£technicalΓÇ¥ with each potentially corresponding to a different contact for the record. A lot of the time this data is duplicated across sections, but in some cases, there may be slight discrepancies, especially if an actor made a mistake. When viewing Whois information within Defender TI, you will see a condensed record that de-duplicates any data and notates which part of the record it came from. We have found this process greatly speeds up the analyst workflow and avoids any overlooking of data. The Defender TI's Whois information is powered by the WhoisIQΓäó database.
+
+Our Whois data includes the following:
+- **Record Updated:** a timestamp that indicates the day a Whois record was last updated.
+- **Last Scanned:** the date that the Defender TI system last scanned the record.
+- **Expiration:** the expiration date of the registration, if available.
+- **Created:** the age of the current Whois record.
+- **Whois Server:** the server is set-up by an ICANN accredited registrar to acquire up-to-date information about domains that are registered within it.
+- **Registrar:** the registrar service used to register the artifact.
+- **Domain Status:** the current status of the domain. An ΓÇ¥active" domain is live on the internet.
+- **Email:** any email addresses found in the Whois record, and the type of contact each one is associated with (e.g. admin, tech).
+- **Name:** the name of any contacts within the record, and the type of contact each is associated with.
+- **Organization:** the name of any organizations within the record, and the type of contact each is associated with.
+- **Street:** any street addresses associated to the record, and the type of contact it is associated with.
+- **City:** any city listed in an address associated to the record, and the type of contact it is associated with.
+- **State:** any states listed in an address associated to the record, and the type of contact it is associated with.
+- **Postal Code:** any postal codes listed in an address associated to the record, and the type of contact it is associated with.
+- **Country:** any countries listed in an address associated to the record, and the type of contact it is associated with.
+- **Phone:** any phone numbers listed in the record, and the type of contact it is associated with.
+- **Name Servers:** any name servers associated to the registered entity.
+
+## Current Whois lookups
+
+![Data Tab WHOIS](media/dataTabWHOIS.png)
+
+Defender TIΓÇÖs current Whois repository highlights all domains in MicrosoftΓÇÖs Whois collection that are currently registered and associated with the Whois attribute of interest. This data highlights the domain's registration and expiration date, along with the email address used to register the domain. This data is displayed in the Whois Search tab of the platform.
+
+## Historical Whois lookups
+
+![Search Whois History](media/searchWhoisHistory.png)
+
+Defender TIΓÇÖs Whois History repository provides users with access to all known historical domain associations to Whois attributes based on the systemΓÇÖs observations. This data set highlights all domains associated with an attribute that a user pivots from displaying the first time and the last time we observed the association between the domain and attribute queried. This data is displayed in a separate tab next to the current Whois Search tab.
+
+**Questions this data set may help answer:**
+
+- How old is the domain?
+
+ ![Data Sets Whois Domain Age](media/dataSetsWhoisDomainAge.png)
+
+- Does the information appear to be privacy protected?
+
+ ![Data Sets Whois Privacy Protected](media/dataSetsWhoisPrivacyProtected.png)
+
+- Does any of the data appear to be unique?
+
+ ![Data Sets Whois Unique](media/dataSetsWhoisUnique.png)
+
+- What name servers are used?
+
+ ![Data Sets Whois Name Servers](media/dataSetsWhoisNameServers.png)
+
+- Is this a sinkhole domain?
+
+ ![Data Sets Whois Sinkhole](media/dataSetsWhoisSinkhole.png)
+
+- Is this a parked domain?
+
+ ![Data Sets Whois Parked Domain](media/dataSetsWhoisParkedDomain.png)
+
+- Is this a honeypot domain?
+
+ ![Data Sets Whois Honeypot Domain](media/dataSetsWhoisHoneypotDomain.png)
+
+- Is there any history?
+
+ ![Data Sets Whois History](media/dataSetsWhoisHistory.gif)
+
+- Are there any fake privacy protection emails?
+
+ ![Data Sets Whois Fake Privacy Emails](media/dataSetsWhoisFakePrivacyEmails.png)
+
+- Are there any fake names in the Whois record?
+
+- Did you identify additional related IOCs from searching against potentially shared Whois values across domains?
+
+ ![Data Sets Whois Shared Value Search](media/dataSetsWhoisSharedValueSearch.gif)
+
+## Certificates
+Beyond securing your data, SSL Certificates are a fantastic way for users to connect disparate network infrastructure. Modern scanning techniques allow us to perform data requests against every node on the Internet in a matter of hours, meaning we can easily associate a certificate to an IP address hosting it on a regular basis.
+
+Much like a Whois record, SSL certificates require information to be supplied by the user to generate the final product. Aside from the domain, the SSL certificate is being created for (unless self-signed), any of the additional information can be made up by the user. Where MicrosoftΓÇÖs users see the most value from SSL certificates is not necessarily the unique data someone may use when generating the certificate, but where it's hosted.
+
+To access an SSL certificate, it needs to be associated with a web server and exposed through a particular port (most often 443). Using mass Internet scans on a weekly basis, it's possible to scan all IP addresses and obtain any certificate being hosted to build a historic repository of certificate data. Having a database of IP addresses to SSL certificate mappings provides users with a way to identify overlaps in infrastructure.
+
+To further illustrate this concept, imagine an actor has set up a server with a self-signed SSL certificate. After several days, defenders become wise to their infrastructure and block the webserver hosting malicious content. Instead of destroying all their hard work, the actor merely copies all the contents (including the SSL certificate) and places them on a new server. As a user, a connection can now be made using the unique SHA-1 value of the certificate to say that both web servers (one blocked, one unknown) are connected in some way.
+
+What makes SSL certificates more valuable is that they are capable of making connections that passive DNS or Whois data may miss. This means more ways of correlating potential malicious infrastructure and identifying potential operational security failures of actors. Defender TI has collected over 30 million certificates from 2013 until the present day and provides users with the tools to make correlations on certificate content and history.
+
+SSL certificates are files that digitally bind a cryptographic key to a set of user-provided details. Using internet-scanning techniques, Defender TI collects SSL certificate associations from IP addresses on various ports. These certificates are stored inside of a local database and allow us to create a timeline for where a given SSL certificate appeared on the Internet.
+
+Our certificate data includes the following:
+
+- **Sha1:** The SHA1 algorithm hash for an SSL Cert asset.
+- **First Seen:** a timestamp that displays the date that we first observed this certificate on an artifact.
+- **Last Seen:** a timestamp that displays the date that we last observed this certificate on an artifact.
+- **Infrastructure:** any related infrastructure associated with the certificate.
+
+![Data Tab Certificates List](media/dataTabCertificatesList.png)
+
+When a user expands on a SHA1 hash, the user will be able to see details about the following, which includes:**
+- **Serial Number:** The serial number associated with an SSL certificate.
+- **Issued:** The date when a certificate was issued.
+- **Expires:** The date when a certificate will expire.
+- **Subject Common Name:** The Subject Common Name for any associated SSL Certs.
+- **Issuer Common Name:** The Issuer Common Name for any associated SSL Certs.
+- **Subject Alternative Name(s):** Any alternative common names for the SSL Cert.
+- **Issuer Alternative Name(s):** Any additional names of the issuer.
+- **Subject Organization Name:** The organization linked to the SSL certificate registration.
+- **Issuer Organization Name:** The name of the organization that orchestrated the issue of a certificate.
+- **SSL Version:** The version of SSL that the certificate was registered with.
+- **Subject Organization Unit:** Optional metadata that indicates the department within an organization that is responsible for the certificate.
+- **Issuer Organization Unit:** Additional information about the organization issuing the certificate.
+- **Subject Street Address:** The street address where the organization is located.
+- **Issuer Street Address:** The street address where the issuer organization is located.
+- **Subject Locality:** The city where the organization is located.
+- **Issuer Locality:** The city where the issuer organization is located.
+- **Subject State/Province:** The state or province where the organization is located.
+- **Issuer State/Province:** The state or province where the issuer organization is located.
+- **Subject Country:** The country where the organization is located.
+- **Issuer Country:** The country where the issuer organization is located.
+- **Related Infrastructure:** any related infrastructure associated with the certificate.
+
+![Data Tab Certificate Details](media/dataTabCertificateDetails.png)
+
+**Questions this data set may help answer:**
+
+- What other infrastructure has this certificate been observed associated with?
+
+ ![Data Sets Certificate Related Infrastructure](media/dataSetsCertificateRelatedInfrastructure.png)
+
+- Are there any unique data points in the certificate that would serve as good pivot points?
+
+ ![Data Sets Certificate Pivot Points](media/dataSetsCertificatePivotPoints.png)
+
+- Is the certificate self-signed?
+
+ ![Data Sets Certificate Self Signed](media/dataSetsCertificateSelfSigned.png)
+
+- Is the certificate from a free provider?
+
+ ![Data Sets CertificateFree Provider](media/dataSetsCertificateFreeProvider.png)
+
+- Over what timeframe has the certificate been observed in use?
+
+ ![Data Sets Certificates Observation Dates](media/dataSetsCertificatesObservationDates.png)
+
+## Subdomains
+
+A subdomain is an internet domain, which is part of a primary domain. Subdomains are also referred to as "hosts". As an example, "docs.microsoft.com" is a subdomain of "microsoft.com". For every subdomain, there could be a new set of IP addresses to which the domain resolves to and this can be a great data source for finding related infrastructure.
+
+Our subdomain data includes the following:
+
+- **Hostname:** the subdomain associated with the domain that was searched.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Sub domains](media/dataTabSubdomains.png)
+
+**Questions this data set may help answer:**
+
+- Are there more subdomains associated with the higher-level domain?
+
+ ![Data Sets Sub domains](media/dataSetsSubdomains.png)
+
+- Are any subdomains associated with malicious activity?
+
+ ![Data Sets Sub domains Malicious](media/dataSetsSubdomainsMalicious.png)
+
+- If this is your domain, do any subdomains look unfamiliar?
+
+- Is there any pattern to the subdomains that are listed associated with other malicious domains?
+
+- Does pivoting off each subdomain reveal new IP space not previously associated with the target?
+
+- What other unrelated infrastructure can you find that does not match the root domain?
+
+## Trackers
+
+Trackers are unique codes or values found within web pages and often used to track user interaction. These codes can be used to correlate a disparate group of websites to a central entity. Often, actors will copy the source code of a victimΓÇÖs website they are looking to impersonate for a phishing campaign. Seldomly will actors take the time to remove these IDs that allow users to identify these fraudulent sites using MicrosoftΓÇÖs Trackers data set. Actors may also deploy tracker IDs to see how successful their cyber-attack campaigns are. This is similar to marketers when they leverage SEO IDs, such as a Google Analytics Tracker ID, to track the success of their marketing campaign.
+
+MicrosoftΓÇÖs Tracker data set includes IDs from providers like Google, Yandex, Mixpanel, New Relic, Clicky, and is continuing to grow on a regular basis.
+
+Our tracker data includes the following:
+
+- **Hostname:** the hostname that hosts the infrastructure where the tracker was detected.
+- **First Seen:** a timestamp that displays the date that we first observed this tracker on the artifact.
+- **Last Seen:** a timestamp that displays the date that we last observed this tracker on the artifact.
+- **Type:** the type of tracker that was detected (e.g. GoogleAnalyticsID, JarmHash).
+- **Value:** the identification value for the tracker.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Trackers](media/dataTabTrackers.png)
+
+**Questions this data set may help answer:**
+
+- Are there other resources using the same analytics IDs?
+
+ ![Data Sets Trackers Pivot Analytics Account](media/dataSetsTrackersPivotAnalyticsAccount.gif)
+
+- Are these resources associated with the organization, or are they attempting to conduct an infringement attack?
+
+- Is there any overlap between trackersΓÇôare they shared with other websites?
+
+- What are the types of trackers found within the web page?
+
+ ![Data Sets Trackers Types](media/dataSetsTrackersTypes.png)
+
+- What is the length of time for trackers?
+
+ ![Data Sets Trackers LengthOf Time](media/dataSetsTrackersLengthOfTime.png)
+
+- What is the frequency of change for tracker valuesΓÇô do they come, go, or remain?
+
+- Are there any trackers linking to website cloning software (MarkOfTheWeb or HTTrack)?
+
+ ![Data Sets TrackersHt Track](media/dataSetsTrackersHtTrack.png)
+
+- Are there any trackers linking to malicious C2 server malware (JARM)?
+
+ ![Data Sets Trackers JARM](media/dataSetsTrackersJARM.png)
+
+## Components
+
+Web components are details describing a web page or server infrastructure gleaned from Microsoft performing a web crawl or scan. These components allow a user to understand the makeup of a webpage or the technology and services driving a specific piece of infrastructure.
+Pivoting on unique components can find actors' infrastructure or other sites that are compromised. Users can also understand if a website might be vulnerable to a specific attack or compromise based on the technologies that it is running.
+
+Our component data includes the following:
+
+- **Hostname:** the hostname that hosts the infrastructure where the component was detected.
+- **First Seen:** a timestamp of the date that we first observed this component on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this component on the artifact.
+- **Category:** the type of component that was detected (e.g. Operating System, Framework, Remote Access, Server).
+- **Name + Version:** the component name and the version running on the artifact (e.g. Microsoft IIS (v8.5).
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Components](media/dataTabComponents.png)
+
+**Questions this data set may help answer:**
+
+- What vulnerable infrastructure are you using?
+
+ ![Data Sets Components Vulnerable Components](media/dataSetsComponentsVulnerableComponents.png)
+
+ ![Data Sets Components Prototype Js Vulnerable Version](media/dataSetsComponentsPrototypeJsVulnerableVersion.png)
+
+ Magento v1.9 is so dated that Microsoft could not locate reliable documentation for that particular version.
+
+- What unique web components is the threat actor using that can track them to other domains?
+
+- Are any components marked as malicious?
+
+- What is the number of web components identified?
+
+ ![Data Sets Components Number Of Components](media/dataSetsComponentsNumberOfComponents.png)
+
+- Are there any unique or strange technologies not often seen?
+
+ ![Data Sets Components Unique Components](media/dataSetsComponentsUniqueComponents.png)
+
+- Are there any fake versions of specific technologies?
+
+- What is the frequency of changes in web componentsΓÇôoften or rarely done?
+
+- Are there any suspicious libraries known to be abused?
+
+- Are there any technologies with vulnerabilities associated with them?
+
+## Host pairs
+
+Host pairs are two pieces of infrastructure (a parent and a child) that share a connection observed from a virtual userΓÇÖs web crawl. The connection could range from a top-level redirect (HTTP 302) to something more complex like an iframe or script source reference.
+
+Our host pair data includes the following:
+
+- **Parent Hostname:** the host that is referencing an asset or ΓÇ£reaching outΓÇ¥ to the child host
+- **Child Hostname:** the host that is being called on by the parent host
+- **First Seen:** a timestamp of the date that we first observed a relationship with the host.
+- **Last Seen:** a timestamp of the date that we last observed a relationship with the host.
+- **Cause:** the type of connection between the parent and child hostname. Potential causes include script.src, link.href, redirect, img.src, unknown, xmlhttprequest, a.href, finalRedirect, css.import, or parentPage connections.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Host Pairs](media/dataTabHostPairs.png)
+
+**Questions this data set may help answer:**
+
+- Have any of the connected artifacts been blocklisted?
+- Have any of the connected artifacts been tagged (Phishing, APT, Malicious, Suspicious, Threat Actor Name)?
+- Is this host redirecting users to malicious content?
+
+ ![Data Sets Host Pairs Malicious Redirect](media/dataSetsHostPairsMaliciousRedirect.png)
+
+- Are resources pulling in CSS or images to set up infringement attacks?
+
+ ![Data Sets Host Pairs Infringement Attack](media/dataSetsHostPairsInfringementAttack.png)
+
+- Are resources pulling in a script or referencing a link.href to set up a Magecart or skimming attack?
+ ![Data Sets Host Pairs Skimmer Reference](media/dataSetsHostPairsSkimmerReference.png)
+
+- Where are users being redirected from/to?
+
+- What type of redirection is taking place?
+
+## Hashes
+
+Microsoft partners with Proofpoint to surface MD5 [malware](/microsoft-365/security/intelligence/malware-naming) hashes associated with the domain, host, or IP address a user search. Users are encouraged to purchase an Emerging Threats license by Proofpoint if they wish to analyze MD5 hash details. This data helps users understand actor capabilities, intent, and motives of an attacker while also aiding in connecting infrastructure together. Each result contains a unique hash.
+
+Our hash data includes the following:
+
+- **Source:** the source used to detect the hash.
+- **Sample:** the unique identification code for the detected hash.
+- **Collection Date:** the day that the hash sample was collected by the designated source.
+
+![Data Tab Hashes](media/dataTabHashes.png)
+
+**Questions this data set may help answer:**
+
+- Does the domain connect to malware
+
+ ![Data Sets Hashes](media/dataSetsHashes.png)
+
+- Does this IP address have malware associated with it?
+ ![Data Sets IP Hashes](media/dataSetsIPHashes.png)
+
+- Are the hashes collected associated with malware?
+
+- How recently was this suspicious activity observed?
+
+- Which vendors/ sources have observed malicious binaries?
+
+- Has the IP or domain queried served as a command-and-control server for malware?
+
+- Can evaluating the file associated with the hash for a given query lead me to other indicators for threat hunting purposes?
+
+## Cookies
+
+Cookies are small pieces of data sent from a server to a client as the user browses the internet. These values sometimes contain a state for the application or little bits of tracking data. Defender TI highlights and indexes cookie names observed when crawling a website and allows users to dig into everywhere we have observed specific cookie names across its crawling and data collection. Cookies are also used by malicious actors to keep track of infected victims or store data to be used later.
+
+Our cookie data includes the following:
+
+- **Hostname:** the host infrastructure that is associated with the cookie.
+- **First Seen:** a timestamp of the date that we first observed this cookie on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this cookie on the artifact.
+- **Name:** the name of the cookie (e.g. JSESSIONID, SEARCH_NAMESITE).
+- **Domain:** the domain associated with the cookie.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Cookies](media/dataTabCookies.png)
+
+**Questions this data set may help answer:**
+
+- What other websites are issuing the same cookies?
+
+ ![Data Sets Cookies Domains Issuing Same Cookie](media/dataSetsCookiesDomainsIssuingSameCookie.png)
+
+- What other websites are tracking the same cookies?
+ ![Data Sets Cookies Domains Tracking Same Cookie](media/dataSetsCookiesDomainsTrackingSameCookie.png)
+
+- Does the cookie domain match your query?
+
+- What is the number of cookies associated with the artifact?
+
+ ![Data Sets Cookies Number Associated with Artifact](media/dataSetsCookiesNumberAssociatedwithArtifact.png)
+
+- Are there unique cookie names or domains?
+
+- What are the time periods associated with cookies?
+
+- What is the frequency of newly observed cookies or changes associated with cookies?
+
+## Services
+
+Service names and port numbers are used to distinguish between different services that run over transport protocols such as TCP, UDP, DCCP, and SCTP. Port numbers can suggest what type of application is running on a particular port. But applications or services can be changed to use a different port to obfuscate or hide the service or application on an IP address. Knowing the port and header/banner information can identify the true application/service and the combination of ports being used. Defender TI surfaces 14 days of history within the Services tab, displaying the last banner response associated with a port observed.
+
+Our Services data includes the following:
+
+- Open ports observed
+- Port numbers
+- Components
+- Number of times the service was observed
+- When the port was last scanned
+- Protocol connection
+- Status of the port
+ - Open
+ - Filtered
+ - Closed
+- Banner response
+
+![Data Tab Services](media/dataTabServices.png)
+
+**Questions this data set may help answer:**
+
+- What applications are running on a particular port for a given IP address?
+
+ ![Data Sets Services Applications Running](media/dataSetsServicesApplicationsRunning.png)
+
+- What version of applications are in use?
+
+ ![Data Sets Services Version Running](media/dataSetsServicesVersionRunning.png)
+
+- Have there been recent changes in the open, filtered, or closed status for a given port?
+
+ ![Data Sets Services Port Statuses](media/dataSetsServicesPortStatuses.png)
+
+- Was a certificate associated with the connection?
+
+ ![Data Sets Services Certificate Associations](media/dataSetsServicesCertificateAssociations.png)
+
+- Are vulnerable or deprecated technologies in use on a given asset?
+
+ ![Data Sets Services Applications Running](media/dataSetsServicesApplicationsRunning.png)
+
+ ![Data Sets Services Vulnerable Service](media/dataSetsServicesVulnerableService.png)
+
+- Is information being exposed by a running service that could be used for nefarious purposes?
+
+- Are security best practices being followed?
+
+## DNS
+
+Microsoft has been collecting DNS records over the years, providing users insight into mail exchange (MX) records, nameserver (NS) records, text (TXT) records, start of authority (SOA) records, canonical name (CNAME) records, and pointer (PTR) records. Reviewing DNS records can be helpful to identify shared infrastructure used by actors across the domains they own. For example, actor groups tend to use the same nameservers to segment their infrastructure or the same mail exchange servers to administer their command and control.
+
+Our DNS data includes the following:
+
+- **Value:** the DNS record associated with the host.
+- **First Seen:** a timestamp that displays the date that we first observed this record on the artifact.
+- **Last Seen:** a timestamp that displays the date that we last observed this record on the artifact.
+- **Type:** the type of infrastructure associated with the record. Potential options include Mail Servers (MX), text files (TXT), name servers (NS), CNAMES, and Start of Authority (SOA) records.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab DNS](media/dataTabDNS.png)
+
+**Questions this data set may help answer:**
+
+- What other pieces of infrastructure are directly related to the indicator I am searching?
+- How has the infrastructure changed over time?
+- Is the domain owner employing the services of a content delivery network or brand protection service?
+- What other technologies might the associated organization be employing within their network?
+
+## Reverse DNS
+
+While a forward DNS lookup queries the IP address of a certain hostname, a reverse DNS lookup queries a specific hostname of an IP address. This dataset will show similar results as the DNS dataset. Reviewing DNS records can be helpful to identify shared infrastructure used by actors across the domains they own. For example, actor groups tend to use the same nameservers to segment their infrastructure or the same mail exchange servers to administer their command and control.
+
+Our Reverse DNS data includes the following:
+
+- **Value:** the value of the Reverse DNS record.
+- **First Seen:** a timestamp of the date that we first observed this record on the artifact.
+- **Last Seen:** a timestamp of the date that we first observed this record on the artifact.
+- **Type:** the type of infrastructure associated with the record. Potential options include Mail Servers (MX), text files (TXT), name servers (NS), CNAMES, and Start of Authority (SOA) records.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Reverse DNS](media/dataTabReverseDNS.png)
+
+**Questions This Data Set May Help Answer:**
+
+- What DNS records have observed this host?
+- How has the infrastructure that observed this host changed over time?
+
+## Next steps
+
+For more information, see:
+
+- [Searching and pivoting](searching-and-pivoting.md)
+- [Sorting, filtering, and downloading data](sorting-filtering-and-downloading-data.md)
+- [Infrastructure chaining](infrastructure-chaining.md)
+- [Tutorial: Gathering threat intelligence and infrastructure chaining](gathering-threat-intelligence-and-infrastructure-chaining.md)
threat-intelligence Gathering Threat Intelligence And Infrastructure Chaining https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/gathering-threat-intelligence-and-infrastructure-chaining.md
+
+ Title: 'Tutorial: Gathering Threat Intelligence and Infrastructure Chaining using Microsoft Defender Threat Intelligence (Defender TI)'
+description: 'In this tutorial, learn how to gather threat intelligence and infrastructure chain together indicators of compromise in Microsoft Defender Threat Intelligence (Defender TI). This article will cover a historical investigation of the MyPillow Magecart breach.'
++++ Last updated : 08/02/2022++++
+# Tutorial: Gathering threat intelligence and infrastructure chaining
+
+In this tutorial, you will learn how to:
+- Perform several types of indicator searches and gather threat and adversary intelligence
+
+ ![ti OverviewHome Page Chrome Screenshot](media/tiOverviewHomePageChromeScreenshot.png)
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+
+ > [!NOTE]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## Disclaimer
+
+Microsoft Defender Threat Intelligence (Defender TI) may include live, real-time observations and threat indicators, including malicious infrastructure and adversary-threat tooling. Any IP and domain searches within our Defender TI platform are safe to search.
+
+Microsoft will share online resources (e.g., IP addresses, domain names) that should be considered real threats posing a clear and present danger.
+
+We ask that users use their best judgment and minimize unnecessary risk while interacting with malicious systems when performing the tutorial below. Please note that Microsoft has worked to minimize risk by defanging malicious IP addresses, hosts, and domains.
+
+## Before You Begin
+As the disclaimer states above, suspicious, and malicious indicators have been defanged for your safety. Please remove any brackets from IPs, domains, and hosts when searching in Defender TI. Do not search these indicators directly in your browser.
+
+## Perform several types of indicator searches and gather threat and adversary intelligence
+
+In this tutorial, you will perform a series of steps to [infrastructure chain](infrastructure-chaining.md) together indicators of compromise (IOCs) related to a Magecart breach and gather threat and adversary intelligence along the way. Infrastructure chaining leverages the highly connected nature of the internet to expand one IOC into many based on overlapping details or shared characteristics. Building infrastructure chains enables threat hunters or incident responders to profile an adversary's digital presence, letting them quickly pivot across these data sets to create context around an incident or investigation, allowing for more effective triage of alerting and actioning of incidents within an organization.
+
+![Infrastructure Chaining](media/infrastructureChaining.png)
+
+**Relevant Personas:** Threat Intelligence Analyst, Threat Hunter, Incident Responder, Security Operations Analyst
+
+### Magecart Breach
+
+Microsoft has been profiling and following the activities of Magecart, a syndicate of criminal cybergroups behind hundreds of breaches of online retail platforms by placing digital skimmers on compromised e-commerce sites.
+
+They do this by injecting a script designed to steal sensitive data that consumers enter into online payment forms on e-commerce websites directly or through compromised third-party suppliers that websites might depend upon to make their sites function.
+
+Back in October 2018, they infiltrated MyPillowΓÇÖs online website, mypillow.com, to steal payment information by injecting a script into their web store that was hosted on a typo-squat domain containing the skimmer, mypiltow.com.
+
+The MyPillow breach was a two-stage attack, with the first skimmer only active for a brief time before being identified as illicit and removed, but the attackers still had access to MyPillowΓÇÖs network and on October 26, 2018, Microsoft observed that they registered a new domain, livechatinc[.]org
+
+Magecart actors will typically register a domain infringement to make it look as similar as possible to the legitimate domain, so that if youΓÇÖre looking at the JavaScript code, unless you look really carefully, you may not notice they injected their own script thatΓÇÖs capturing the credit card payment information and pushing it to their own infrastructure, as a way to hide essentially.
+But because our virtual users capture the DOM and find all the dynamic links and changes made by JavaScript from the crawls on the backend, we were able to detect that activity and pinpoint that fake domain that was hosting the injected script into the MyPillow webstore.
+
+1. Access the [Defender Threat Intelligence portal](https://ti.defender.microsoft.com/).
+2. Complete Microsoft authentication to access portal.
+3. Search ΓÇÿmypillow.comΓÇÖ in Defender TIΓÇÖs Threat Intelligence Home Page.
+ a. What articles are associated with this domain?
+ - Consumers May Lose Sleep Over These Two Magecart Breaches
+
+ ![Tutorial Infra Chain My Pillowcom Article](media/tutorialInfraChainMyPillowcomArticle.png)
+
+4. Select the ΓÇÿConsumers May Lose Sleep Over These Two Magecart BreachesΓÇÖ Article.
+ a. What information is available about this related campaign?
+ - This article was published on March 20, 2019, and provides insights as to how MyPillow was breached by the Magecart threat actor group in October of 2018. The article details how the attack was executed.
+5. Select the Public Indicators tab.
+ a. What IOCs are listed related to this campaign?
+ - amerisleep.github[.]io
+ - cmytuok[.]top
+ - livechatinc[.]org
+ - mypiltow[.]com
+6. Select All in the drop down of the search bar and query ΓÇÿmypillow.comΓÇÖ. Then, navigate to the Data tab.
+ a. What data set might be useful in finding evidence of a script injection?
+ - Host pairs reveal connections between websites traditional data sources wouldnΓÇÖt surface (pDNS, Whois) and enables you to see where your resources are being used and vice-versa.
+7. Select the Host Pairs Data blade, sort by First Seen, and filter by script.src as the Cause. Page over until you find host pair relationships that took place in October of 2018.
+ a. Do you notice any typosquat mypillow domains?
+ - Notice that mypillow[.]com is pulling content via a script from the typosquat, mypiltow.com (Oct 3-5) as evidence of the script injection breach
+
+ ![Tutorial Infra Chain My Pillowcom Host Pairs Live Chat Script Src](media/tutorialInfraChainMyPillowcomHostPairsLiveChatScriptSrc.gif)
+8. Pivot on ΓÇÿmypiltow[.]comΓÇÖ.
+ a. At first glance, what appears different about this domain compared to mypillow.comΓÇÖs domain?
+ - Reputation: Malicious, while mypillow.comΓÇÖs reputation is unknown
+
+ ![Tutorial InfraChain My Piltowcom Reputation](media/tutorialInfraChainMyPiltowcomReputation.png)
+
+ ![Tutorial Infra Chain My Pillowcom Reputation](media/tutorialInfraChainMyPillowcomReputation.png)
+9. Navigate to the Data tab and from the Resolutions results, pivot off the IP address that mypiltow[.]com resolved to during October of 2018. Repeat this step for mypillow.com as well.
+ a. What do you notice about the differences in IP addresses between mypillow.com and mypiltow[.]com during October of 2018?
+ - IP address, 195.161.41[.]65, mypiltow[.]com had resolved to, is hosted in Russia.
+ - Different ASN used.
+
+ ![Tutorial Infra Chain My Piltow Ip Summary](media/tutorialInfraChainMyPiltowIpSummary.png)
+
+ ![Tutorial Infra Chain My Pillow Ip Summary](media/tutorialInfraChainMyPillowIpSummary.png)
+10. Scroll to the Articles section.
+ a. What other Articles have been published that relate to mypiltow.com?
+ - RiskIQ: Magecart Injected URLs and C2 Domains, June 3-14, 2022
+ - RiskIQ: Magecart injected URLs and C2 Domains, May 20-27, 2022
+ - Commodity Skimming & Magecart Trends in First Quarter of 2022
+ - RiskIQ: Magecart Group 8 Activity in Early 2022
+ - Magecart Group 8 Real Estate: Hosting Patterns Associated with the Skimming Group
+ - Inter Skimming Kit Used in Homoglyph Attacks
+ - Magecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of Victims
+
+ ![Tutorial Infra Chain My Piltowcom Articles](media/tutorialInfraChainMyPiltowcomArticles.gif)
+11. Review each of the additional articles from Step 9.
+ a. What additional information can you find about the Magecart threat actor group? (targets, TTPs, additional IOCs, etc.)
+12. Navigate to the Data tab and select the Whois Data blade and compare the Whois information between ΓÇÿmypillow.comΓÇÖ and ΓÇÿmypiltow[.]comΓÇÖ
+ a. What Whois values differ?
+ - mypillow.com
+ 1. If you select the Whois record from October of 2011, you will find that the domain is clearly owned by My Pillow Inc.
+
+ ![Tutorial Infra Chain My Piltowcom 2 Whois](media/tutorialInfraChainMyPiltowcom2Whois.png)
+ 2. mypiltow[.]com
+ 3. If you select the Whois record from October of 2018, you will find that mypiltow[.]com was registered in Hong Kong, China and is privacy protected by Domain ID Shield Service CO.
+ 4. mypiltow[.]comΓÇÖs registrar is OnlineNIC, Inc.
+
+ ![Tutorial Infra Chain My Piltowcom 2 Whois](media/tutorialInfraChainMyPiltowcom2Whois.png)
+
+ b. What appears suspicious thus far about mypiltow[.]com given the A records and Whois details we have analyzed?
+ - When assessing if mypiltow[.]com may be legitimate company infrastructure, an analyst should find it odd that a Russian IP is primarily guarded by a Chinese privacy service for a US based company.
+13. Search ΓÇÿlivechatinc[.]orgΓÇÖ in Defender TIΓÇÖs Threat Intelligence Home Page.
+ a. What new articles are associated with this domain that we did not see when we searched mypillow.com in Part 1?
+ - Magecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of Victims
+14. Select the Magecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of Victims article.
+ a. What information is available about this related campaign?
+ - The ΓÇÿMagecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of VictimsΓÇÖ article was published on March 18, 2020. In this article, we find out that Nutribullet, Amerisleep, ABS-CBN were also victims of the Magecart threat actor group.
+15. Select the Public Indicators tab.
+ a. What IOCs are listed related to this campaign?
+ - URLs
+ 1. hxxps://coffemokko[.]com/tr/, hxxps://freshdepor[.]com/tr/, hxxps://prodealscenter[.]com/tr/, hxxps://scriptoscript[.]com/tr/, hxxps://swappastore[.]com/tr/
+ 2. Domains
+ - 3lift[.]org, abtasty[.]net, adaptivecss[.]org, adorebeauty[.]org, all-about-sneakers[.]org, amerisleep.github[.]io, ar500arnor[.]com, authorizecdn[.]com, bannerbuzz[.]info, battery-force[.]org, batterynart[.]com, blackriverimaging[.]org, braincdn[.]org, btosports[.]net, cdnassels[.]com, cdnmage[.]com, chicksaddlery[.]net, childsplayclothing[.]org, christohperward[.]org, citywlnery[.]org, closetlondon[.]org, cmytuok[.]top, coffemokko[.]com, coffetea[.]org, configsysrc[.]info, dahlie[.]org, davidsfootwear[.]org, dobell[.]su, elegrina[.]com, energycoffe[.]org, energytea[.]org, etradesupply[.]org, exrpesso[.]org, foodandcot[.]com, freshchat[.]info, freshdepor[.]com, greatfurnituretradingco[.]org, info-js[.]link, jewsondirect[.]com, js-cloud[.]com, kandypens[.]net, kikvape[.]org, labbe[.]biz, lamoodbighats[.]net, link js[.]link, livechatinc[.]org, londontea[.]net, mage-checkout[.]org, magejavascripts[.]com, magescripts[.]pw, magesecuritys[.]com, majsurplus[.]com, map-js[.]link, mcloudjs[.]com, mechat[.]info, melbounestorm[.]com, misshaus[.]org, mylrendyphone[.]com, mypiltow[.]com, nililotan[.]org, oakandfort[.]org, ottocap[.]org, parks[.]su, paypaypay[.]org, pmtonline[.]su, prodealscenter[.]com, replacemyremote[.]org, sagecdn[.]org, scriptoscript[.]com, security-payment[.]su, shop-rnib[.]org, slickjs[.]org, slickmin[.]com, smart-js[.]link, swappastore[.]com, teacoffe[.]net, top5value[.]com, track-js[.]link, ukcoffe[.]com, verywellfitnesse[.]com, walletgear[.]org, webanalyzer[.]net, zapaljs[.]com, zoplm[.]com
+
+16. Search mypillow.com in Defender TIΓÇÖs Threat Intelligence Home Page and select the Data tab. Select the Host Pairs Data blade. Sort by First Seen and locate Host Pair relationships that occurred in October of 2018.
+
+ a. Do you notice a similar script relationship between mypillow.com and secure.livechatinc[.]org that mirrors the same relationship mypillow.com had with mypiltow[.]com?
+ - Notice how www.mypillow.com was first observed reaching out to secure.livechatinc[.]org on 10/26/2018, because a script GET request was observed from www.mypillow.com to secure.livechatinc[.]org. That relationship lasted until 11/19/2018.
+
+ ![Tutorial Infra Chain My Pillowcom Host Pairs Live Chat ScriptSrc](media/tutorialInfraChainMyPillowcomHostPairsLiveChatScriptSrc.gif)
+ ii. In addition, secure.livechatinc[.]org reached out to www.mypillow.com to access www.mypillow.comΓÇÖs server (xmlhttprequest).
+17. Review mypillow.comΓÇÖs Host Pair relationships further.
+ a. Does mypillow.com have any host pair relationships with a similar domain name to secure.livechatinc[.]org?
+ - Yes. There are multiple types of observed relationships mypillow.com hosts had with the following domains:
+ 1. cdn.livechatinc[.]com, secure.livechatinc[.]com, api.livechatinc[.]com
+ - The relationship causes include:
+ 1. script.src
+ 2. iframe.src
+ 3. unknown
+ 4. topLevelRedirect
+ 5. img.src
+ 6. xmlhttprequest
+ - Livechat is a live support chat service that online retailers can add to their websites, so itΓÇÖs a third-party resource and itΓÇÖs used by a lot of e-commerce platforms, including MyPillow. This fake domain is a little bit more interesting because their official site is actually livechatinc.com. Therefore, in this case, they used a top-level-domain typosquat to hide the fact they placed a second skimmer on the MyPillow website.
+18. Go back and find a host pair relationship with ΓÇÿsecure.livechatinc[.]orgΓÇÖ and pivot off that hostname.
+ a. What IP address did this host resolve to during October of 2018?
+ - 212.109.222[.]230
+
+ ![Tutorial Infra Chain Secure Live Chat Inc Org Resolutions](media/tutorialInfraChainSecureLiveChatIncOrgResolutions.png)
+ - Notice how this IP address is also hosted in Russia and the ASN Organization is JSC IOT.
+
+ ![Tutorial Infra Chain Secure Live Chat Inc Org Ip Summary](media/tutorialInfraChainSecureLiveChatIncOrgIpSummary.png)
+19. Search ΓÇÿsecure.livechatinc[.]orgΓÇÖ in Defender TIΓÇÖs Threat Intelligence Home Page, select the Data tab, and click on the Whois blade. Select the record from 12/25/2018.
+ a. What Registrar was used for this record?
+ - OnlineNIC Inc.
+ 1. This is the same Registrar that was used to register mypiltow[.]com during the same campaign.
+ 2. If you select the record from 12/25/2018, you will notice that the domain was also using the same Chinese privacy guarding service, Domain ID Shield Service, that mypiltow[.]com had also used.
+ b. What name servers were used for this record?
+ - ns1.jino.ru
+ - ns2.jino.ru
+ - ns3.jino.ru
+ - ns4.jino.ru
+ 1. These were the same nameservers used in the 10/01/2018 record for mypiltow[.]com. Adversaries will often use the same nameservers to segment their infrastructure.
+
+ ![Tutorial Infra Chain Secure Live Chat Inc Org Whois](media/tutorialInfraChainSecureLiveChatIncOrgWhois.png)
+
+ ![Tutorial Infra Chain My Piltowcom 2 Whois](media/tutorialInfraChainMyPiltowcom2Whois.png)
+20. Select the Host Pairs Data blade.
+ a. What host pair relationships do you see from October and November of 2018?
+ - secure.livechatinc[.]org redirected users to secure.livechatinc.com on 11/19/2022. This is more than likely an obfuscation technique to evade detection.
+ - www.mypillow.com was pulling a script hosted on secure.livechatinc[.]org (the fake LiveChat site) from 10/26/2018 through 11/19/2022. During this timeframe, www.mypillow.comΓÇÖs user purchases were potentially compromised.
+ - secure.livechatinc[.]org was requesting data from the server, www.mypillow.com, hosting the real MyPillow website (xmlhttprequest) between 10/27/2018 through 10/29/2018.
+
+ ![Tutorial Infra Chain Secure Live Chat Inc Org Host Pairs](media/tutorialInfraChainSecureLiveChatIncOrgHostPairs.png)
+ b. What do you believe these relationships mean?
+
+## Clean up resources
+There are no resources to clean up in this section.
+
+## Next Steps
+In this tutorial, you learned how to gather threat intelligence and infrastructure chain together indicators of compromise.
threat-intelligence Infrastructure Chaining https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/infrastructure-chaining.md
+
+ Title: 'Microsoft Defender Threat Intelligence (Defender TI): Infrastructure Chaining'
+description: 'In this concept article, learn about infrastructure chaining and how you can apply that process to perform threat infrastructure analysis using Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# Infrastructure Chaining
+
+Infrastructure chaining leverages the relationships between highly connected datasets to build out an investigation. This process is the core of threat infrastructure analysis and allows organizations to surface new connections, group similar attack activity and substantiate assumptions during incident response.
+
+![Infrastructure chaining](media/infrastructureChaining.png)
+
+## Prerequisites
+
+1. Review [Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs Data sets overview article](data-sets.md)
+2. Review [Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs Searching and pivoting how-to article](searching-and-pivoting.md)
+
+## All you need is a starting point...
+
+We see attack campaigns employ a wide array of obfuscation techniques such as simple geo filtering to complex tactics like passive OS fingerprinting. This can potentially stop a point in time investigation in its tracks. The screenshot above highlights the concept of infrastructure chaining. With our data enrichment capability, we could start with a piece of malware that attempts to connect to an IP address (possibly a C2). That IP address may have hosted an SSL cert that has a common name such as a domain name. That domain may be connected to a page that contains a unique tracker in the code, such as a NewRelicID or some other analytic ID we may have observed elsewhere. Or, perhaps the domain may have historically been connected to other infrastructure that may shed light on our investigation. The main takeaway is that one data point taken out of context may not be especially useful but when we observe the natural connection to all this other technical data, we can start to stitch together a story.
+
+## An adversaryΓÇÖs outside-In perspective
+
+An adversaryΓÇÖs outside-in perspective enables them to take advantage of your continually expanding web and mobile presence that operates outside of your firewall.
+
+Approaching and interacting with the web and mobile properties as a real user enables MicrosoftΓÇÖs crawling, scanning, and machine-learning technology to disarm adversariesΓÇÖ evasion techniques by collecting user session data, detecting phishing, malware, rogue apps, unwanted content, and domain infringement at scale. This helps deliver actionable, event-based threat alerts and workflows in the form of [threat intelligence](what-is-microsoft-defender-threat-intelligence-defender-tI.md), [system tags](using-tags.md), [analyst insights](analyst-insights.md), and [reputation scores](reputation-scoring.md) associated with adversariesΓÇÖ infrastructure.
+
+As more threat data becomes available, more tools, education, and effort are required for analysts to understand the data sets and their corresponding threats. Microsoft Defender Threat Intelligence (Defender TI) unifies these efforts by providing a single view into multiple data sources.
+
+## Next steps
+For more information, see [Tutorial: Gathering threat intelligence and infrastructure chaining](gathering-threat-intelligence-and-infrastructure-chaining.md).
threat-intelligence Learn How To Access Microsoft Defender Threat Intelligence And Make Customizations In Your Portal https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal.md
+
+ Title: 'Quickstart: Accessing the Microsoft Defender Threat Intelligence (Defender TI) Portal'
+description: 'In this quickstart, learn how to configure your profile and preferences and access Defender TIΓÇÖs help resources using Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# Quickstart: Learn how to access Microsoft Defender Threat Intelligence and make customizations in your portal
+
+Understanding how to adjust your theme in Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs Portal will make it easier on your eyes when using our platform. Additionally, this guide will walk you through how to enable sources for enrichment, so you can see more results when performing searches in our platform. You will also learn how to successfully login and logout of Defender TI.
+
+![Ti Overview HomePage Chrome Screenshot](media/tiOverviewHomePageChromeScreenshot.png)
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+
+ > [!NOTE]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## Open Defender TIΓÇÖs Threat Intelligence Home Page
+
+- Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/).
+- Complete Microsoft authentication to access portal.
+
+## Access Defender TIΓÇÖs ΓÇÿProfile and PreferencesΓÇÖ to adjust your theme
+
+1. Click on the ΓÇÿProfile and PreferencesΓÇÖ icon in the upper right-hand corner of the Defender Threat Intelligence Portal.
+
+ ![Accessing TI Portal User Profile and Preferences](media/accessingTiPortalUserProfileandPreferences.png)
+
+2. Select ΓÇÿDarkΓÇÖ theme. Notice how ΓÇÿLightΓÇÖ is your default theme.
+
+ ![Accessing TI Portal Dark Theme](media/accessingTiPortalDarkTheme.png)
+
+3. Repeat step 1 and select ΓÇÿHigh ContrastΓÇÖ theme.
+
+ ![Accessing TI Portal High Contrast Theme](media/accessingTiPortalHighContrastTheme.png)
+
+4. Repeat step 1 and select ΓÇÿLightΓÇÖ theme.
+
+ ![Accessing TI Portal Light Theme](media/accessingTiPortalLightTheme.png)
+
+## Access Defender TIΓÇÖs ΓÇÿHelpΓÇÖ icon to learn about your Defender TI Microsoft Support resources
+
+1. Click on the ΓÇÿHelpΓÇÖ icon in the upper right-hand corner to the left of the ΓÇÿProfile and PreferencesΓÇÖ icon.
+
+ ![Accessing TI Portal Help](media/accessingTiPortalHelp.png)
+
+2. Review your Defender TI Microsoft Support resources.
+
+ - Here you will find Defender TIΓÇÖs Support email address as well as a link to our Privacy Statement.
+
+## Access Defender TIΓÇÖs ΓÇÿProfile and PreferencesΓÇÖ to logout of the Defender Threat Intelligence Portal
+
+1. Click on the ΓÇÿProfile and PreferencesΓÇÖ icon in the upper right-hand corner of the Defender Threat Intelligence Portal.
+
+2. Select ΓÇÿLogoutΓÇÖ.
+
+ ![Accessing TI Portal Logout](media/accessingTiPortalLogout.png)
+
+## Clean up resources
+There are no resources to clean up in this section.
+
+## Next steps
+
+For more information, see:
+
+[ΓÇÿWhat is Microsoft Defender Threat Intelligence (Defender TI)?ΓÇÖ](what-is-microsoft-defender-threat-intelligence-defender-tI.md)
threat-intelligence Reputation Scoring https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/reputation-scoring.md
+
+ Title: 'Microsoft Defender Threat Intelligence (Defender TI) Reputation Scoring'
+description: 'In this overview article, learn about the Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs reputation scoring feature.'
++++ Last updated : 08/02/2022+++
+# Reputation scoring
+
+Microsoft Defender Threat Intelligence (Defender TI) provides proprietary reputation scores for any Host, Domain, or IP Address. Whether validating the reputation of a known or unknown entity, this score helps users quickly understand any detected ties to malicious or suspicious infrastructure. The platform provides quick information about the activity of these entities (e.g. First and Last Seen timestamps, ASN, country, associated infrastructure) and a list of rules that impact the reputation score when applicable.
+
+Reputation data is important to understanding the trustworthiness of your own attack surface and is also useful when assessing unknown hosts, domains or IP addresses that appear in investigations. These scores will uncover any prior malicious or suspicious activity that impacted the entity, or other known indicators of compromise that should be considered.
+
+![Reputation Edge Screenshot](media/reputationEdgeScreenshot.png)
+## Understanding reputation scores
+
+Reputation Scores are determined by a series of algorithms designed to quickly quantify the risk associated with an entity. We develop Reputation Scores based on our proprietary data by leveraging our crawling infrastructure, as well as IP information collected from external sources.
+
+![Reputation Summary Card](media/reputationSummaryCard.png)
+
+## Detection methods
+Reputation Scores are determined by a series of factors, including known associations to blocklisted entities and a series of machine learning rules used to assess risk.
+
+## Scoring brackets
+Reputation Scores are displayed as a numerical score with a range from 0 to 100. An entity with a score of ΓÇ£0ΓÇ¥ has no known associations to suspicious activity or known indicators of compromise; a score of ΓÇ£100ΓÇ¥ indicates that the entity is malicious. Hosts, Domains, and IP Addresses are grouped into the following categories depending on their numerical score:
+
+| Score | Category | Description |
+|--|||
+| 75+ | Malicious | The entity has confirmed associations to known malicious infrastructure that appears on our blocklist and matches machine learning rules that detect suspicious activity. |
+| 50 ΓÇô 74 | Suspicious | The entity is likely associated to suspicious infrastructure based on matches to three or more machine learning rules. |
+| 25 ΓÇô 49 | Neutral | The entity matches at least two machine learning rules. |
+| 0 ΓÇô 24 | Unknown (Green) | If the score is ΓÇ£UnknownΓÇ¥ and green, the entity has returned at least one matched rule. |
+| 0 ΓÇô 24 | Unknown (Grey) | If the score is ΓÇ£UnknownΓÇ¥ and grey, the entity has not returned any rule matches. |
+
+## Detection rules
+
+Reputation scores are based on many factors that an analyst may reference to determine the relative quality of a domain or address. These factors are reflected in the machine learning rules that comprise the reputation scores. For example, ΓÇ£.xyzΓÇ¥ or ΓÇ£.ccΓÇ¥ top-level domains (TLDs) are generally more suspicious than ".comΓÇ¥ or ΓÇ£.orgΓÇ¥ TLDs. An ASN (Autonomous System Number) hosted by a low-cost or free hosting provider is more likely to be associated with malicious activity, as would a self-signed SSL certificate. This reputation model was developed by looking at relative occurrences of these features among both malicious and benign indicators to score the overall reputation of an entity.
+
+Please refer to the list below for examples of rules used to determine the suspiciousness of a host, domain, or IP address. Please note that this list is not comprehensive and is constantly changing; our detection logic and consequent capabilities are dynamic as they reflect the evolving threat landscape. For this reason, we do not publish a comprehensive list of the machine learning rules used to assess an entityΓÇÖs reputation.
+
+See the example reputation scoring rules below:
+
+| Rule Name | Description |
+||--|
+| SSL-Certificate Self-Signed | Self-signed certificates may indicate malicious behavior |
+| Tagged as Malicious | Tagged as malicious by a member within your organization |
+| Country | Infrastructure hosted in this country is more likely to be malicious |
+| Web components observed | The number of web components observed may indicate maliciousness |
+| Name server | Domain is using a name server that is more likely to be used by malicious infrastructure |
+| Registrar | Domains registered with this registrar are more likely to be malicious |
+| Registrant email provider | Domain is registered with an email provider that is more likely to register malicious domains |
+
+It is important to remember that these factors must be assessed holistically to make an accurate assessment on the reputation of an entity. The specific combination of indicators, rather than any individual indicator, can predict whether an entity is likely to be malicious or suspicious.
+
+## Severity
+
+When creating rules for the machine learning detection system, a severity rating is applied to it. Each rule is assigned ΓÇ£HighΓÇ¥, ΓÇ£MediumΓÇ¥ or ΓÇ£LowΓÇ¥ severity based on the level of risk associated with the rule.
+
+## Use cases
+
+### Incident triage, response and threat hunting
+Defender TIΓÇÖs reputation score, classification, rules, and description of rules can be used to quickly assess if an IP address or domain indicator is good, suspicious, or malicious. Other times, we may not have observed enough infrastructure associated with an IP address or domain to infer if the indicator is good or bad. If an indicator has an unknown or neutral classification, users are encouraged to perform a deeper investigation by reviewing our data sets to infer if the indicator is good or bad. If an indicatorΓÇÖs reputation includes an article association, users are encouraged to review those listed article(s) to learn more about how the indicator is linked to a potential threat actorΓÇÖs campaign, what industries or nations they may be targeting, associated TTPs, and identify other related indicators of compromise to broaden the scope of the incidentΓÇÖs response and hunting efforts.
+
+### Intelligence gathering
+
+Any associated articles can be shared with the analystΓÇÖs cyber threat intelligence team, so they have a clearer understanding of who may be targeting their organization.
+
+## Next steps
+For more information, see [Analyst insights](analyst-insights.md).
threat-intelligence Searching And Pivoting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/searching-and-pivoting.md
+
+ Title: 'Searching &amp; pivoting with Microsoft Defender Threat Intelligence (Defender TI)'
+description: 'Learn how to search and pivot across internet data sets, threat articles, vulnerability articles, and projects using Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# Searching and pivoting
+
+Microsoft Defender Threat Intelligence (Defender TI) offers a robust and flexible search engine to streamline the investigation process. The platform is designed to allow users to pivot across a wide variety of indicators from different data sources, making it easier than ever to discover relationships between disparate infrastructure. This article will help users understand how to conduct a search and pivot across different data sets to discover relationships between different artifacts.
+
+![Search HomePage Chrome Screenshot](media/searchHomePageChromeScreenshot.png)
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+ > [!Note]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## Open Defender TIΓÇÖs Threat Intelligence Home Page
+
+1. Access the [Defender Threat Intelligence Portal](https://defender.microsoft.com/).
+2. Complete Microsoft authentication to access portal.
+
+## Performing threat intelligence searches and pivots
+
+Defender TIΓÇÖs Threat Intelligence search is both simple and powerful, designed to surface immediate key insights while also allowing users to directly interact with the datasets that comprise these insights. The search bar supports a wide variety of different inputs; users can search for specific artifacts as well as Article or Project names.
+
+### Search artifact types
+1. **IP address:** Search ΓÇÿ195.161.141[.]65ΓÇÖ in the Threat Intelligence Search bar. This action results in an IP Address search.
+
+ ![Search Ip Address](media/searchIpAddress.png)
+
+2. **Domain:** Search `fabrikam.com` in the Threat Intelligence Search bar. This action results in a Domain search.
+
+ ![Search Domain](media/searchDomain.png)
+
+3. **Host:** Search `canary.fabrikam.com` in the Threat Intelligence Search bar. This action results in a Host search.
+
+ ![Search Host](media/searchHost.png)
+
+4. **Keyword:** Search ΓÇÿapt29ΓÇÖ in the Threat Intelligence Search bar. This action results in a Keyword search. Keyword searches cover any type of keyword, which may include a term, email address, etc. Keyword searches result in associations with articles, projects, as well as data sets.
+
+ ![Search Keyword](media/searchKeyword.png)
+
+5. **CVE-ID:** Search ΓÇÿCVE-2021-40444ΓÇÖ in the Threat Intelligence Search bar. This action results in a CVE-ID Keyword search.
+
+6. **Article:** Search ΓÇÿCommodity Skimming & Magecart Trends in First Quarter of 2022ΓÇÖ in the Threat Intelligence Search bar. This action results in an Article search.
+
+ ![Search Ti Article](media/searchTiArticle.png)
+
+7. **Tag:** Select ΓÇÿTagΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿmagecartΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Tag search.
+
+ > [!NOTE]
+ > This does not return articles that share that tag value.
+
+ ![Search Tag](media/searchTag.png)
+
+8. **Component:** Select ΓÇÿComponentΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿcobalt strikeΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Component search.
+
+ ![Search Component](media/searchComponent.png)
+
+9. **Tracker:** Select ΓÇÿTrackersΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿ07d14d16d21d21d00042d41d00041d47e4e0ae17960b2a5b4fd6107fbb0926ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Tracker search. Note: In this example, this was a JarmHash Tracker type.
+
+ > [!NOTE]
+ > In this example, this was a JarmHash Tracker type.
+
+ ![Search Trackers](media/searchTrackers.png)
+
+10. **WHOIS Email:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿEmailΓÇÖ from the Threat Intelligence Search drop-down and type in domains@microsoft.com in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Email search.
+
+ ![Search Whois Email](media/searchWhoisEmail.png)
+
+11. **WHOIS Name:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿNameΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿMSN HostmasterΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Name search.
+
+ ![Search Whois Name](media/searchWhoisName.png)
+
+12. **WHOIS Organization:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿOrganizationΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿMicrosoft CorporationΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Organization search.
+
+ ![Search Whois Organization](media/searchWhoisOrganization.png)
+
+13. **WHOIS Address:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿAddressΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿOne Microsoft WayΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Address search.
+
+ ![Search Whois Address](media/searchWhoisAddress.png)
+
+14. **WHOIS City:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿCityΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿRedmondΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS City search.
+
+ ![Search Whois City](media/searchWhoisCity.png)
+
+15. **WHOIS State:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿStateΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿWAΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS State search.
+
+ ![Search Whois State](media/searchWhoisState.png)
+
+16. **WHOIS Postal Code:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿPostal CodeΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿ98052ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Postal Code search.
+
+ ![Search Whois Postal Code](media/searchWhoisPostalCode.png)
+
+17. **WHOIS Country:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿCountryΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿUSΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Country search.
+
+ ![Search Whois Country](media/searchWhoisCountry.png)
+
+18. **WHOIS Phone:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿPhoneΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿ+1.4258828080ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Phone search.
+
+ ![Search Whois Phone](media/searchWhoisPhone.png)
+
+19. **WHOIS Nameserver:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿNameserverΓÇÖ from the Threat Intelligence Search drop-down and type in `ns1-03.azure-dns.com` in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Nameserver search.
+
+ ![Search Whois Name server](media/searchWhoisNameserver.png)
+
+20. **Certificate SHA-1:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿSHA-1ΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿ35cd04a03ef86664623581cbd56e45ed07729678ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate SHA-1 search.
+
+ ![Search Certificate Sha1](media/searchCertificateSha1.png)
+
+21. **Certificate Serial Number:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿSerial NumberΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿ1137354899731266880939192213383415094395905558ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate Serial Number search.
+
+ ![Search Certificate Serial Number](media/searchCertificateSerialNumber.png)
+
+22. **Certificate Issuer Common Name:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿIssuer Common NameΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿMicrosoft Azure TLS Issuing CA 05ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate Issuer Common Name search.
+
+ ![Search Certificate Issuer CommonName](media/searchCertificateIssuerCommonName.png)
+
+23. **Certificate Issuer Alternative Name:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿIssuer Alternative NameΓÇÖ from the Threat Intelligence Search drop-down and type in a certificate issuer alternative name in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate Issuer Alternative Name search.
+
+24. **Certificate Subject Common Name:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿSubject Common NameΓÇÖ from the Threat Intelligence Search drop-down and type in `*.oneroute.microsoft.com` in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate Subject Common Name search.
+
+ ![Search Certificate Subject CommonName](media/searchCertificateSubjectCommonName.png)
+
+25. **Certificate Subject Alternative Name:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿSubject Alternative NameΓÇÖ from the Threat Intelligence Search drop-down and type in `oneroute.microsoft.com` in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate Subject Alternative Name search.
+
+ ![Search Certificate Subject Alternative Name](media/searchCertificateSubjectAlternativeName.png)
+
+26. **Cookie Name:** Select ΓÇÿCookieΓÇÖ > ΓÇÿNameΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿARRAffinityΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Cookie Name search.
+
+ ![Search Cookie Name](media/searchCookieName.png)
+
+27. **Cookie Domain:** Select ΓÇÿCookieΓÇÖ > ΓÇÿDomainΓÇÖ from the Threat Intelligence Search drop-down and type in `portal.fabrikam.com` in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Cookie Domain search.
+
+ ![Search Cookie Domain](media/searchCookieDomain.png)
+
+28. **Pivots:** For any of the searches performed in the steps above, there are artifacts with hyperlinks that you can pivot off to discover further enriched results associated with those indicators. Feel free to experiment with this on your own.
+
+## Search results
+
+### Key insights
+
+At the top of the page, the platform provides some basic information about the artifact. This information can include the following, depending on the artifact type:
+
+- **Country:** the flag next to the IP Address indicates the country of origin for the artifact, which can help determine its reputability or security posture. This IP Address is hosted on infrastructure within the United States.
+- **Reputation:** in this example, the IP Address is tagged with ΓÇ£MaliciousΓÇ¥ which indicates that the platform has detected connections between this artifact and known advisory infrastructure. Artifacts can also be tagged ΓÇ£SuspiciousΓÇ¥, ΓÇ£NeutralΓÇ¥ or ΓÇ£UnknownΓÇ¥.
+- **First Seen:** this timestamp indicates when the artifact was first observed by the platformΓÇÖs detection system. Understanding the lifespan of an artifact can help determine its reputability.
+- **Last Seen:** this timestamp indicates when the artifact was last observed by the platformΓÇÖs detection system. This helps determine whether the artifact is still actively used.
+- **IP Block:** the IP block that includes the queried IP address artifact.
+- **Registrar:** the registrar associated to the WHOIS record for the queried domain artifact.
+- **Registrant:** the name of the registrant within the WHOIS data for an artifact.
+- **ASN:** the ASN associated with the artifact.
+- **OS:** the operating system associated with the artifact.
+- **Host:** the hosting provider for the artifact. Some hosting providers are more reputable than others, so this value can help indicate the validity of an artifact.
+
+![Search IP Key Insights](media/searchIPKeyInsights.png)
+
+This section also shows any tags applied to the artifact or any projects that include it. Users can also add a tag or add the artifact to a project.
+
+## Summary tab
+
+### Overview
+
+The results of a Threat Intelligence search are grouped into two tabs: ΓÇ£SummaryΓÇ¥ and ΓÇ£Data.ΓÇ¥ The Summary tab provides key insights about an artifact that the platform has derived from our expansive datasets. This section is designed to surface key findings that can help kickstart an investigation.
+
+### Reputation
+
+Defender TI provides proprietary reputation scores for any Host, Domain, or IP Address. Whether validating the reputation of a known or unknown entity, this score helps users quickly understand any detected ties to malicious or suspicious infrastructure. Reputation Scores are displayed as a numerical score with a range from 0 to 100. An entity with a score of ΓÇ£0ΓÇ¥ has no known associations to suspicious activity or known indicators of compromise; a score of ΓÇ£100ΓÇ¥ indicates that the entity is malicious.
+The platform provides a list of rules with a description and severity rating. In the example below, we see four ΓÇ£high severityΓÇ¥ rules that are applicable to this domain.
+
+For more information, see [Reputation scoring](reputation-scoring.md).
+
+![Summary Tab Reputation](media/summaryTabReputation.png)
+
+### Analyst insights
+
+The Analyst Insights section provides quick insights about the artifact that may help determine the next step in an investigation. This section will list any insights that apply to the artifact and those that do not apply for additional visibility. In the below example, we can quickly determine that the IP Address is routable, hosts a web server, and had an open port within the past five days. Furthermore, the system displays rules that were not triggered, which can be equally helpful when kickstarting an investigation.
+
+For more information, see [Analyst insights](analyst-insights.md).
+
+![Summary Tab Analyst Insights](media/summaryTabAnalystInsights.png)
+
+### Articles
+
+The Articles section displays any articles that may provide insight on how to best investigate and ultimately disarm the impacted artifact. These articles are written by researchers who study the behavior of known threat actors and their infrastructure, surfacing key findings that can help others mitigate risk to their organization. In this example, the searched IP Address has been identified as an IOC that relates to the findings within the article.
+
+For more information, see [What is Microsoft Defender Threat Intelligence (Defender TI)?](what-is-microsoft-defender-threat-intelligence-defender-tI.md)
+
+![Summary Tab Articles](media/summaryTabArticles.png)
+
+### Services
+
+This section lists any detected services running on the IP address artifact. This is helpful when trying to understand the intended use of the entity. When investigating malicious infrastructure, this information can help determine the capabilities of an artifact, enabling users to proactively defend their organization based on this information
+
+![Summary Tab Services](media/summaryTabServices.png)
+
+### Resolutions
+
+Resolutions are individual DNS records captured using passive sensors distributed throughout the world. These values reveal a history of how a Domain or IP address changes infrastructure over time. They can be used to discover additional infrastructure and measure risk based on levels of connection. For each resolution, we provide ΓÇ£first seenΓÇ¥ and ΓÇ£last seenΓÇ¥ timestamps to showcase the lifecycle of the resolutions.
+
+![Summary Tab Re solutions](media/summaryTabResolutions.png)
+
+### Certificates
+
+Beyond securing your data, SSL Certificates are a fantastic way for users to connect disparate network infrastructure. SSL certificates can make connections that passive DNS or WHOIS data may miss. This means more ways of correlating potential malicious infrastructure and identifying potential operational security failures of actors. For each SSL certificate, we provide the certificate name, expiration date, subject common name, and subject organization name.
+
+![Summary Tab Certificates](media/summaryTabCertificates.png)
+
+### Projects
+
+The Defender TI platform allows users to create projects for organizing indicators of interest or compromise from an investigation. Projects are also created to monitor connecting artifacts for improved visibility. Projects contain a listing of all associated artifacts and a detailed history that retains the names, descriptions, collaborators, and monitoring profiles.
+
+When a user searches an IP address, domain, or host, if that indicator is listed within a project the user has access to, the user can select the Projects tab and navigate to the details of the project for more context about the indicator before reviewing the other data sets for more information.
+
+For more information, see [Using projects](using-projects.md).
+
+![Summary Tab Projects](media/summaryTabProjects.png)
+
+### Hashes
+
+Microsoft partners with several commercial and open-source repositories of malware data to pair it with queried infrastructure to populate the Hash data set. Malware repositories today include ProofpointΓÇÖs Emerging Threats, Hybrid Analysis, and VirusTotal. This data helps users understand actor capabilities, intent, and motives of an attacker while also aiding in connecting infrastructure together. Each result contains a unique hash. Our hash data includes the detection source, sample, and collection date.
+
+![Summary Tab Hashes](media/summaryTabHashes.png)
+
+## Data tab
+
+### Overview
+
+The Data tab helps users deep-dive into the tangible connections observed by the Defender TI platform. While the Summary tab surfaces key findings to provide immediate context about an artifact, the Data tab enables analysts to study these connections much more granularly. Users can click on any returned value to pivot across any related metadata.
+
+![Data Sets Edge Screenshot](media/dataSetsEdgeScreenshot.png)
+
+### Data types
+
+The following datasets are available in Defender TI:
+
+- Resolutions
+- WHOIS
+- Certificates
+- Trackers
+- Subdomains
+- Components
+- Host Pairs
+- Hashes
+- Cookies
+- Services
+- DNS
+- Reverse DNS
+
+These separate datasets will appear in separate tabs after submitting a search. The results are clickable, enabling a user to quickly pivot across related infrastructure to unveil insights that may have been missed with traditional investigative methods.
+
+### Resolutions
+
+Passive DNS is a system of record that stores DNS resolution data for a given location, record, and timeframe. This historical resolution data set allows users to view which domains resolved to an IP address and vice versa. This data set allows for time-based correlation based on domain or IP overlap.
+
+PDNS may enable the identification of previously unknown or newly stood-up threat actor infrastructure. Proactive addition of indicators to blocklists can cut off communication paths before campaigns take place. Users will find A record resolution data within the Resolutions data set tab and will find more types of DNS records in the DNS data set tab.
+
+Our PDNS resolution data includes the following:
+- **Resolve:** the name of the resolving entity (either an IP Address or Domain)
+- **Location:** the location the IP address is hosted in.
+- **Network:** the netblock or subnet associated with the IP address.
+- **ASN:** the autonomous system number and organization name
+- **First Seen:** a timestamp that displays the date that we first observed this resolution.
+- **Last Seen:** a timestamp that displays the date that we last observed this resolution.
+- **Source:** the source that enabled the detection of the relationship.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Re solutions](media/dataTabResolutions.png)
+
+### WHOIS
+
+WHOIS is a protocol that lets anyone query information about the ownership of a domain, IP address, or subnet. One of the most common functions for WHOIS in threat infrastructure research is to identify or connect disparate entities based on unique data shared within WHOIS records.
+
+Each WHOIS record has several different sections, all of which could include different information. Commonly found sections include ΓÇ£registrarΓÇ¥, ΓÇ£registrantΓÇ¥, ΓÇ£administratorΓÇ¥, and ΓÇ£technicalΓÇ¥ with each potentially corresponding to a different contact for the record. A lot of the time this data is duplicated across sections, but in some cases, there may be slight discrepancies, especially if an actor made a mistake. When viewing WHOIS information within Defender TI, you will see a condensed record that de-duplicates any data and notates which part of the record it came from.
+
+Users can also view historic WHOIS records to understand how the registration data has changed over time.
+
+Our WHOIS data includes the following:
+
+- **Record Updated:** a timestamp that indicates the day a WHOIS record was last updated.
+- **Last Scanned:** the date that the Defender TI system last scanned the record.
+- **Expiration:** the expiration date of the registration, if available.
+- **Created:** the age of the current WHOIS record.
+- **WHOIS Server:** the server is set up by an ICANN accredited registrar to acquire up-to-date information about domains that are registered within it.
+- **Registrar:** the registrar service used to register the artifact.
+- **Domain Status:** the current status of the domain. An ΓÇ¥active" domain is live on the internet.
+- **Email:** any email addresses found in the WHOIS record, and the type of contact each one is associated with (e.g. admin, tech).
+- **Name:** the name of any contacts within the record, and the type of contact each is associated with.
+- **Organization:** the name of any organizations within the record, and the type of contact each is associated with.
+- **Street:** any street addresses associated to the record, and the type of contact it is associated with.
+- **City:** any city listed in an address associated to the record, and the type of contact it is associated with.
+- **State:** any states listed in an address associated to the record, and the type of contact it is associated with.
+- **Postal Code:** any postal codes listed in an address associated with the record, and the type of contact it is associated with.
+- **Country:** any countries listed in an address associated to the record, and the type of contact it is associated with.
+- **Phone:** any phone numbers listed in the record, and the type of contact it is associated with.
+- **Name Servers:** any name servers associated with the registered entity.
+
+![Data Tab WHOIS](media/dataTabWHOIS.png)
+
+### Certificates
+
+Beyond securing your data, SSL Certificates are a fantastic way for users to connect disparate network infrastructure. Modern scanning techniques allow us to perform data requests against every node on the Internet in a matter of hours, meaning we can easily associate a certificate to an IP address hosting it on a regular basis.
+
+Much like a WHOIS record, SSL certificates require information to be supplied by the user to generate the final product. Aside from the domain, the SSL certificate is being created for (unless self-signed), any of the additional information can be made up by the user. Where our users see the most value from SSL certificates is not necessarily the unique data someone may use when generating the certificate, but where it's hosted.
+
+What makes SSL certificates more valuable is that they can make connections that passive DNS or WHOIS data may miss. This means more ways of correlating potential malicious infrastructure and identifying potential operational security failures of actors. Microsoft has collected over 30 million certificates from 2013 until the present day and provides users with the tools to make correlations on certificate content and history.
+
+Our certificate data includes the following:
+
+- **Sha1:** The SHA1 algorithm hash for an SSL Cert asset.
+- **First Seen:** a timestamp that displays the date that we first observed this certificate on an artifact.
+- **Last Seen:** a timestamp that displays the date that we last observed this certificate on an artifact.
+- **Infrastructure:** any related infrastructure associated with the certificate.
+
+![Data Tab Certificates List](media/dataTabCertificatesList.png)
+
+When a user clicks on a Sha1 hash, the user will be able to see details about the certificate in the right-hand pane, which includes:
+
+- **Serial Number:** The serial number associated with an SSL certificate.
+- **Issued:** The date when a certificate was issued.
+- **Expires:** The date when a certificate will expire.
+- **Subject Common Name:** The Subject Common Name for any associated SSL Certs.
+- **Issuer Common Name:** The Issuer Common Name for any associated SSL Certs.
+- **Subject Alternative Name(s):** Any alternative common names for the SSL Cert.
+- **Issuer Alternative Name(s):** Any additional names of the issuer.
+- **Subject Organization Name:** The organization linked to the SSL certificate registration.
+- **Issuer Organization Name:** The name of the organization that orchestrated the issue of a certificate.
+- **SSL Version:** The version of SSL that the certificate was registered with.
+- **Subject Organization Unit:** Optional metadata that indicates the department within an organization that is responsible for the certificate.
+- **Issuer Organization Unit:** Additional information about the organization issuing the certificate.
+- **Subject Street Address:** The street address where the organization is located.
+- **Issuer Street Address:** The street address where the issuer organization is located.
+- **Subject Locality:** The city where the organization is located.
+- **Issuer Locality:** The city where the issuer organization is located.
+- **Subject State/Province:** The state or province where the organization is located.
+- **Issuer State/Province:** The state or province where the issuer organization is located.
+- **Subject Country:** The country where the organization is located.
+- **Issuer Country:** The country where the issuer organization is located.
+- **Related Infrastructure:** any related infrastructure associated with the certificate.
+
+![Data Tab Certificate Details](media/dataTabCertificateDetails.png)
+
+### Subdomains
+
+A subdomain is an internet domain, which is part of a primary domain. Subdomains are also referred to as "hosts". As an example, `docs.microsoft.com` is a subdomain of `microsoft.com`. For every subdomain, there could be a new set of IP addresses to which the domain resolves to and this can be a great data source for finding related infrastructure.
+
+Our subdomain data includes the following:
+
+- **Hostname:** the subdomain associated with the domain that was searched.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Sub domains](media/dataTabSubdomains.png)
+
+### Trackers
+
+Trackers are unique codes or values found within web pages and often used to track user interaction. These codes can be used to correlate a disparate group of websites to a central entity. Often, actors will copy the source code of a victimΓÇÖs website they are looking to impersonate for a phishing campaign. Seldomly will actors take the time to remove these IDs that allow users to identify these fraudulent sites using our Trackers data sets.
+
+MicrosoftΓÇÖs Tracker data set includes IDs from providers like Google, Yandex, Mixpanel, New Relic, Clicky, and is continuing to grow on a regular basis.
+
+Our tracker data includes the following:
+
+- **Hostname:** the hostname that hosts the infrastructure where the tracker was detected.
+- **First Seen:** a timestamp that displays the date that we first observed this tracker on the artifact.
+- **Last Seen:** a timestamp that displays the date that we last observed this tracker on the artifact.
+- **Type:** the type of tracker that was detected (e.g. GoogleAnalyticsID, JarmHash).
+- **Value:** the identification value for the tracker.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Trackers](media/dataTabTrackers.png)
+
+### Components
+
+Web components are details describing a web page or server infrastructure gleaned from Microsoft performing a web crawl or scan. These components allow a user to understand the makeup of a webpage or the technology and services driving a specific piece of infrastructure.
+
+Pivoting on unique components can find actors' infrastructure or other sites that are compromised. Users can also understand if a website might be vulnerable to a specific attack or compromise based on the technologies that it is running.
+
+Our component data includes the following:
+
+- **Hostname:** the hostname that hosts the infrastructure where the component was detected.
+- **First Seen:** a timestamp of the date that we first observed this component on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this component on the artifact.
+- **Category:** the type of component that was detected (e.g. Operating System, Framework, Remote Access, Server).
+- **Name + Version:** the component name and the version running on the artifact (e.g. Microsoft IIS (v8.5).
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Components](media/dataTabComponents.png)
+
+### Host pairs
+
+Host pairs are two pieces of infrastructure (a parent and a child) that share a connection observed from a MicrosoftΓÇÖs virtual userΓÇÖs web crawl. The connection could range from a top-level redirect (HTTP 302) to something more complex like an iframe or script source reference.
+
+Our host pair data includes the following:
+
+- **Parent Hostname:** the hostname that redirects or otherwise connects to any child hostnames.
+- **Child Hostname:** the hostname that connects to the parent hostname. This value is the result of a redirect or other more complex connection.
+- **First Seen:** the date that we first observed this host pair relationship on the artifact.
+- **Last Seen:** the date that we last observed this host pair relationship on the artifact.
+- **Cause:** the type of connection between the parent and child hostname. Potential causes include redirects, img.src, css.import or script.src connections.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Host Pairs](media/dataTabHostPairs.png)
+
+### Hashes
+
+Microsoft partners with several commercial and open-source repositories of malware data to pair it with queried infrastructure to populate the Hash data set. Malware repositories today include ProofpointΓÇÖs Emerging Threats, Hybrid Analysis, and VirusTotal. This data helps users understand actor capabilities, intent, and motives of an attacker while also aiding in connecting infrastructure together. Each result contains a unique hash.
+
+Our hash data includes the following:
+
+1. **Source:** the source used to detect the hash.
+2. **Sample:** the unique identification code for the detected hash.
+3. **Collection Date:** the day that the hash sample was collected by the designated source.
+
+![Data Tab Hashes](media/dataTabHashes.png)
+
+### Cookies
+
+Cookies are small pieces of data sent from a server to a client as the user browses the internet. These values sometimes contain a state for the application or little bits of tracking data. We highlight and index cookie names observed when crawling a website and allow users to dig into everywhere the system has observed specific cookie names across its crawling and data collection.
+
+Our cookie data includes the following:
+
+- **Hostname:** the host infrastructure that is associated with the cookie.
+- **First Seen:** a timestamp of the date that we first observed this cookie on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this cookie on the artifact.
+- **Name:** the name of the cookie (e.g. JSESSIONID, SEARCH_NAMESITE).
+- **Domain:** the domain associated with the cookie.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Cookies](media/dataTabCookies.png)
+
+### Services
+Service names and port numbers are used to distinguish between different services that run over transport protocols such as TCP, UDP, DCCP, and SCTP. Port numbers can suggest what type of application is running on a particular port. But applications or services can be changed to use a different port to obfuscate or hide the service or application on an IP address. Knowing the port and header/banner information can identify the true application/service and the combination of ports being used. Defender TI surfaces 14 days of history within the Services tab, displaying the last banner response associated with a port observed.
+
+Our Services data includes the following:
+
+- Open ports observed
+- Port numbers
+- Components
+- Number of times the service was observed
+- When the port was last scanned
+- Protocol connection
+- Status of the port
+ - Open
+ - Filtered
+ - Closed
+- Banner response
+
+![Data Tab Services](media/dataTabServices.png)
+
+### DNS
+
+Microsoft has been collecting DNS records over the years, providing users insight into mail exchange (MX) records, nameserver (NS) records, text (TXT) records, start of authority (SOA) records, canonical name (CNAME) records, and pointer (PTR) records. Reviewing DNS records can be helpful to identify shared infrastructure used by actors across the domains they own. For example, actor groups tend to use the same nameservers to segment their infrastructure or the same mail exchange servers to administer their command and control.
+
+Our DNS data includes the following:
+
+- **Value:** the value of the DNS record.
+- **First Seen:** a timestamp of the date that we first observed this record on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this record on the artifact.
+- **Type:** the type of infrastructure associated with the record. Potential options include Mail Servers (MX), text files (TXT), name servers (NS), CNAMES, and Start of Authority (SOA) records.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab DNS](media/dataTabDNS.png)
+
+### Reverse DNS
+
+While a forward DNS lookup queries the IP address of a certain hostname, a reverse DNS lookup queries a specific hostname of an IP address. This dataset will show comparable results as the DNS dataset. Reviewing DNS records can be helpful to identify shared infrastructure used by actors across the domains they own. For example, actor groups tend to use the same nameservers to segment their infrastructure or the same mail exchange servers to administer their command and control.
+
+Our reverse DNS data includes the following:
+
+- **Value:** the value of the Reverse DNS record.
+- **First Seen:** a timestamp of the date that we first observed this record on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this record on the artifact.
+- **Type:** the type of infrastructure associated with the record. Potential options include Mail Servers (MX), text files (TXT), name servers (NS), CNAMES, and Start of Authority (SOA) records.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Reverse DNS](media/dataTabReverseDNS.png)
+
+### Intelligence
+
+The intelligence section highlights any curated insights in the Defender TI platform, whether derived from our Research Team via Articles or your own team via Projects. The Intelligence section helps users understand key additional context behind a queried artifact; analysts can learn from the investigation efforts of the larger security community to jumpstart their own.
+
+![Data Tab Intelligence](media/dataTabIntelligence.png)
+
+### Articles
+
+The Articles section displays any articles that may provide insight on how to best investigate and ultimately disarm the impacted artifact. These articles are written by researchers who study the behavior of known threat actors and their infrastructure, surfacing key findings that can help others mitigate risk to their organization. In this example, the searched IP Address has been identified as an IOC that relates to the findings within the article.
+
+For more information, see [What is Microsoft Defender Threat Intelligence (Defender TI)?](what-is-microsoft-defender-threat-intelligence-defender-tI.md)
+
+![Data Tab Intelligence Articles](media/dataTabIntelligenceArticles.png)
+
+### Projects
+
+One of the primary byproducts from infrastructure analysis is almost always a set of indicators that tie back to a threat actor or group of actors. These indicators serve as a way of identifying threat actors when they initiate an attack campaign. Developing insight into adversaryΓÇÖs tactics, techniques, and procedures (TTPs) of how the threat actors operate. Projects provide a method to identify adversaries by their TTPs and to track how the adversaryΓÇÖs infrastructure is changing over time.
+
+When a user searches an IP address, domain, or host in Defender TI, if that indicator is listed within a project the user has access to, the user can select the Projects blade within the Intelligence section and navigate to the details of the project for more context about the indicator before reviewing the other data sets for more information.
+
+Visiting a project's details shows a listing of all associated artifacts and a detailed history that retains all the context described above. Users within the same organization no longer need to spend time communicating back and forth. Threat actor profiles can be built within Defender TI and serve as a "living" set of indicators. As new information is discovered or found, it can be added to that project.
+
+The Defender TI platform allows users to develop multiple project types for organizing indicators of interest and indicators of compromise from an investigation.
+
+For more information, see [Using projects](using-projects.md).
+
+![Data Tab Intelligence Projects](media/dataTabIntelligenceProjects.png)
+
+## Next steps
+
+For more information, see:
+
+- [Sorting, filtering, and downloading data](sorting-filtering-and-downloading-data.md)
+- [Data sets](data-sets.md)
+- [Reputation scoring](reputation-scoring.md)
+- [Analyst insights](analyst-insights.md)
+- [What is Microsoft Defender Threat Intelligence (Defender TI)?](what-is-microsoft-defender-threat-intelligence-defender-tI.md)
+- [Using projects](using-projects.md)
threat-intelligence Sorting Filtering And Downloading Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/sorting-filtering-and-downloading-data.md
+
+ Title: 'Sorting, filtering, and downloading data using Microsoft Defender Threat Intelligence (Defender TI)'
+description: 'Learn how to sort, filter and download data using Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# Sorting, filtering, and downloading data
+The Microsoft Defender Threat Intelligence (Defender TI) platform enables analysts to access our vast collection of crawling data in an indexed and pivot table format. These data sets can be very large, returning expansive amounts of historic and recent data. Thus, allowing analysts to appropriately sort and filter the data provides the ability easily to surface the connections of interest.
+
+![Sorting DataSets Chrome Screenshot](media/sortingDataSetsChromeScreenshot.png)
+
+In this how-to article, youΓÇÖll learn how to sort and filter data for the following data sets:
+
+- Resolutions
+- WHOIS
+- Certificates
+- Subdomains
+- Trackers
+- Components
+- Host Pairs
+- Hashes
+- Cookies
+- Services
+- DNS
+- Reverse DNS
+
+For more information, see [Data sets](data-sets.md).
+
+In this how-to article, youΓÇÖll also learn how to download indicators/artifacts from the following features:
+
+- Projects
+- Articles
+- Data Sets
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+ > [!NOTE]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## Open Defender TIΓÇÖs Threat Intelligence Home Page
+
+1. Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/).
+2. Complete Microsoft authentication to access portal.
+
+## Sorting data
+
+The sorting function on the Data tab enables users to quickly sort our datasets by the column values. By default, most results are sorted by ΓÇ£Last SeenΓÇ¥ (descending) so that the most recently observed results appear at the top of the list; this surfaces the most recent data to immediately provide insight on the current infrastructure of an artifact. Currently, all data sets are sortable by the following ΓÇ£First SeenΓÇ¥ and ΓÇ£Last SeenΓÇ¥ values:
+
+- Last Seen Descending (Default)
+- Last Seen Ascending
+- First Seen Ascending
+- First Seen Descending
+
+Data can be sorted across each data set blade within the Data tab for each IP, domain, or host entity that is searched or pivoted on.
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Apply sorting preferences to the First Seen and Last Seen columns within the Resolutions Data blade.
+
+![Sorting Resolutions](media/sortingResolutions.gif)
+
+## Filtering data
+
+Data filtering allows analysts to access a select group of data based on a particular metadata value. For instance, an analyst can select to only view IP resolutions discovered from a select source, or components of a particular type (e.g. servers, frameworks). This enables users to narrow the query results to items of particular interest. Since the Threat Intelligence platform provides specific metadata that coincides with particular data types, the filter options will be different for each data set.
+
+## Resolution filters
+
+The following filters apply to resolution data:
+
+- **System Tag**: these tags are created by the Threat Intelligence system based on insights discovered by our research team.
+- **Tag**: tags that have been applied by Threat Intelligence users.
+- **ASN**: results that relate to a designated Autonomous System Number (ASN).
+- **Network**: results that relate to designated network.
+- **Source**: the data source that produced the result (e.g. riskiq, emerging_threats).
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Apply filters to each of the types of filter options noted above within the Resolutions Data blade.
+
+![Filters Resolutions](media/filtersResolutions.gif)
+
+## Tracker filters
+
+The following filters apply to tracker data:
+
+- **Type**: the identified tracker type for each artifact (e.g. JarmFuzzyHash, GoogleAnalyticsID).
+- **Address**: the IP address that directly observed the tracker or has a resolving host that observed the tracker. (Appears when searching an IP address)
+- **Hostname**: the host that observed this tracker value. (Appears when searching a domain or host)
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Navigate to the Trackers Data blade.
+3. Apply filters to each of the types of filter options noted above within the Trackers Data blade.
+
+![Filters Trackers](media/filtersTrackers.gif)
+
+## Component filters
+
+The following filters apply to component data:
+
+- **Ipaddressraw:** the IP address that coincides with the returned hostname.
+- **Type:** the designated component type (e.g. remote access, operating system).
+- **Name:** the name of the detected component (e.g. Cobalt Strike, PHP).
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Navigate to the Components Data blade.
+3. Apply filters to each of the types of filter options noted above within the Components Data blade.
+
+![Filters Components](media/filtersComponents.gif)
+
+## Host pair filters
+
+The following filters apply to host pair data:
+
+- **Direction:** the direction of the observed connection. This indicates whether the parent redirects to the child or vice versa.
+- **Parent Hostname:** the hostname of the parent artifact.
+- **Cause:** the detected cause of the host parent / child relationship (e.g. redirect, iframe.src).
+- **Child Hostname:** the hostname of the child artifact.
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Navigate to the Host Pairs Data blade.
+3. Apply filters to each of the types of filter options noted above within the Host Pairs Data blade.
+
+![Filters Host Pairs](media/filtersHostPairs.gif)
+
+## DNS & Reverse DNS filters
+
+The following filters apply to DNS and Reverse DNS data:
+
+- **Record Type:** the type of record detected in the DNS record (e.g. NS, CNAME).
+- **Value:** the designated value of the record (e.g. nameserver.host.com).
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Navigate to the DNS and later, Reverse DNS Data blades.
+3. Apply filters to each of the types of filter options noted above within the DNS and Reverse DNS Data blades.
+
+![Filters DNS](media/filtersDNS.gif)
+
+## Downloading data
+
+In Defender TI, there are various sections that a user can download data as a csv export. Users need to look out for the download icon to export data as a csv.
+
+![Download Icon](media/downloadIcon.png)
+
+Data can be downloaded within the following sections:
+
+- Most Data Set blades
+- Project
+- Threat Intelligence Article
+
+The following headers are exported as a result of downloading Resolutions, DNS, and reverse DNS data:
+
+| | |
+|-|-|
+| **Resolve** | A record associated with the domain searched (resolving IP Address) or domain that has resolved to an IP address when an IP address is searched |
+| **Location** | Country the IP address is hosted in |
+| **Network** | Netblock or subnet |
+| **autonomousSystemNumber** | Autonomous System Number |
+| **firstSeen** | Date / Time when Microsoft first observed the resolution (format: mm/dd/yyyy hh:mm) |
+| **lastSeen** | Date / Time when Microsoft last observed the resolution (format: mm/dd/yyyy hh:mm) |
+| **Source** | Source that observed this resolution |
+| **Tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading Subdomains data:
+
+| | |
+|-|-|
+| **hostname** | Subdomain of the domain searched |
+| **tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading Trackers data:
+
+| | |
+|-|-|
+| **hostname** | Hostname that observed or is currently observing the tracker |
+| **firstSeen** | Date / Time when Microsoft first observed the hostname was using the tracker (format: mm/dd/yyyy hh:mm) |
+| **lastSeen** | Date / Time when Microsoft first observed the hostname was using the tracker (format: mm/dd/yyyy hh:mm) |
+| **attributeType** | Type of tracker |
+| **attributeValue** | Tracker value |
+| **Tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading Components data:
+
+| | |
+|-|-|
+| **hostname** | Hostname that observed or is currently observing the component |
+| **firstSeen** | Date / Time when Microsoft first observed the hostname was using the tracker (format: mm/dd/yyyy hh:mm |
+| **lastSeen** | Date / Time when Microsoft last observed the hostname was using the component (format: mm/dd/yyyy hh:mm |
+| **category** | Type of component |
+| **name** | Name of the component |
+| **version** | Version of the component |
+| **Tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading Host Pairs data:
+
+| | |
+|-|-|
+| **parentHostname** | The hostname that is reaching out to the child hostname |
+| **childHostname** | The hostname that is feeding assets they host to the parent hostname. |
+| **firstSeen** | Date / Time when Microsoft first observed the relationship between the parent and child hostname (format: mm/dd/yyyy hh:mm) |
+| **lastSeen** | Date / Time when Microsoft last observed the relationship between the parent and child hostname (format: mm/dd/yyyy hh:mm) |
+| **attributeCause** | The cause of the relationship between the parent and child hostname |
+| **Tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading Hashes data:
+
+| | |
+|--|-|
+| **source** | The source who observed the MD5 hash sample |
+| **sample** | The MD5 hash |
+| **collection date** | The collection date captured by the source |
+
+The following headers are exported as a result of downloading Cookies data:
+
+| | |
+|-|-|
+| **hostname** | Hostname that observed the Cookie name |
+| **firstSeen** | When the Cookie name was first observed to the hostname originating from the Cookie Domain (format: mm/dd/yyyy hh:mm) |
+| **lastSeen** | Date / time when the Cookie name was last observed to the hostname originating from the Cookie Domain (format: mm/dd/yyyy hh:mm) |
+| **cookieName** | Name of the cookie |
+| **cookieDomain** | The domain nameΓÇÖs server the cookie name originated from |
+| **Tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading projects lists for my, team, and shared projects:
+
+| | |
+|-|-|
+| **name** | Name of project |
+| **artifacts (count)** | Count of artifacts within the project |
+| **created by (user)** | User who created the project |
+| **created on** | When the project was created |
+| **tags** | Custom or system tags associated with the artifact |
+| **collaborators** | Who has been added as collaborator(s) to the project. This is only visible for projects that have been downloaded from the My Projects and Shared Projects pages. |
+
+The following headers are exported as a result of downloading project details (artifacts) from a project:
+
+| | |
+|-|-|
+| **artifact** | Artifact value (e.g. IP address, domain, host, WHOIS value, certificate SHA-1, etc.) |
+| **type** | Type of artifact (e.g. IP, domain, host, WHOIS Organization, WHOIS Phone, Certificate SHA-1, etc.) |
+| **created** | Date / Time when the artifact was added to the project (format: mm/dd/yyyy hh:mm) |
+| **creator** | Email address of user who added the artifact |
+| **context** | How the artifact was added to the project |
+| **tags** | Custom or system tags associated with the artifact |
+| **collaborators** | Who has been added as collaborator(s) to the project. This is only visible for projects that have been downloaded from the My Projects and Shared Projects pages. |
+
+The following headers are exported as a result of downloading threat intelligence public or riskiq indicators:
+
+| | |
+|-|-|
+| **type** | Type of indicator (e.g. ip, certificate, domain, hash_sha256) |
+| **value** | Value of the indicator (e.g. IP address, domain, hostname) |
+| **source** | Source of indicator (RiskIQ or OSINT) |
+
+## Next steps
+
+For more information, see [Data sets](data-sets.md).
threat-intelligence Using Projects https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/using-projects.md
+
+ Title: 'Using Projects with Microsoft Defender Threat Intelligence (MDTI)'
+description: 'Learn how to manage projects using Microsoft Defender Threat Intelligence (MDTI).'
++++ Last updated : 08/02/2022+++
+# Using projects
+
+The Microsoft Defender Threat Intelligence (Defender TI) platform allows users to develop private personal or team project types for organizing indicators of interest and indicators of compromise from an investigation. Projects contain a listing of all associated artifacts and a detailed history that retains the names, descriptions, collaborators, and monitoring profiles.
+
+When a user searches an IP address, domain, or host in Defender TI, if that indicator is listed within a project the user has access to, the user can select the Projects blade within the Intelligence section and navigate to the details of the project for more context about the indicator before reviewing the other data sets for more information. Alternatively, users can view their private team projects by selecting the Projects icon on the left-hand menu pane.
+
+Visiting a project's details shows a listing of all associated artifacts and a detailed history that retains all the context described above. Users within the same organization no longer need to spend time communicating back and forth. Threat actor profiles can be built within Defender TI and serve as a "living" set of indicators. As new information is discovered or found, it can be added to that project.
+
+The Defender TI platform allows users to develop multiple project types for organizing indicators of interest and indicators of compromise from an investigation.
+
+The owner of a project can add collaborators (users listed in their Azure tenant with a Defender TI Premium license). This grants the collaborator(s)ΓÇÖ permissions to make any changes to the project as if they were the owner of the project. The exception being that collaborators cannot delete projects. Collaborators will view projects that have been shared with them in the Shared Projects section of the Projects Home Page.
+
+Users can also download artifacts within a project by selecting the download icon. This is a great way for threat hunting teams to use their findings from an investigation to block indicators of compromise or build additional detection rules within their SIEM.
+
+**Questions Projects May Help Answer:**
+
+- Has one of my fellow team members created a Team project that includes this indicator?
+
+ - If so, what other related indicators of compromise has this team member captured and what description as well as tags did they include to describe the type of investigation?
+
+- When did this team member last edit the project?
+
+ ![Projects Detailed Project Chrome Screenshot](media/projectsDetailedProjectChromeScreenshot.png)
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+ > [!NOTE]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## Open Defender TIΓÇÖs Threat Intelligence Home Page
+
+1. Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/).
+2. Complete Microsoft authentication to access portal.
+
+## Creating a Project
+
+Users can create a project in two different ways, through the Projects Home Page or while investigating results.
+
+When logging into the Defender TI Projects Home Page, users are presented with a dashboard showing projects they own or that have been shared with other Defender TI users in their tenant. Directly from this view, users can decide to create a new project, simply by selecting the "+" icon or visit the project page using the left-hand drawer menu.
+
+1. To create a project from the Project Home Page, navigate to the ΓÇÿProjectsΓÇÖ icon and select the ΓÇÿAdd New ProjectΓÇÖ icon within the Projects Home Page.
+
+ ![Add to Project](media/projectsAddProject.png)
+
+ When conducting searches within Defender TI, users can select ΓÇÿAdd to ProjectΓÇÖ to add the artifact (indicator of compromise) to an existing project or create a new project to add the artifact to.
+
+2. To create a project through an investigation, perform an indicator search from the Threat Intelligence search bar and click on the ΓÇÿAdd to ProjectΓÇÖ icon.
+
+3. If creating a new project, select the ΓÇÿAdd New ProjectΓÇÖ link, fill in the required fields and ΓÇÿSaveΓÇÖ your new project. If you already have an existing project you would like to add the artifact to, please select or scroll down and select the project you want.
+
+ ![Add New Project](media/projectsAddNewProjectDetails.png)
+
+## Managing Projects
+
+Once a user has created projects, they can manage them inside of the Projects portion of the platform. The initial Project Home page highlights all the projects the user can see and provides filtering methods based on project properties. The Project Home page defaults to the Team projects associated with Defender TI users in their tenant. They have the option to select any personal projects they have created as well as projects that have been shared with them to contribute to.
+
+![Managing Projects](media/projectsHomePage.png)
+
+1. Users can view the details of a project simply by clicking on the project name.
+2. Depending on the level of access, users can then make changes to the project directly by clicking the edit button in the top right corner.
+3. Users may also delete a project if they are the owner of the project. They can also choose to manually add artifacts using the "Add Artifacts" button in the top right corner.
+
+## Best Practices
+
+When it comes to using Defender TI to investigate potential threats, we recommend executing the following workflows as these steps will enable you to gather strategic and operational intelligence before diving into tactical intelligence.
+
+Users can perform various types of searches within Defender TI. As such, itΓÇÖs important to approach your intelligence gathering method in a way that presents you with broad results before diving into investigating specific indicators. For example, if you search an IP address against the Defender TI Home Page, what articles have an association with that IP address? What information do these articles present about the IP address that you wouldnΓÇÖt otherwise find navigating directly to the IP addressΓÇÖ Data tab for dataset enrichment. For example, has this IP address been identified as a possible C2, who is the threat actor, what other related indicators of compromise is listed in the article, what TTPs is the threat actor using and who are they targeting?
+
+In addition to performing various types of searches with Defender TI, users can collaborate on investigations together. That said, users are encouraged to create projects, add indicators related to an investigation to a project and add collaborators to a project if more than one person is working on the same investigation. This helps reduce time spent analyzing the same IOCs and should result in a quicker workflow observed.
threat-intelligence Using Tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/using-tags.md
+
+ Title: 'Using Tags in Microsoft Defender Threat Intelligence (Defender TI)'
+Description: 'In this how-to article, learn about the tag types and how to add, modify, delete and search custom tags in Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# Using tags
+Microsoft Defender Threat Intelligence (Defender TI) tags are used to provide quick insight about an artifact, whether derived by the system or generated by other users. Tags aid analysts in connecting the dots between current incidents and investigations and their historical context for improved analysis.
+
+The Defender TI platform offers two types of tags: system and custom tags.
+
+![Using Tags Chrome HomePage](media/UsingTagsChromeHomePage.png)
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+ > [!NOTE]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## System tags
+
+These tags are automatically generated by the platform for users to guide their analysis and require no input or effort on the user's part.
+
+System tags can include:
+
+- **Routable:** indicates that the artifact is accessible.
+- **ASN:** pulls an abbreviated portion of an IP address ASN description into a tag to provide analysts context into who the IP address belongs to.
+- **Dynamic:** indicates if a domain is owned by a dynamic DNS service such as No-IP or Change IP.
+- **Sinkhole:** indicates that an IP address is a research sinkhole used by security organizations to investigate attack campaigns and therefore the domains associated will not be directly connected to each other.
+
+![Tags System](media/tagsSystem.png)
+
+## Custom tags
+
+Custom Tags inside of Defender TI to bring context to indicators of compromise (IOCs) and make analysis even simpler by identifying those domains that are known bad from public reporting or that have been categorized by your company's analysts. These tags are created manually by users based on their own investigations. These tags enable users to share key insights about an artifact with other Defender TI Premium license users within their tenant.
+
+![Tags Custom](media/tagsCustom.png)
+
+## Adding, Modifying, and Removing Tags
+
+Users have the ability to add their custom own tags to the tag cluster by entering them into the tag bar. These tags are viewable to the individual user and the user's team members if their organization is a Defender TI customer. Tags entered into the system are private and not shared with the larger community.
+
+Just as users can add tags, they can also modify or remove them. Once a tag is added by a user, it can be modified or removed by that same user or by another paid licensed user within their Enterprise organization. This allows for easy collaboration amongst the Security team.
+
+1. Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/) .
+2. Complete Microsoft authentication to access portal.
+3. Search an indicator in the Threat Intelligence search bar that you would like to add tag(s) for.
+
+ ![Tags Search](media/tagsSearch.png)
+
+4. Select the ΓÇÿEdit TagsΓÇÖ drop-down in the upper left-hand corner of the Defender TI portal.
+
+ ![Tags Search Edit Tags](media/tagsSearchEditTags.png)
+
+5. Add any tags you would like to associate with this indicator.
+
+ > [!Note]
+ > Press the Tab key to add a new indicator.
+
+ ![Tags Search Add Tags](media/tagsSearchAddTags.png)
+
+6. Once all your tags have been added, save your changes by selecting the Save button.
+
+ ![Tags Search Save Tags](media/tagsSearchSaveTags.png)
+
+7. To edit tags, repeat step 3. Remove any tags by selecting the ΓÇÿXΓÇÖ at the end of the tag name or add new tags as you did in step 4.
+
+8. Save your changes.
+
+ ![Tags Search Tags](media/tagsSearchTags.png)
+
+## Viewing and Searching Tags
+
+Users can view tags that were added by themselves or others within their tenant after searching an IP, domain, or host artifact.
+
+![Tags Custom](media/tagsCustom.png)
+
+1. Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/).
+2. Complete Microsoft authentication to access portal.
+3. Users can search against custom tags via Defender TIΓÇÖs Threat Intelligence Search by selecting the Tag search type in the Threat Intelligence search bar drop-down and searching against the tag value to identify all other indicators that share that same tag value.
+
+ ![Search Tag](media/searchTag.png)
+
+Common Tag Use Case Workflow
+LetΓÇÖs say a triage analyst investigates an incident and finds that it is related to phishing. That analyst can add ΓÇ£phishΓÇ¥ as a tag to the indicators of compromise related to that incident. Later, the incident response and threat hunting team can further analyze these indicators of compromise and work with their cyber threat intelligence counterparts to identify which actor group was responsible for their phishing incident. They can then add another ΓÇ£[actor name]ΓÇ¥ tag to those indicators of compromise or what infrastructure was used that connected them to other related indicators of compromise, such as a ΓÇ£[SHA-1 hash]ΓÇ¥ custom tag.
+
+## Next steps
+
+For more information, see:
+
+- [What is Microsoft Defender Threat Intelligence (Defender TI)?](what-is-microsoft-defender-threat-intelligence-defender-tI.md)
+- [Data sets](data-sets.md)
+- [Sorting, filtering, and downloading data](sorting-filtering-and-downloading-data.md)
+- [Reputation scoring](reputation-scoring.md)
+- [Analyst insights](analyst-insights.md)
+- [Using projects](using-projects.md)
threat-intelligence What Is Microsoft Defender Threat Intelligence Defender Ti https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-tI.md
+
+ Title: 'What is Microsoft Defender Threat Intelligence (Defender TI)?'
+description: 'In this overview article, learn about the main features that come with Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# What is Microsoft Defender Threat Intelligence (Defender TI)?
+
+Microsoft Defender Threat Intelligence (Defender TI) is a platform that streamlines triage, incident response, threat hunting, vulnerability management, and cyber threat intelligence analyst workflows when conducting threat infrastructure analysis and gathering threat intelligence. Analysts spend a significant amount of time on data discovery, collection, and parsing, instead of focusing on what actually helps their organization defend themselves--deriving insights about the actors through analysis and correlation.?
+
+Often, analysts must go to multiple repositories to obtain the critical data sets they need to assess a suspicious domain, host, or IP address. DNS data, WHOIS information, malware, and SSL certificates provide important context to indicators of compromise (IOCs), but these repositories are widely distributed and donΓÇÖt always share a common data structure, making it difficult to ensure analysts have all relevant data needed to make a proper and timely assessment of suspicious infrastructure.
+
+Interacting with these data sets can be cumbersome and pivoting between these repositories is time-consuming, draining the resources of security operations groups that constantly need to re-prioritize their response efforts.
+
+Cyber Threat Intelligence Analysts struggle with balancing a breadth of threat intelligence ingestion with the analysis of which threat intelligence poses the biggest threats to their organization and/or industry.
+
+In the same breadth, Vulnerability Intelligence Analysts battle correlating their asset inventory with CVE information to prioritize the investigation and remediation of the most critical vulnerabilities associated with their organization.
+
+MicrosoftΓÇÖs goal is to re-imagine the analyst workflow by developing a platform, Defender TI, that aggregates and enriches critical data sources and displays data in an innovative, easy to use interface to correlate when indicators are linked to articles and vulnerabilities, infrastructure chain together indicators of compromise (IOCs), and collaborate on investigations with fellow Defender TI licensed users within their tenant. With security organizations actioning an ever-increasing amount of intelligence and alerts within their environment, having a Threat Analysis & Intelligence Platform that allows for accurate and timely assessments of alerting is important.
+
+Below is a screenshot of Defender TIΓÇÖs Threat Intelligence Home Page. Analysts can quickly scan new featured articles as well as begin their intelligence gathering, triage, incident response, and hunting efforts by performing a keyword, artifact or CVE-ID search.
+
+![TI Overview Edge Screenshot](media/tiOverviewEdgeScreenshot.png)
+
+## Defender TI articles
+Articles are narratives by Microsoft that provide insight into threat actors, tooling, attacks, and vulnerabilities. Defender TI featured and articles are not blog posts about threat intelligence; while they summarize different threats, they also link to actionable content and key indicators of compromise to help users take action. By including this technical information in the threat summaries, we enable users to continually track threat actors, tooling, attacks, and vulnerabilities as they change.
+
+## Featured articles
+
+The featured article section of the Defender TI Threat Intelligence Home Page (right below the search bar) shows you the featured Microsoft content:
+
+![TI Overview Featured Articles](media/tiOverviewFeaturedArticles.png)
+
+Clicking the article takes you to the underlying article content. The article synopsis gives the user a quick understanding of the article. The Indicators call-out shows how many Public and Defender TI indicators are associated with the article.
+
+![TI Overview Featured Article](media/tiOverviewFeaturedArticle.png)
+
+## Articles
+
+All articles (including featured articles) are listed under the Microsoft Defender TI Threat Intelligence Home Page articles section, ordered by their creation date (descending):
+
+![TI Overview Articles](media/tiOverviewArticles.png)
+
+## Article descriptions
+
+The description section of the article detail screen contains information about the attack or attacker profiled. The content can range from very short (in the case of OSINT bulletins) or quite long (for long-form reporting ΓÇô especially when Microsoft has augmented the report with content). The longer descriptions may contain images, links to the underlying content, links to searches within Defender TI, attacker code snippets, and firewall rules to block the attack:
+
+![TI Overview Article Description](media/tiOverviewArticleDescription.png)
+
+## Public indicators
+
+The public indicators section of the screen shows the previously published indicators related to the article. The links in the public indicators take one to the underlying Defender TI data or relevant external sources (e.g., VirusTotal for hashes).
+
+![TI Overview Article Public Indicators](media/tiOverviewArticlePublicIndicators.png)
+
+## Defender TI indicators
+
+The Defender TI indicators section covers the indicators that Defender TIΓÇÖs research team has found and added to the articles.
+
+These links also pivot into the relevant Defender TI data or the corresponding external source.
+
+![TI Overview Article Defender TI Indicators](media/tiOverviewArticleDefenderTiIndicators.png)
+
+## Vulnerability articles
+
+Defender TI offers CVE-ID searches to help users identify critical information about the CVE. CVE-ID searches result in Vulnerability Articles.
+
+Vulnerability Articles provide key context behind CVEs of interest. Each article contains a description of the CVE, a list of affected components, tailored mitigation procedures and strategies, related intelligence articles, references in Deep & Dark Web chatter, and other key observations. These articles provide deeper context and actionable insights behind each CVE, enabling users to more quickly understand these vulnerabilities and quickly mitigate them.
+
+Vulnerability Articles also include a Defender TI Priority Score and severity indicator. The Defender TI Priority Score is a unique algorithm which reflects the priority of a CVE based on the CVSS score, exploits, chatter, and linkage to malware. Furthermore, the Defender TI Priority Score evaluates the recency of these components so users can understand which CVEs should be remediated first.
+
+## Reputation scoring
+
+Defender TI provides proprietary reputation scores for any Host, Domain, or IP Address. Whether validating the reputation of a known or unknown entity, this score helps users quickly understand any detected ties to malicious or suspicious infrastructure. The platform provides quick information about the activity of these entities, such as First and Last Seen timestamps, ASN, country, associated infrastructure, and a list of rules that impact the reputation score when applicable.
+
+![Reputation Summary Card](media/reputationSummaryCard.png)
+
+IP reputation data is important to understanding the trustworthiness of your own attack surface and is also useful when assessing unknown hosts, domains or IP addresses that appear in investigations. These scores will uncover any prior malicious or suspicious activity that impacted the entity, or other known indicators of compromise that should be considered.
+
+For more information, see [Reputation scoring](reputation-scoring.md).
+
+## Analyst insights
+
+Analyst insights distill MicrosoftΓÇÖs vast data set into a handful of observations that simplify the investigation and make it more approachable to analysts of all levels.
+
+Insights are meant to be small facts or observations about a domain or IP address and provide Defender TI users with the ability to make an assessment about the artifact queried and improve a user's ability to determine if an indicator being investigated is malicious, suspicious, or benign.
+
+For more information, see [Analyst insights](analyst-insights.md).
+
+![Summary Tab Analyst Insights](media/summaryTabAnalystInsights.png)
+
+## Data sets
+Microsoft centralizes numerous data sets into a single platform, Defender TI, making it easier for MicrosoftΓÇÖs community and customers to conduct infrastructure analysis. MicrosoftΓÇÖs primary focus is to provide as much data as possible about Internet infrastructure to support a variety of security use cases.
+
+Microsoft collects, analyzes, and indexes internet data to assist users in detecting and responding to threats, prioritizing incidents, and proactively identifying adversariesΓÇÖ infrastructure associated with actor groups targeting their organization. Microsoft collects internet data via itsΓÇÖ PDNS sensor network, global proxy network of virtual users, port scans, and leverages third-party sources for malware and added Domain Name System (DNS) data.
+
+This internet data is categorized into two distinct groups: traditional and advanced. Traditional data sets include Resolutions, WHOIS, SSL Certificates, Subdomains, Hashes, DNS, Reverse DNS, and Services. Advanced data sets include Trackers, Components, Host Pairs, and Cookies. Trackers, Components, Host Pairs, and Cookies data sets are collected from observing the Document Object Model (DOM) of web pages crawled. Additionally, Components and Trackers are also observed from detection rules that are triggered based on the banner responses from port scans or SSL Certificate details. Many of these data sets have various methods to sort, filter, and download data, making it easier to access information that may be associated with a specific artifact type or time in history.
+
+For more information, see:
+
+- [Sorting, filtering, and downloading data](sorting-filtering-and-downloading-data.md)
+- [Data sets](data-sets.md)
+
+![ti Overview Data Sets](media/tiOverviewDataSets.png)
+
+## Tags
+
+Defender TI tags are used to provide quick insight about an artifact, whether derived by the system or generated by other users. Tags aid analysts in connecting the dots between current incidents and investigations and their historical context for improved analysis.
+
+The Defender TI platform offers two types of tags: system tags and custom tags.
+
+For more information, see [Using tags](using-tags.md).
+
+![Tags Custom](media/tagsCustom.png)
+
+## Projects
+
+MicrosoftΓÇÖs Defender TI platform allows users to develop multiple project types for organizing indicators of interest and indicators of compromise from an investigation. Projects contain a listing of all associated artifacts and a detailed history that retains the names, descriptions, and collaborators.
+
+When a user searches an IP address, domain, or host in Defender TI, if that indicator is listed within a project the user has access to, the user can see a link to the project from the Projects sections in the Summary tab as well as Data tab. From here, the user can navigate to the details of the project for more context about the indicator before reviewing the other data sets for more information. This helps analysts to avoid reinventing the wheel of an investigation one of their Defender TI tenant users may have already started or add onto that investigation by adding new artifacts (indicators of compromise) related to that project (if they have been added as a collaborator to the project).
+
+For more information, see [Using projects](using-projects.md).
+
+![Defender TI Overview Projects](media/defenderTIOverviewProjects.png)
+
+## Data residency, availability, and privacy
+
+Microsoft Defender Threat Intelligence contains both global data and customer-specific data. The underlying internet data is global Microsoft data; labels applied by customers are considered customer data. All customer data is stored in the region of the customerΓÇÖs choosing.
+
+For security purposes, Microsoft collects users' IP addresses when they log in. This data is stored for up to 30 days but may be stored longer if needed to investigate potential fraudulent or malicious use of the product.
+
+In the case of a region down scenario, customers should see no downtime as Defender TI uses technologies that replicate data to a backup regions.
+
+Defender TI processes customer data. By default, customer data is replicated to the paired region.
+
+## Next steps
+
+For more information, see:
+
+- [Quickstart: Learn how to access Microsoft Defender Threat Intelligence and make customizations in your portal](learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal.md)
+- [Data sets](data-sets.md)
+- [Searching and pivoting](searching-and-pivoting.md)
+- [Sorting, filtering, and downloading data](sorting-filtering-and-downloading-data.md)
+- [Infrastructure chaining](infrastructure-chaining.md)
+- [Reputation scoring](reputation-scoring.md)
+- [Analyst insights](analyst-insights.md)
+- [Using projects](using-projects.md)
+- [Using tags](using-tags.md)
admin Mailbox Usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/mailbox-usage.md
description: "Learn how to get the Mailbox usage report to find out about activi
# Microsoft 365 Reports in the admin center - Mailbox usage
-The **Mailbox usage report** provides information about users with a user mailbox and the level of activity by each based on the email send, read, create appointment, send meeting, accept meeting, decline meeting and cancel meeting activity. It also provides information about how much storage has been consumed by each user mailbox, and how many of them are approaching storage quotas.
+The **Mailbox usage report** provides information about users with a user mailbox and the level of activity by each based on the email send, read, create appointment, send meeting, accept meeting, decline meeting and cancel meeting activity. It also provides information about how much storage has been consumed by each user mailbox, and how many of them are approaching storage quotas. The mailbox usage report also contains information on mailboxes shared amongst users, providing storage and quota data on shared mailboxes.
## How to get to the mailbox usage report
The **Mailbox usage report** provides information about users with a user mailbo
2. Select **View More** under **Email activity**. 3. From the **Email activity** drop-down list, select **Exchange** \> **Mailbox usage**.
-## Interpret the mailbox usage report
+## Interpret the Mailbox usage report
-You can get a view into your organization's **Mailbox usage** by looking at the **Mailbox**, **Storage** and **Quota** charts.
+You can get a view into your organization's mailbox usage by looking at the **Mailbox**, **Storage** and **Quota** charts.
+
+To access shared mailbox information, change the drop-down selection at the top right of the charts to **Shared**. If your tenant does not have shared mailboxes, you will not be able to view any shared mailbox information. Also note that if youΓÇÖve opted to view shared charts, currently you will not be able to export the chart information. This is a known issue and will be corrected in a future iteration.
:::image type="content" alt-text="Mailbox usage report." source="../../media/9f610e91-cbc1-4e59-b824-7b1ddd84b738.png" lightbox="../../media/9f610e91-cbc1-4e59-b824-7b1ddd84b738.png"::: The **Mailbox usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated). The data in each report usually covers up to the last 24 to 48 hours.
-The **Mailbox** chart shows you the total number of user mailbox in your organization, and the total number that are active on any given day of the reporting period. A user mailbox is considered active if it had an email send, read, create appointment, send meeting, accept meeting, decline meeting and cancel meeting activity.
+### The Mailbox chart
+
+The **Mailbox** chart shows you the total number of user or shared mailboxes in your organization, and the total number that are active on any given day of the reporting period. A user or shared mailbox is considered active if it had an email send, read, create appointment, send meeting, accept meeting, decline meeting and cancel meeting activity.
-The **Storage** chart shows you amount of storage used in your organization. Storage Chart doesn't include archive mailboxes. For more information about auto-expanding archiving, see [Overview of auto-expanding archiving in Microsoft 365](../../compliance/autoexpanding-archiving.md).
+On the Mailbox chart:
+- The Y axis is the number of user or shared mailboxes.
+- The X axis is the selected date range for this specific report.
-The **Quota** chart shows you the number of user mailboxes in each quota category. There are four quota categories:
-- Good: The number of users whose storage used is below the "issue warning" quota.-- Warning: The number of users whose storage used is at or above the "issue warning" quota, but below the "prohibit send" quota.-- Can't send: The number of users whose storage used is at or above the prohibit send quota, but below the prohibit send/receive quota.-- Can't send/receive: The number of users whose storage used is at or above the "prohibit send/receive" quota.
+### The Storage chart
-On the Mailbox chart, the Y axis is the count of user mailboxes.
+The **Storage** chart shows you amount of storage used in your organization by mailbox type. Storage Chart doesn't include archive mailboxes. For more information about auto-expanding archiving, see [Overview of auto-expanding archiving in Microsoft 365](../../compliance/autoexpanding-archiving.md).
-On the Storage chart, the Y axis is the amount of storage being used by user mailboxes in your organization.
+On the Storage chart:
+- The Y axis is the amount of storage being used by user or shared mailboxes in your organization.
+- The X axis is the selected date range for this specific report.
-The X axis on the Mailbox and Storage charts is the selected date range for this specific report.
+### The Quota chart
-On the Quota chart, the Y axis is the number of user mailboxes in each storage quota. And the X axis is the quota category.
+The **Quota** chart shows you the number of user or shared mailboxes in each quota category. There are four quota categories:
+- Good: The number of users or shared mailboxes whose storage used is below the "issue warning" quota.
+- Warning: The number of users or shared mailboxes whose storage used is at or above the "issue warning" quota, but below the "prohibit send" quota.
+- Can't send: The number of users or shared mailboxes whose storage used is at or above the prohibit send quota, but below the prohibit send/receive quota.
+- Can't send/receive: The number of users or shared mailboxes whose storage used is at or above the "prohibit send/receive" quota.
+
+On the Quota chart:
+- The Y axis is the number of user or shared mailboxes in each storage quota.
+- The X axis is the quota category.
You can filter charts you see by selecting an item in the legend.
-The table shows you a breakdown of mailbox usage at the per-user level. You can add additional columns to the table.
+## Mailbox usage per mailbox table
+
+This table shows you a breakdown of mailbox usage at the per mailbox level. You can add additional columns to the table.
|Item|Description| |:--|:--|
+|Recipient type |Either Shared or User. |
|User name |The email address of the user. | |Display Name |The full name of the user. | |Deleted |The mailbox whose current state is deleted, but was active during some part of the reporting period of the report.|
The table shows you a breakdown of mailbox usage at the per-user level. You can
|Has Archive|Shows if the mailbox has an online archive enabled. |
-If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **Hide user details in the reports** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md.
+If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **Hide user details in the reports** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md).
Select **Choose columns** to add or remove columns from the report. <br/> :::image type="content" alt-text="Mailbox usage report - choose columns." source="../../media/ea3d0b18-6ac6-41b0-9bb9-4844f040ea75.png":::
admin About Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-admin-roles.md
search.appverid:
- MET150 - MOE150 ms.assetid: da585eea-f576-4f55-a1e0-87090b6aaa9d
-description: "Learn about admin roles, such as the Service admin role, which map to specific business functions and give permissions to do specific tasks in the admin center."
+description: "Learn about admin roles, such as the global admin role, or the service admin role. Roles map to specific business functions and give permissions to do specific tasks in the Microsoft 365 admin center."
# About admin roles in the Microsoft 365 admin center
You'll probably only need to assign the following roles in your organization. By
|Groups admin | Assign the groups admin role to users who need to manage all groups settings across admin centers, including the Microsoft 365 admin center and Azure Active Directory portal. <br><br> Groups admins can:<br> - Create, edit, delete, and restore Microsoft 365 groups <br> - Create and update group creation, expiration, and naming policies <br> - Create, edit, delete, and restore Azure Active Directory security groups| |Helpdesk admin | Assign the Helpdesk admin role to users who need to do the following:<br> - Reset passwords <br> - Force users to sign out <br> - Manage service requests <br> - Monitor service health <br> <br> **Note**: The Helpdesk admin can only help non-admin users and users assigned these roles: Directory reader, Guest inviter, Helpdesk admin, Message center reader, and Reports reader. | |License admin | Assign the License admin role to users who need to assign and remove licenses from users and edit their usage location. <br/><br/> License admins also can: <br> - Reprocess license assignments for group-based licensing <br> - Assign product licenses to groups for group-based licensing |
+|Message center privacy reader | Assign the Message center privacy reader role to users who need to read privacy and security messages and updates in the Microsoft 365 Message center. Message center privacy readers may get email notifications related to data privacy, depending on their preferences, and they can unsubscribe using Message center preferences. Only global administrators and Message center privacy readers can read data privacy messages. This role has no permission to view, create, or manage service requests. <br><br>Message center privacy readers can also: <br> - Monitor all notifications in the Message Center, including data privacy messages <br> - View groups, domains, and subscriptions |
+|Message center reader | Assign the Message center reader role to users who need to do the following: <br> - Monitor message center notifications <br> - Get weekly email digests of message center posts and updates <br> - Share message center posts <br> - Have read-only access to Azure AD services, such as users and groups|
|Office Apps admin | Assign the Office Apps admin role to users who need to do the following: <br> - Use the Office cloud policy service to create and manage cloud-based policies for Office <br> - Create and manage service requests <br> - Manage the What's New content that users see in their Office apps <br> - Monitor service health | |Password admin | Assign the Password admin role to a user who needs to reset passwords for non-administrators and Password Administrators. |
-|Message center reader | Assign the Message center reader role to users who need to do the following: <br> - Monitor message center notifications <br> - Get weekly email digests of message center posts and updates <br> - Share message center posts <br> - Have read-only access to Azure AD services, such as users and groups|
|Power Platform admin | Assign the Power Platform admin role to users who need to do the following: <br> - Manage all admin features for Power Apps, Power Automate, and Microsoft Purview Data Loss Prevention <br> - Create and manage service requests <br> - Monitor service health | |Reports reader | Assign the Reports reader role to users who need to do the following: <br> - View usage data and the activity reports in the Microsoft 365 admin center <br> - Get access to the Power BI adoption content pack <br> - Get access to sign-in reports and activity in Azure AD <br> - View data returned by Microsoft Graph reporting API| |Service Support admin | Assign the Service Support admin role as an additional role to admins or users who need to do the following in addition to their usual admin role: <br> - Open and manage service requests <br> - View and share message center posts <br> - Monitor service health |
admin Add Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-users.md
- Adm_O365_Setup - Adm_TOC
+- VSBFY23
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
admin Let Users Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/let-users-reset-passwords.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- MSStore_Link - TRN_M365B - OKR_SMB_Videos
admin Resend User Password https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/resend-user-password.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- VSBFY23
search.appverid: - BCS160 - MET150
admin Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/reset-passwords.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- TopSMBIssues - MSStore_Link - TRN_M365B
admin Set Password To Never Expire https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/set-password-to-never-expire.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- MSStore_Link - AdminSurgePortfolio - AdminTemplateSet
admin Admin Center Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-center-overview.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - adminvideo - admindeeplinkMAC
admin Admin Mobile App https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-mobile-app.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
admin Sign Up For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/sign-up-for-office-365.md
- Adm_TOC - commerce_signup
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - okr_SMB
admin What Is Microsoft 365 For Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-is-microsoft-365-for-business.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo - intro-overview
admin What Subscription Do I Have https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-subscription-do-i-have.md
- Adm_TOC - commerce_subscriptions
+- VSBFY23
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
admin Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/overview.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet search.appverid:
admin Set Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/set-up.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet search.appverid:
admin Add Or Remove Members From Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/add-or-remove-members-from-groups.md
f1.keywords: NOCSH -+ audience: Admin
admin Compare Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/compare-groups.md
f1.keywords: CSH -+ audience: Admin
admin Create Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/create-groups.md
f1.keywords: CSH -+ audience: Admin
admin Manage Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-groups.md
f1.keywords: NOCSH -+ audience: Admin
admin Manage Guest Access In Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-guest-access-in-groups.md
f1.keywords: NOCSH -+ audience: Admin
admin Office 365 Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md
f1.keywords: NOCSH -+ audience: Admin
admin Restore Deleted Group https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/restore-deleted-group.md
f1.keywords: CSH -+ audience: Admin
admin Update Dns Records To Retain Current Hosting Provider https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/update-dns-records-to-retain-current-hosting-provider.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - BCS160 - MET150
admin Add User Or Contact To Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-user-or-contact-to-distribution-list.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet search.appverid:
admin Email Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/email-collaboration.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365--+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - BCS160 - MET150
admin Get Help Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-support.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - adminvideo - AdminTemplateSet
admin Buy A Domain Name https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/buy-a-domain-name.md
- Adm_TOC - Adm_O365_Setup
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet search.appverid:
admin Change Nameservers At Any Domain Registrar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/change-nameservers-at-any-domain-registrar.md
- Adm_TOC - Adm_O365_Setup
+- VSBFY23
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
admin Create Dns Records At Any Dns Hosting Provider https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md
search.appverid:
- MET150 description: "Connect a domain at any DNS hosting provider to Microsoft 365 by verifying your domain and updating the DNS records in your registrarΓÇÖs account."
+- VSBFY23
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
admin Dns Basics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/dns-basics.md
ms.localizationpriority: high
- M365-subscription-management - Adm_O365-
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Find And Fix Issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/find-and-fix-issues.md
- Adm_TOC - Adm_O365_Setup
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Find Your Domain Registrar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/find-your-domain-registrar.md
ms.localizationpriority: high
- M365-subscription-management - Adm_O365- - Adm_O365_Setup-+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - BCS160 - MET150
admin Information For Dns Records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/information-for-dns-records.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- - Adm_O365_Setup
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet - admindeeplinkMAC
admin What Is A Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/what-is-a-domain.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- search.appverid: - BCS160 - MET150 - MOE150 ms.assetid: c33d1ba6-077c-4cea-be04-cfffbe3f3ed8 description: "Learn what a domain is and how you can buy a domain or use the default domain of your business to get started with OneDrive and Microsoft apps."-+
+- VSBFY23
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
admin Assign Licenses To Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/assign-licenses-to-users.md
- Adm_TOC - commerce_licensing
+- VSBFY23
- AdminSurgePortfolio - TopSMBIssues - SaRA
admin Centralized Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/centralized-deployment-of-add-ins.md
Should your Microsoft 365 reports show anonymous user names instead of actual us
## User and group assignments
-The Centralized Deployment feature currently supports the majority of groups supported by Azure Active Directory, including Microsoft 365 groups, distribution lists, and security groups.
+The Centralized Deployment feature currently supports the majority of groups supported by Azure Active Directory, including Microsoft 365 groups, distribution lists, dynamic groups, and security groups.
> [!NOTE] > Non-mail enabled security groups are not currently supported.
admin Find Your Partner Or Reseller https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/find-your-partner-or-reseller.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- MSStore_Link - AdminSurgePortfolio - admindeeplinkMAC
admin Idle Session Timeout Web Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/idle-session-timeout-web-apps.md
description: "Set how long user's session will last in Microsoft 365 before they
<!-- Add metadata: localization, AdminSurgePortfolio, admindeeplinkMAC. remove robots nofollow --> > [!IMPORTANT]
-> Idle session timeout isn't available for Microsoft 365 operated by 21Vianet, or Microsoft 365 Germany.
+> Idle session timeout isn't available for Microsoft 365 operated by 21Vianet or Microsoft 365 Germany.
Use idle session timeout to configure a policy on how long users are inactive in your organization before they are signed out of Microsoft 365 web apps. This helps protect sensitive company data and adds another layer of security for end users who work on non-company or shared devices.
admin Message Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/message-center.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- - AdminSurgePortfolio - okr_smb
admin Send Email As Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/send-email-as-distribution-list.md
ms.localizationpriority: medium - Adm_O365- - MSStore_Link - AdminSurgePortfolio
admin Set Password Expiration Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Test And Deploy Microsoft 365 Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps.md
For additional information about purchasing and licensing Microsoft 365 apps fro
For more info on how partners create these apps, see [How to plan a SaaS offer for the commercial marketplace](https://go.microsoft.com/fwlink/?linkid=2158277)
-The Integrated apps portal is only accessible to global admins and available to world-wide customers only. This feature is not available in sovereign and government clouds.
+The Integrated apps portal is available to world-wide customers only and can be accessed by global admins, global readers, and Exchange admins. This feature is not available in sovereign and government clouds.
The Integrated apps portal displays a list of apps, which includes single apps and Microsoft 365 apps from partners which are deployed your organization. Only web apps, SPFx apps, Office Add-ins, and Teams apps are listed. For web apps, you can see two kinds of apps.
Post deployment, admins can also manage user access to add-ins.
9. If the app has a status of **Update pending**, you can click on the app to open the **Manage** pane and update the app. 10. To just update users, select the **Users** tab and make the appropriate change. Select **Update** after making your changes.
+> [!NOTE]
+> Only the admin who deployed the add-in or a global admin can manage that add-in.
+ ## Delete an add-in You can also delete an add-in that was deployed.
You can also delete an add-in that was deployed.
## Scenarios where Exchange admin cannot deploy an add-in There are two cases in which an Exchange Admin won't be able to deploy an add-in:+ - If an add-in needs permission to MS Graph APIs and needs consent from a global admin. - If an add-in is linked to two or more add-ins and webapps, and at least one of these add-ins is deployed by another admin (exchange/global) and the user assignment is not uniform. We only allow deployment of add-ins when the user assignment is the same for all the already deployed apps.
There are two cases in which an Exchange Admin won't be able to deploy an add-in
### Which administrator role do I need to access Integrated apps?
-Only global administrators can access Integrated Apps. Integrated apps won't show up in the left nav for other administrators.
+Only global admins and Exchange admins can access Integrated Apps. Integrated apps won't show up in the left nav for other administrators.
### Why do I see Add-in in the left nav under Setting but not Integrated apps?
Integrated apps allow deployment of Web Apps, Teams app, Excel, PowerPoint, Word
### Can administrators delete or remove apps?
-Yes. Global administrators can delete or remove apps.
+Only the admin who deployed the app or add-in or a global admin can delete or remove it.
- Select an app from the list view. On the **Configuration** tab, select which apps to remove.
admin Upgrade Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/upgrade-distribution-lists.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- - AdminSurgePortfolio - AdminTemplateSet
admin Move Email And Data To Office 365 Business Premium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/move-email-and-data-to-office-365-business-premium.md
- Adm_O365 - Adm_NonTOC - SPO_Content-+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - BCS160 - MET150
admin Password Policy Recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/password-policy-recommendations.md
- Adm_O365 - Adm_NonTOC
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Set Up Dns Records Vsb https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/set-up-dns-records-vsb.md
ms.localizationpriority: high
- M365-subscription-management - Adm_O365- - Adm_O365_Setup search.appverid: - MET150 description: "Learn to verify your domain and create DNS records with Microsoft 365."
+- VSBFY23
- AdminSurgePortfolio
admin Set Up Outlook To Read Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/set-up-outlook-to-read-email.md
ms.localizationpriority: medium
+- VSBFY23
- Core_O365Admin_Migration - GSTips - MiniMaven
admin Sign Up With A Personal Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/sign-up-with-a-personal-email-address.md
ms.localizationpriority: medium
- Adm_O365 - Adm_NonTOC-+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - MET150 - MOE150
admin Add Google Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/add-google-domain.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo - admindeeplinkMAC
admin Cancel Google https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/cancel-google.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365-+
+- VSBFY23
- AdminSurgePortfolio - adminvideo monikerRange: 'o365-worldwide'
admin Connect Domain Tom365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/connect-domain-tom365.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo - admindeeplinkMAC
admin Migrate Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/migrate-email.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo - admindeeplinkMAC
admin Migrate Files Migration Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/migrate-files-migration-manager.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo monikerRange: 'o365-worldwide'
admin Move From Google Workspace Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/move-from-google-workspace-overview.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo monikerRange: 'o365-worldwide'
admin Gdpr Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/gdpr-compliance.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - BCS160 - MET150
admin Increase Threat Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/increase-threat-protection.md
- M365-identity-device-management - Adm_TOC
+- VSBFY23
- MiniMaven - MSB365 - OKR_SMB_M365
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
f1.keywords:
- CSH -+ audience: Admin
- Adm_O365 - Adm_TOC
+- VSBFY23
- MSStore_Link - AdminSurgePortfolio - okr_smb
admin Set Up Multi Factor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet - admindeeplinkMAC
admin Add Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/add-domain.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- adminvideo - TopSMBIssues - SaRA
admin Add Or Replace Your Onmicrosoftcom Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/add-or-replace-your-onmicrosoftcom-domain.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- TopSMBIssues - SaRA - MSStore_Link
admin Create Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-distribution-lists.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- search.appverid: - BCS160 - MET150 - MOE150 ms.assetid: b1ffe755-59e5-4369-826d-825f145a8400
+- VSBFY23
- seo-marvel-may2020 - AdminSurgePortfolio - okr_smb
admin Create Signatures And Disclaimers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-signatures-and-disclaimers.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - seo-marvel-may2020
admin Customize Sign In Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-sign-in-page.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Customize Your Organization Theme https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-your-organization-theme.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Employee Quick Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/employee-quick-setup.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo monikerRange: 'o365-worldwide'
admin Files To Onedrive https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/files-to-onedrive.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo search.appverid:
admin Files To Sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/files-to-sharepoint.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo search.appverid:
admin Install Applications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/install-applications.md
search.appverid:
- MOE150 ms.assetid: d0653266-31db-4f6a-a804-d34b667c16bf
+- VSBFY23
- seo-marvel-may2020 - AdminSurgePortfolio - okr_smb
admin Migrate Email And Contacts Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/migrate-email-and-contacts-admin.md
- Adm_TOC - Adm_O365_Setup
+- VSBFY23
- TopSMBIssues - okr_smb - seo-marvel-may2020
admin Plan Your Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/plan-your-setup.md
- Adm_O365_Setup - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - okr_smb - adminvideo
admin Set Up File Storage And Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-file-storage-and-sharing.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- - Adm_O365_Setup - SPO_Content
+- VSBFY23
- IT_Networking - TRN_M365B - OKR_SMB_Videos
admin Set Up Mobile Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-mobile-devices.md
- M365-identity-device-management - Adm_TOC
+- VSBFY23
- Core_O365Admin_Migration - MiniMaven - MSB365
admin Setup Apps For Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-apps-for-business.md
- Adm_O365_Setup - TRN_SMB
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
admin Setup Business Basic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-basic.md
- Adm_O365_Setup - TRN_SMB
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
admin Setup Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-standard.md
- Adm_O365_Setup - TRN_SMB
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
admin Setup Outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-outlook.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo search.appverid:
admin Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup.md
ms.localizationpriority: high
- M365-subscription-management - Adm_O365- - Adm_O365_Setup - TRN_SMB
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
admin Signup Apps Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/signup--apps-business.md
ms.localizationpriority: medium
- Adm_TOC
+- VSBFY23
- AdminSurgePortfolio description: "Sign up for Microsoft 365 Apps for business."
admin Migrate Data Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/migrate-data-business-standard.md
ms.localizationpriority: medium
- Adm_TOC
+- VSBFY23
- AdminSurgePortfolio description: "Migrate your Outlook, OneDrive and Teams data to Microsoft 365 Business Standard"
admin Signup Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/signup-business-standard.md
- Adm_TOC - AdminSurgePortfolio
+- VSBFY23
description: "Purchase Microsoft 365 Business Standard and set up your organization."
admin Signup Teams Business Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/signup-teams-business-subscription.md
ms.localizationpriority: medium
- Adm_TOC
+- VSBFY23
- AdminSurgePortfolio description: "Follow the steps in this article to sign up for Microsoft Teams as part of a business subscription."
admin User Invite Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/user-invite-business-standard.md
ms.localizationpriority: medium
- Adm_TOC
+- VSBFY23
- AdminSurgePortfolio description: "Accept invite to join a Microsoft 365 Business Standard organization"
bookings Bookings Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-overview.md
ms.localizationpriority: medium ms.assetid: 47403d64-a067-4754-9ae9-00157244c27d+ description: "An overview of the Microsoft Bookings app, which includes a web-based booking calendar and integrates with Outlook to optimize your staffΓÇÖs calendar and give your customers flexibility to book appointments."
business-premium Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/index.md
ms.audience: Admin
ms.localizationpriority: high Previously updated : 07/19/2022 Last updated : 08/01/2022 - M365-Campaigns - m365solution-overview
search.appverid:
description: "Learn how to implement cybersecurity for small or medium sized businesses with Microsoft 365 Business Premium. The cybersecurity capabilities and features are optimized to prevent cyberattacks and security breaches, and help safeguard data, devices and information with high-grade cyber defenses."
-# Microsoft 365 Business Premium ΓÇô cybersecurity for small business
+# Microsoft 365 Business Premium ΓÇô productivity and cybersecurity for small business
Let us begin by saying that you made a wise choice in adopting Microsoft 365 Business Premium and its world class productivity tools. Designed with cybersecurity in mind, Microsoft 365 Business Premium safeguards your data, devices and information. You are your organization's first and best defense against hackers and cyberattackers, including random individuals, organized crime, or highly-sophisticated nation states.
-The task before you is thisΓÇölet Microsoft 365 Business Premium help secure your organizationΓÇÖs future! Approach this task by taking on the following missions which will help you fortify your environment, train your team, and safeguard managed devices. The missions are organized as follows:
+The task before you is this: let Microsoft 365 Business Premium help secure your organizationΓÇÖs future! Approach this task by taking on the following missions which will help you fortify your environment, train your team, and safeguard managed devices. The missions are organized as follows:
- **[Fortify your environment](m365bp-setup-overview.md)** (tasks your admin does); - **[Train your team](m365bp-devices-overview.md)** (tasks that all staff members do); and
Microsoft 365 Business Premium is a comprehensive security and collaboration sol
Now, let's [fortify your environment against cyberattackers](m365bp-setup-overview.md)! > [!NOTE]
-> When a term or directive is unclear, you can find definitions in the [glossary of terms](m365bp-glossary.yml).
+> If a term or directive is unclear, see the [glossary of terms](m365bp-glossary.yml).
business-premium M365bp Secure Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-secure-users.md
Title: "How Microsoft 365 Business Premium helps your business"
+ Title: "Microsoft 365 Business Premium - Productivity and security"
f1.keywords: - NOCSH
audience: Admin
ms.localizationpriority: high Previously updated : 07/19/2022 Last updated : 07/26/2022 - M365-Campaigns - m365solution-smb
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Learn how Microsoft 365 Business Premium helps your business with productivity and security."
+description: "Learn how Microsoft 365 Business Premium helps you run your business more securely with productivity and security."
-# How Microsoft 365 Business Premium helps your business
+# Productivity and security for small- and medium-sized businesses
-Microsoft 365 Business Premium is a cost-effective solution that empowers small and medium-sized businesses to work more efficiently and more securely than before. This article describes how Microsoft 365 Business Premium can help your business or campaign. This article includes the following sections:
+Microsoft 365 Business Premium is a comprehensive cloud productivity and security solution that was designed and built for small and medium-sized businesses (1-300 employees). With Microsoft 365 Business Premium, you can:
+
+- Enable your employees to be connected and productive, whether they're working on site or remotely, with best-in-class collaboration tools like Microsoft Teams.
+- Provide your employees with secure access to their business data and apps, and help ensure that only authorized personnel can access confidential work data.
+- Defend against sophisticated cyberthreats and safeguard your business data with protection against phishing, ransomware, and data loss.
+- Manage and secure the devices (Windows, Mac, iOS, and Android) that connect to your data, and help keep those devices up to date.
+
+Microsoft 365 Business Premium offers you one comprehensive solution for productivity and security. As an admin or IT Pro, you have everything you need in one place for administration, billing, and 24x7 support, while reducing cost and complexity for your business. This article describes how Microsoft 365 Business Premium can help your business or campaign, and includes the following sections:
- [Video: Top 5 benefits of Microsoft 365 Business Premium](#video-top-5-benefits-of-microsoft-365-business-premium)-- [Productivity and advanced security capabilities](#productivity-and-security) that enable you to run your business more securely, across devices, and from just about anywhere
+- [Productivity and advanced security capabilities](#productivity-and-security) that enable you to run your business more securely, across devices, and from almost anywhere
- [Resources to train your team and all staff](#resources-to-train-your-users) on how to work productively while maintaining a more secure environment - A [downloadable digital threats guide](#download-the-digital-threats-guide) that describes different kinds of threats and how to protect against them in your day-to-day work - [Next steps](#next-steps)
Watch the following video to see how Microsoft 365 Business Premium helps your b
## Productivity and security
-Microsoft 365 Business Premium includes your favorite Office productivity apps, collaboration tools like Microsoft Teams, and enterprise-grade security, identity, and device management solutions. With Microsoft 365 Business Premium, you can run your business more securely, across devices, and from just about anywhere. Microsoft 365 Business Premium includes:
+Microsoft 365 Business Premium includes your favorite Office productivity apps, collaboration tools like Microsoft Teams, and enterprise-grade security, identity, and device management solutions. With Microsoft 365 Business Premium, you can run your business more securely, across devices, and from almost anywhere. Microsoft 365 Business Premium includes:
- **Windows 10 and 11 Pro** upgrades for your company's Windows devices - **Office apps**, such as Word, Excel, and PowerPoint, that you can install on your computers (Windows and Mac), and on your mobile devices (Windows, iOS, and Android). You also get Publisher and Access for your Windows devices.
business-premium M365bp Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-setup.md
audience: Admin
ms.localizationpriority: high Previously updated : 07/20/2022 Last updated : 08/01/2022 f1.keywords: NOCSH -- SMB - M365-security-compliance
Microsoft 365 Business Premium includes a guided process. The following video sh
> [!TIP] > - After you have added users, give them a link to the [Employee quick setup guide](../admin/setup/employee-quick-setup.md). The guide walks them through signing in, getting Office apps, and saving, copying, and sharing files.
-> - Proceed to [Bump up security](m365bp-security-overview.md).
+> - Make sure to proceed to [Bump up security](m365bp-security-overview.md).
## Work with a Microsoft partner If you'd prefer to have a Microsoft partner help you get and set up Microsoft 365, follow these steps:
-1. Go to the [Browse Partners](https://appsource.microsoft.com/marketplace/partner-dir).
+1. Go to the [Browse Partners](https://appsource.microsoft.com/marketplace/partner-dir) page.
2. In the **Filters** pane, specify search criteria, such as:
If you'd prefer to have a Microsoft partner help you get and set up Microsoft 36
### Next objective
-Once you've achieved these objectives, go [increase security protections](m365bp-security-overview.md).
+Once you've achieved these objectives, proceed to [Bump up security](m365bp-security-overview.md).
commerce Future Start Date https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/future-start-date.md
description: "Learn what it means when your invoice has a subscription with a future start date." - commerce_billing
+- empty
Last updated 04/08/2022 # Understand invoicing for future start dates
-Sales proposals might include subscriptions that start on a future date. A future start date aligns the start date of a new subscription with the end date of a previous subscription. If your proposal contains subscriptions that start on a future date, you receive an invoice for those subscriptions only when the future start date arrives. Using a future start date ensures that you arenΓÇÖt billed for items that you don't own yet. New subscriptions start on the future start date specified in the proposal. On the start date of the new subscription, we send you an email to let you know that your new subscription is now active and your billing for this subscription will begin immediately. Your next invoice reflects the new charges plus applicable taxes for the new subscription.
+Sales proposals might include subscriptions that start on a future date. A future start date aligns the start date of a new subscription with the end date of a previous subscription. If your proposal contains subscriptions that start on a future date, you receive an invoice for those subscriptions only when the future start date arrives. Using a future start date ensures that you aren't billed for items that you don't own yet. New subscriptions start on the future start date specified in the proposal. On the start date of the new subscription, we send you an email to let you know that your new subscription is now active and your billing for this subscription will begin immediately. Your next invoice reflects the new charges plus applicable taxes for the new subscription.
commerce Pay For Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription.md
search.appverid: MET150
description: "Use a credit or debit card or bank account to pay for your Microsoft 365 for business subscription, or in some cases, you can pay by invoice." - commerce_billing
+- VSBFY23
- okr_SMB - fwlink 808700 for SEPA UI glink 906 for older uI - AdminSurgePortfolio
Last updated 05/26/2022
# How to pay for your subscription > [!IMPORTANT]
-> As of January 26, 2021, new bank accounts are no longer supported for customers in Belgium, France, Italy, Luxembourg, Portugal, Spain, and the United States. If youΓÇÖre an existing customer in one of those countries, you can continue paying for your subscription with an existing bank account that is in good standing. However, you can't add new subscriptions to the bank account.
+> As of January 26, 2021, new bank accounts are no longer supported for customers in Belgium, France, Italy, Luxembourg, Portugal, Spain, and the United States. If you're an existing customer in one of those countries, you can continue paying for your subscription with an existing bank account that is in good standing. However, you can't add new subscriptions to the bank account.
-You can use a credit or debit card, or bank account to pay for your subscription. In some cases, you can pay by invoice, using check or electronic funds transfer (EFT). If you have a billing profile, your options are slightly different. For more information, see [How to pay for your subscription with a billing profile](pay-for-subscription-billing-profile.md). If youΓÇÖre not sure if your account has a billing profile, see [Understand billing profiles](manage-billing-profiles.md).
+You can use a credit or debit card, or bank account to pay for your subscription. In some cases, you can pay by invoice, using check or electronic funds transfer (EFT). If you have a billing profile, your options are slightly different. For more information, see [How to pay for your subscription with a billing profile](pay-for-subscription-billing-profile.md). If you're not sure if your account has a billing profile, see [Understand billing profiles](manage-billing-profiles.md).
**Just want to find out where to send your invoice payment?** If you pay your invoice by check or electronic funds transfer (EFT), see [Where do I send my check or EFT payment?](#where-do-i-send-my-check-or-eft-payment)
In some cases, you can pay for your subscription by invoice with a check or EFT.
- Have a subscription cost that exceeds a certain amount (this amount varies by service location) - Pass a credit check
-If a credit check is required, youΓÇÖre notified when you buy your subscription. If you agree to be contacted, you get an email that includes more information about applying for credit approval. Credit checks are usually completed within two business days.
+If a credit check is required, you're notified when you buy your subscription. If you agree to be contacted, you get an email that includes more information about applying for credit approval. Credit checks are usually completed within two business days.
> [!NOTE] > Customers who live in Brazil can pay for a subscription with a Boleto Bancario. If you have selected this option, the billet for payment is sent to the email provided during subscription purchase within 10 working days after the order date. The due date is 30 days after the order date. If you don't receive your Boleto by email, check your spam folder or contact support. > > If you prefer, you can pay by electronic transfer between accounts. The Agency and account number are at the bottom of your invoice. You must enter your invoice number in the Transfer identification field.
-If you pay by invoice for your subscription, you get an email when your billing statement is ready to view. This email doesnΓÇÖt contain a copy of your billing statement. However, you can choose to [receive your organization's invoices as email attachments](manage-billing-notifications.md#receive-your-organizations-invoices-as-email-attachments). Your billing statement includes details about your options for making a payment, and where to send it. If you enter a purchase order (PO) number when you buy a subscription, the number appears on your billing statement. For information about accessing billing statements, see [View your bill or invoice](view-your-bill-or-invoice.md).
+If you pay by invoice for your subscription, you get an email when your billing statement is ready to view. This email doesn't contain a copy of your billing statement. However, you can choose to [receive your organization's invoices as email attachments](manage-billing-notifications.md#receive-your-organizations-invoices-as-email-attachments). Your billing statement includes details about your options for making a payment, and where to send it. If you enter a purchase order (PO) number when you buy a subscription, the number appears on your billing statement. For information about accessing billing statements, see [View your bill or invoice](view-your-bill-or-invoice.md).
## What if I have an outstanding balance?
-If weΓÇÖre unable to charge the payment method on file, we send an email that lets you know thereΓÇÖs a problem. The email briefly states what the problem is and includes a link where you can check the outstanding balance. We continue to retry the transaction every few days for 30 days, during which time the subscription is in a grace period. Every time a transaction fails, you receive an email alert about the failure.
+If we're unable to charge the payment method on file, we send an email that lets you know there's a problem. The email briefly states what the problem is and includes a link where you can check the outstanding balance. We continue to retry the transaction every few days for 30 days, during which time the subscription is in a grace period. Every time a transaction fails, you receive an email alert about the failure.
If you personally added the payment method that has a past due amount, you can use **Settle balance** to make a payment. The payment method that you use to pay the overdue amount becomes the new payment method for all subscriptions that used the declined payment method.
If you personally added the payment method that has a past due amount, you can u
1. In the right pane, choose a different payment method, or select **Add a new payment method**. 1. After you've updated the payment method information, select **Save**.
-If you didnΓÇÖt add the payment method used to pay for the subscription, you must replace the payment method with one you previously added, or with a new one.
+If you didn't add the payment method used to pay for the subscription, you must replace the payment method with one you previously added, or with a new one.
## Where do I send my check or EFT payment?
If you didnΓÇÖt add the payment method used to pay for the subscription, you mus
## Can I pay my invoice online?
-You canΓÇÖt pay your invoice online. You must remit payment via either check or EFT.
+You can't pay your invoice online. You must remit payment via either check or EFT.
## Can I change from my current payment method to paying by invoice?
You can only change to paying by invoice if your subscription costs above a cert
## Can I change from paying by invoice to using a different payment method?
-You canΓÇÖt automatically change from paying by invoice to paying with a different payment method. Instead, you must [buy a different subscription](../try-or-buy-microsoft-365.md#buy-a-different-subscription) paid for with a credit or debit card or bank account, [move all users to the new subscription](../subscriptions/move-users-different-subscription.md), and then [cancel the old subscription](../subscriptions/cancel-your-subscription.md).
+You can't automatically change from paying by invoice to paying with a different payment method. Instead, you must [buy a different subscription](../try-or-buy-microsoft-365.md#buy-a-different-subscription) paid for with a credit or debit card or bank account, [move all users to the new subscription](../subscriptions/move-users-different-subscription.md), and then [cancel the old subscription](../subscriptions/cancel-your-subscription.md).
## Related content
commerce Understand Your Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice.md
- Adm_O365 - commerce_billing
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet search.appverid: MET150
commerce Understand Your Invoice2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice2.md
- Adm_O365 - commerce_billing
+- VSBFY23
- TopSMBIssues - okr_smb - AdminSurgePortfolio
To update the **Sold-To** address, see [Change your organization's address, tech
#### Order Details
-On page one of your invoice, the **Product** is "Online Services,ΓÇ¥ the generic term we use to describe your subscription. Page two lists the individual products in your order.
+On page one of your invoice, the **Product** is "Online Services," the generic term we use to describe your subscription. Page two lists the individual products in your order.
-**Customer PO Number** is the purchase order (PO) number that you specify. You can't add a PO number to an existing invoice. If you update the PO number, itΓÇÖs included in future invoices. To change the PO number, see [Change your purchase order number](#change-your-purchase-order-number).
+**Customer PO Number** is the purchase order (PO) number that you specify. You can't add a PO number to an existing invoice. If you update the PO number, it's included in future invoices. To change the PO number, see [Change your purchase order number](#change-your-purchase-order-number).
**Order Number** is the globally unique identifier (GUID) that identifies your order. Every time you buy a new subscription, a new order with a new order number is created. You receive an invoice for each order every billing period.
If you pay by credit card, you see "Please DO NOT PAY. You will be charged the a
### Electronic Fund Transfer (EFT) and check
-If you chose ΓÇ£invoiceΓÇ¥ as your subscription payment method, page one contains the **Electronic Funds Transfer** section that shows the Microsoft bank account information for electronic payments (wire, ACH, SEPA, and so on). Usually, your bank has a reference field you complete when you send a payment. Make sure you reference the invoice number in that field.
+If you chose "invoice" as your subscription payment method, page one contains the **Electronic Funds Transfer** section that shows the Microsoft bank account information for electronic payments (wire, ACH, SEPA, and so on). Usually, your bank has a reference field you complete when you send a payment. Make sure you reference the invoice number in that field.
If we accept payments by check for your country or region, you also see a **Check** section that contains the payee name and mailing address. Make sure you reference your invoice number on the check.
commerce View Your Bill Or Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md
- Adm_O365 - commerce_billing
+- VSBFY23
- TopSMBIssues - okr_smb - TRN_M365B
commerce Enter Your Product Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/enter-your-product-key.md
search.appverid: MET150
- commerce_purchase
+- VSBFY23
- okr_SMB - AdminSurgePortfolio - AdminTemplateSet
commerce Allotment Basics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/allotment-basics.md
- Adm_O365 - commerce_licensing
+- empty
search.appverid: MET150 description: "Learn about the new allotments feature." Last updated 05/12/2022
commerce Review Partner Admin Privileges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/review-partner-admin-privileges.md
- Adm_O365 - commerce_subscriptions
+- empty
search.appverid: MET150 description: "Learn how to review your list of Microsoft-certified solution providers (partners) to determine what admin privileges they have, and how to remove those privileges." Last updated 12/03/2021
Last updated 12/03/2021
# Review Microsoft-certified cloud solution provider partner administrative privileges
-If you have a Microsoft-certified cloud solution provider (reseller partner), we recommend you conduct a quarterly review of the delegated administrative privileges (DAP) assigned to them. Make sure your organization wants this partner to have access to your organizationΓÇÖs data and make purchases on your behalf.
+If you have a Microsoft-certified cloud solution provider (reseller partner), we recommend you conduct a quarterly review of the delegated administrative privileges (DAP) assigned to them. Make sure your organization wants this partner to have access to your organization's data and make purchases on your behalf.
> [!IMPORTANT] > Giving DAP, which include Global admin permissions, to any partner might present a security risk. Having too many Global admins is also a security risk. [Learn more about recent activity targeting delegated privileges](https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/).
-After you accept a DAP agreement from a reseller partner, they can assign the Global admin role for your organization to their employees. The Global admin role gives the partnerΓÇÖs employees access to your employeesΓÇÖ personal data and other sensitive information. It also gives them permission to take tenant-wide actions, such as the following actions:
+After you accept a DAP agreement from a reseller partner, they can assign the Global admin role for your organization to their employees. The Global admin role gives the partner's employees access to your employees' personal data and other sensitive information. It also gives them permission to take tenant-wide actions, such as the following actions:
- Changing user passwords - Adding users with email accounts
commerce Cancel Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/cancel-your-subscription.md
- Adm_O365 - commerce_subscriptions
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet - admindeeplinkMAC
The steps to cancel your trial or paid subscription depend on the number of lice
|25 or fewer licenses | [Use the steps below to cancel](#steps-to-cancel-your-subscription) your trial or paid subscription online in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. | |More than 25 licenses | Reduce the number of licenses to 25 or fewer and then [use the steps below to cancel](#steps-to-cancel-your-subscription). |
-If you canΓÇÖt reduce the number of licenses, [turn off recurring billing](renew-your-subscription.md). This prevents you from being charged again for your subscription, and lets you keep your access to your products and services for the remainder of your subscription.
+If you can't reduce the number of licenses, [turn off recurring billing](renew-your-subscription.md). This prevents you from being charged again for your subscription, and lets you keep your access to your products and services for the remainder of your subscription.
If you're unable to cancel your subscription, [contact support](../../admin/get-help-support.md) for help. ## Steps to cancel your subscription > [!NOTE]
-> If you have multiple subscriptions to the same product, such as Microsoft 365 Business Premium, canceling one subscription wonΓÇÖt impact the purchased licenses or services inside the others.
+> If you have multiple subscriptions to the same product, such as Microsoft 365 Business Premium, canceling one subscription won't impact the purchased licenses or services inside the others.
::: moniker range="o365-worldwide"
commerce Manage Pay As You Go Services https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-pay-as-you-go-services.md
audience: Admin
-localization_priority: Normal
+ms.localizationpriority: medium
- M365-subscription-management - Adm_O365
Last updated 07/15/2022
# Enable pay-as-you-go for your subscription
-By default, when you buy a subscription that has a calling plan, youΓÇÖre limited to the number of minutes included in the plan. After those minutes are used up, your users canΓÇÖt make Teams calls until the next billing period. If you choose to turn on the pay-as-you-go option, your users can continue to make calls over the number of minutes included in the plan, referred to as *overage*. Your next invoice shows overage charges for extra calls at the pay-as-you-go rate.
+By default, when you buy a subscription that has a calling plan, you're limited to the number of minutes included in the plan. After those minutes are used up, your users can't make Teams calls until the next billing period. If you choose to turn on the pay-as-you-go option, your users can continue to make calls over the number of minutes included in the plan, referred to as *overage*. Your next invoice shows overage charges for extra calls at the pay-as-you-go rate.
## Before you begin
commerce Renew Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/renew-your-subscription.md
- Adm_O365 - commerce_subscriptions
+- VSBFY23
- SaRA - AdminSurgePortfolio - AdminTemplateSet
Last updated 05/04/2021
# Renew Microsoft 365 for business > [!IMPORTANT]
-> As of January 26, 2021, new bank accounts are no longer supported for customers in Belgium, France, Italy, Luxembourg, Portugal, Spain, and the United States. If youΓÇÖre an existing customer in one of those countries, you can continue paying for your subscription with an existing bank account, and you can add new subscriptions to it, but only as long as the bank account is in good standing.
+> As of January 26, 2021, new bank accounts are no longer supported for customers in Belgium, France, Italy, Luxembourg, Portugal, Spain, and the United States. If you're an existing customer in one of those countries, you can continue paying for your subscription with an existing bank account, and you can add new subscriptions to it, but only as long as the bank account is in good standing.
This article applies to most paid Microsoft 365 for business subscriptions.
commerce Upgrade From Teams Free https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/upgrade-from-teams-free.md
- Adm_O365 - commerce_subscriptions
+- empty
search.appverid: MET150 description: "Learn how to upgrade from Microsoft Teams Free to a new Microsoft 365 for business subscription."
commerce Try Or Buy Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/try-or-buy-microsoft-365.md
- Adm_TOC - commerce_purchase
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet - admindeeplinkMAC
commerce Use Cost Mgmt https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/use-cost-mgmt.md
Title: "Use Cost management in the Microsoft 365 admin center"
-+ audience: Admin
Last updated 03/09/2022
# Use Cost management in the Microsoft 365 admin center
-If youΓÇÖre a Global or Billing admin with a Microsoft Customer Agreement (MCA), you can use the **Cost management** page in the Microsoft 365 admin center to view, analyze, and manage your service costs. To get to the **Cost management** page, in the admin center left navigation pane, select **Billing** > **Cost management**.
+If you're a Global or Billing admin with a Microsoft Customer Agreement (MCA), you can use the **Cost management** page in the Microsoft 365 admin center to view, analyze, and manage your service costs. To get to the **Cost management** page, in the admin center left navigation pane, select **Billing** > **Cost management**.
## Before you begin
You must be a Global or Billing admin to do the steps described in this article.
## What is cost management?
-Cost management is a methodology used to plan and control an organizationΓÇÖs budget. Microsoft is introducing new products and services that use a pay-as-you-go billing model, where you only pay for what you use. In the Microsoft 365 admin center, the cost management features help reduce the cost and overhead needed to manage your organizationΓÇÖs assets and also keep track of your variable pay-as-you-go charges. You can also:
+Cost management is a methodology used to plan and control an organization's budget. Microsoft is introducing new products and services that use a pay-as-you-go billing model, where you only pay for what you use. In the Microsoft 365 admin center, the cost management features help reduce the cost and overhead needed to manage your organization's assets and also keep track of your variable pay-as-you-go charges. You can also:
- Download cost and usage data used to generate your monthly invoice - Proactively apply data analysis to your costs
Cost management is a methodology used to plan and control an organizationΓÇÖs bu
You can use Microsoft 365 billing features to review your invoiced costs and manage access to billing information. In larger organizations, procurement and finance teams usually conduct billing tasks.
-When you sign up to use Microsoft 365, a billing account is automatically created for you. You use your billing account to manage your invoices and payments, and track costs. ItΓÇÖs possible for you to have multiple billing accounts. For each legal entity or sold-to address for your organization, you receive a separate billing account.
+When you sign up to use Microsoft 365, a billing account is automatically created for you. You use your billing account to manage your invoices and payments, and track costs. It's possible for you to have multiple billing accounts. For each legal entity or sold-to address for your organization, you receive a separate billing account.
## Plan and control costs
-Cost management in the Microsoft 365 admin center helps you plan for and control your organizationΓÇÖs costs by helping you do the following tasks:
+Cost management in the Microsoft 365 admin center helps you plan for and control your organization's costs by helping you do the following tasks:
- **Analyze costs:** Cost management views let you explore and analyze your organizational costs. You can view aggregated costs by organization to understand where costs are accrued and to identify spending trends. You can also see accumulated costs over time to estimate monthly, quarterly, or even yearly cost trends against a budget. - **Create budgets:** Budgets help you plan for and meet financial accountability in your organization. They help prevent cost thresholds or limits from being surpassed. Budgets can also help you inform others about their spending to proactively manage costs. And with budgets, you can see how spending in your organization progresses over time. ## View costs
-The **Cost management** page in the admin center has a **Services** tab where you can see the breakdown of the different products and services youΓÇÖre using today.
+The **Cost management** page in the admin center has a **Services** tab where you can see the breakdown of the different products and services you're using today.
:::image type="content" source="../media/mac-billing-costmgmt/MAC-Billing-CostMgmt.png" alt-text="The Cost management page in the Microsoft 365 admin center.":::
Select **Download** to download your daily cost data into a CSV or Excel file. Y
## Create budgets
-Budgets let you monitor your charges and ensure youΓÇÖre aware when you go over specified thresholds. You can create a quick budget where you set a threshold amount that you want to stay under each month. The quick budget sends you a notification when your costs exceed this threshold. Notifications are only sent to the admin who created the budget.
+Budgets let you monitor your charges and ensure you're aware when you go over specified thresholds. You can create a quick budget where you set a threshold amount that you want to stay under each month. The quick budget sends you a notification when your costs exceed this threshold. Notifications are only sent to the admin who created the budget.
:::image type="content" source="../media/mac-billing-costmgmt/MAC-Billing-CostMgmt-CreateBudget.png" alt-text="The Create budget window in the Microsoft 365 admin center.":::
compliance Alert Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/alert-policies.md
The table also indicates the Office 365 Enterprise and Office 365 US Government
|**Unusual volume of file deletion**|Generates an alert when an unusually large number of files are deleted in SharePoint or OneDrive within a short time frame. This policy has a **Medium** severity setting.|Data lifecycle management|No|E5/G5, Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription| |**Unusual increase in email reported as phish**|Generates an alert when there's a significant increase in the number of people in your organization using the Report Message add-in in Outlook to report messages as phishing mail. This policy has a **Medium** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2).|Threat management|No|E5/G5 or Defender for Office 365 P2 add-on subscription| |**User impersonation phish delivered to inbox/folder**<sup>1,</sup><sup>2</sup>|Generates an alert when Microsoft detects that an admin or user override has allowed the delivery of a user impersonation phishing message to the inbox (or other user-accessible folder) of a mailbox. Examples of overrides include an inbox or mail flow rule that allows messages from a specific sender or domain, or an anti-spam policy that allows messages from specific senders or domains. This policy has a **Medium** severity setting.|Threat management|No|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**User requested to release a quarantined message**|Generates an alert when a user requests release for a quarantined message. To request the release of quarantined messages, the **Allow recipients to request a message to be released from quarantine** (_PermissionToRequestRelease_) permission is required in the quarantine policy (for example, from the **Limited access** preset permissions group). For more information, see [Allow recipients to request a message to be released from quarantine permission](../security/office-365-security/quarantine-policies.md#allow-recipients-to-request-a-message-to-be-released-from-quarantine-permission). This policy has an **Informational** severity setting.|Threat management|No|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**User requested to release a quarantined message**|Generates an alert when a user requests release for a quarantined message. To request the release of quarantined messages, the **Allow recipients to request a message to be released from quarantine** (_PermissionToRequestRelease_) permission is required in the quarantine policy (for example, from the **Limited access** preset permissions group). For more information, see [Allow recipients to request a message to be released from quarantine permission](../security/office-365-security/quarantine-policies.md#allow-recipients-to-request-a-message-to-be-released-from-quarantine-permission). This policy has an **Informational** severity setting.|Threat management|No| Microsoft Business Basic, Microsoft Business Standard, Microsoft Business Premium, E1/F1/G1, E3/F3/G3, or E5/G5|
|**User restricted from sending email**|Generates an alert when someone in your organization is restricted from sending outbound mail. This typically results when an account is compromised, and the user is listed on the **Restricted Users** page in the compliance portal. (To access this page, go to **Threat management > Review > Restricted Users**). This policy has a **High** severity setting. For more information about restricted users, see [Removing a user, domain, or IP address from a block list after sending spam email](/office365/securitycompliance/removing-user-from-restricted-users-portal-after-spam).|Threat management|Yes|E1/F1/G1, E3/F3/G3, or E5/G5| |**User restricted from sharing forms and collecting responses**|Generates an alert when someone in your organization has been restricted from sharing forms and collecting responses using Microsoft Forms due to detected repeated phishing attempt behavior. This policy has a **High** severity setting.|Threat management|No|E1, E3/F3, or E5|
compliance Apply Sensitivity Label Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
For more information about the PowerShell cmdlets that support auto-labeling pol
Although auto-labeling is one of the most efficient ways to classify, label, and protect Office files that your organization owns, check whether you can supplement it with any of the following methods to increase your labeling reach: -- With SharePoint Syntex, you can [apply a sensitivity label to a document understanding model](/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model), so that identified documents in a SharePoint library are automatically labeled.
+- For SharePoint document libraries, you can apply a default sensitivity label for new and edited files. For more information, see [Configure a default sensitivity label for a SharePoint document library](sensitivity-labels-sharepoint-default-label.md).
+
+- With SharePoint Syntex, you can [apply a sensitivity label to a document understanding model](/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model), so that identified documents in a SharePoint document library are automatically labeled.
- When you use the [Azure Information Protection unified labeling client](/azure/information-protection/rms-client/aip-clientv2):
compliance Archiving Third Party Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archiving-third-party-data.md
The Microsoft Purview compliance portal provides native third-party data connect
- [CellTrust](#celltrust-data-connectors)
-The third-party data listed in the next sections (except for HR data and physical badging data that is used for the Microsoft 365 Insider risk management solution) is imported into user mailboxes. The Microsoft Purview solutions that support third-party data are applied to the user mailbox where the data is stored.
+The third-party data listed in the next sections (except for HR data and physical badging data that is used for the Microsoft Purview Insider Risk Management solution) is imported into user mailboxes. The Microsoft Purview solutions that support third-party data are applied to the user mailbox where the data is stored.
### Microsoft data connectors
compliance Bulk Import External Contacts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/bulk-import-external-contacts.md
After you run the command in Step 2, the external contacts are created, but they
2. Go to the desktop folder where you saved the CSV file in Step 1; for example, `C:\Users\Administrator\desktop`.
-3. Run the following two commands to add the other properties from the CSV file to the external contacts that you created in Step 2.
+3. Run the following command to add the other properties from the CSV file to the external contacts that you created in Step 2.
```powershell
- $Contacts = Import-CSV .\ExternalContacts.csv
-
- ```
-
- ```powershell
- $contacts | ForEach {Set-Contact $_.Name -StreetAddress $_.StreetAddress -City $_.City -StateorProvince $_.StateorProvince -PostalCode $_.PostalCode -Phone $_.Phone -MobilePhone $_.MobilePhone -Pager $_.Pager -HomePhone $_.HomePhone -Company $_.Company -Title $_.Title -OtherTelephone $_.OtherTelephone -Department $_.Department -Fax $_.Fax -Initials $_.Initials -Notes $_.Notes -Office $_.Office -Manager $_.Manager}
+ Import-Csv .\ExternalContacts.csv|%{Set-Contact -Identity $_.Name -StreetAddress $_.StreetAddress -City $_.City -StateorProvince $_.StateorProvince -PostalCode $_.PostalCode -Phone $_.Phone -MobilePhone $_.MobilePhone -Pager $_.Pager -HomePhone $_.HomePhone -Company $_.Company -Title $_.Title -OtherTelephone $_.OtherTelephone -Department $_.Department -Fax $_.Fax -Initials $_.Initials -Notes $_.Notes -Office $_.Office -Manager $_.Manager}
``` > [!NOTE]
Some companies may use external contacts only so they can be added as members of
Get-Contact -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'MailContact')} | Set-MailContact -HiddenFromAddressListsEnabled $true ```
-After you hide them, external contacts aren't displayed in the shared address book, but you can still add them as members of a distribution group.
+After you hide them, external contacts aren't displayed in the shared address book, but you can still add them as members of a distribution group.
compliance Compliance Extensibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-extensibility.md
There are two key building blocks for compliance extensibility:
Microsoft provides third-party data connectors that can be configured in the Microsoft Purview compliance portal. For a list of data connectors provided by Microsoft, see the [Third-party data connectors](archiving-third-party-data.md#third-party-data-connectors) table. The table of third-party data connectors also summarizes the compliance solutions that you can apply to third-party data after you import and archive data in Microsoft 365, and links to the step-by-step instructions for each connector.
-To learn more about Microsoft 365 data connectors, see [Archiving third-party data](archiving-third-party-data.md). If a third-party data type isn't supported by the data connectors available in the compliance portal, you can work with a partner who can provide you with a custom connector. For a list of partners you can work with and the step-by-step process for this method, see [Work with a partner to archive third-party data](work-with-partner-to-archive-third-party-data.md).
+To learn more about Microsoft Purview Data Connectors, see [Archiving third-party data](archiving-third-party-data.md). If a third-party data type isn't supported by the data connectors available in the compliance portal, you can work with a partner who can provide you with a custom connector. For a list of partners you can work with and the step-by-step process for this method, see [Work with a partner to archive third-party data](work-with-partner-to-archive-third-party-data.md).
### Prerequisites for data connectors
Now rolling out, the first release of Graph APIs for records management support
For more information about the Graph APIs for records management, see [Use the Microsoft Graph Records Management API](/graph/api/resources/security-recordsmanagement-overview?view=graph-rest-beta&preserve-view=true).
-For licensing requirements to use these APIs, see the records management section from [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
+For licensing requirements to use these APIs, see the records management information from the Microsoft 365 guidance for security & compliance, [Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management--microsoft-purview-records-management) section.
compliance Compliance Quick Tasks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-quick-tasks.md
It's important to manage who in your organization has access to the Microsoft Pu
Start by assigning compliance permissions to the people in your organization so that they can perform these tasks and to prevent unauthorized people from having access to areas outside of their responsibilities. You'll want to make sure that you've assigned the proper people to the **Compliance data administrator** and the **Compliance administrator** admin roles before you start to configure and implement compliance solutions included with Microsoft 365. You'll also need to assign users to the Azure Active Directory global reader role to view data in Compliance Manager.
-For step-by-step guidance to configure permissions and assign people to admin roles, see [Permissions in the Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center).
+For step-by-step guidance to configure permissions and assign people to admin roles, see [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions).
## Task 2: Know your state of compliance
compliance Create A Report On Holds In Ediscovery Cases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-report-on-holds-in-ediscovery-cases.md
After you've connected to Security & Compliance PowerShell, the next step is to
} } else{
- write-host "No hold policies found in case:" $cc.name -foregroundColor 'Yellow'
+ "No hold policies found in case:" $cc.name -foregroundColor 'Yellow'
" " [string]$cc.name | out-file -filepath $noholdsfilepath -append }
compliance Create Retention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-policies.md
When you have more than one retention policy, and when you also use retention la
### Retention policy for Teams locations > [!NOTE]
-> Retention policies now support [shared channels](/MicrosoftTeams/shared-channels), currently in preview. When you configure retention settings for the **Teams channel message** location, if a team has any shared channels, they inherit retention settings from their parent team.
+> Retention policies support [shared channels](/MicrosoftTeams/shared-channels). When you configure retention settings for the **Teams channel message** location, if a team has any shared channels, they inherit retention settings from their parent team.
1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Data lifecycle management** > **Retention Policies**.
compliance Create Test Tune Dlp Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-test-tune-dlp-policy.md
Another option is to increase the instance count, so that a low volume of driver
In addition to changing the instance count, you can also adjust the match accuracy (or confidence level). If your sensitive information type has multiple patterns, you can adjust the match accuracy in your rule, so that your rule matches only specific patterns. For example, to help reduce false positives, you can set the match accuracy of your rule so that it matches only the pattern with the highest confidence level. For more information on confidence levels, see [How to use confidence level to tune your rules](data-loss-prevention-policies.md#match-accuracy).
-Finally, if you want to get even a bit more advanced, you can customize any sensitive information type -- for example, you can remove "Sydney NSW" from the list of keywords for [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number), to eliminate the false positive triggered above. To learn how to do this by using XML and PowerShell, see [customizing a built-in sensitive information type](customize-a-built-in-sensitive-information-type.md).
+Finally, if you want to get even a bit more advanced, you can customize any sensitive information type -- for example, you can remove "Sydney NSW" from the list of keywords for [Australia drivers license number](sit-defn-australia-drivers-license-number.md), to eliminate the false positive triggered above. To learn how to do this by using XML and PowerShell, see [customizing a built-in sensitive information type](customize-a-built-in-sensitive-information-type.md).
## Turn on a DLP policy
compliance Data Governance Solution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-governance-solution.md
For a data protection solution, see [Deploy an information protection solution w
## Licensing
-To understand your licensing requirements and options, see the following sections from the [Microsoft 365 licensing documentation](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance):
-- [Microsoft Purview Data Lifecycle Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management)-- [Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-records-management)-
-Any additional licensing requirements will be included in the documentation instructions. For example, licensing specific to managing mailboxes might require licenses from Exchange Online.
+To understand your licensing requirements and options, see the information from the Microsoft 365 guidance for security & compliance, [Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management--microsoft-purview-records-management) section for feature-level licensing requirements.
## Keep what you need and delete what you don't
compliance Dlp Policy Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md
This table lists all policy templates and the sensitive information types (SIT)
updated: 06/23/2021
-|Category| Template | SIT |
+|Category|Template | SIT |
||||
-|Financial| Australia Financial Data| - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia bank account number](sensitive-information-type-entity-definitions.md#australia-bank-account-number) </br> - [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
-|Financial| Canada Financial data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number)|
-|Financial| France Financial data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number)|
-|Financial| Germany Financial Data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number)|
-|Financial| Israel Financial Data |- [Israel bank account number](sensitive-information-type-entity-definitions.md#israel-bank-account-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
-|Financial| Japan Financial Data |- [Japan bank account number](sensitive-information-type-entity-definitions.md#japan-bank-account-number) </br> - [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
-|Financial| PCI Data Security Standard (PCI DSS)|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
-|Financial| Saudi Arabia Anti-Cyber Crime Law|- [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [International banking account number (IBAN)](sensitive-information-type-entity-definitions.md#international-banking-account-number-iban) |
-|Financial| Saudi Arabia Financial Data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [International banking account number (IBAN)](sensitive-information-type-entity-definitions.md#international-banking-account-number-iban)|
-|Financial| UK Financial Data|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
-|Financial| US Financial Data|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [ABA Routing Number](sensitive-information-type-entity-definitions.md#aba-routing-number)|
-|Financial| U.S. Federal Trade Commission (FTC) Consumer Rules|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [ABA Routing Number](sensitive-information-type-entity-definitions.md#aba-routing-number)|
-|Financial| U.S. Gramm-Leach-Bliley Act (GLBA) Enhanced|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number) </br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)|
-|Financial| U.S. Gramm-Leach-Bliley Act (GLBA)|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
-|Medical and health| Australia Health Records Act (HRIP Act) Enhanced |- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia medical account number](sensitive-information-type-entity-definitions.md#australia-medical-account-number) </br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions) </br> - [Australia Physical Addresses](sensitive-information-type-entity-definitions.md#australia-physical-addresses)|
-|Medical and health| Australia Health Records Act (HRIP Act)|- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia medical account number](sensitive-information-type-entity-definitions.md#australia-medical-account-number)|
-|Medical and health| Canada Health Information Act (HIA) |- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Medical and health| Canada Personal Health Information Act (PHIA) Manitoba|- [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Medical and health| Canada Personal Health Act (PHIPA) Ontario |- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Medical and health| U.K. Access to Medical Reports Act|- [U.K. national health service number](sensitive-information-type-entity-definitions.md#uk-national-health-service-number) </br> - [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino)|
-|Medical and health| U.S. Health Insurance Act (HIPAA) Enhanced|</br> - [International classification of diseases (ICD-9-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-9-cm) </br> - [International classification of diseases (ICD-10-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-10-cm) </br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions) </br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)|
-|Medical and health| U.S. Health Insurance Act (HIPAA)| - [International classification of diseases (ICD-9-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-9-cm) </br> - [International classification of diseases (ICD-10-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-10-cm)|
-|Privacy| Australia Privacy Act Enhanced|- [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number) </br> - [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number) </br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions) </br> - [Australia Physical Addresses](sensitive-information-type-entity-definitions.md#australia-physical-addresses)|
-|Privacy| Australia Privacy Act|- [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number) </br> - [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number)|
-|Privacy| Australia Personally Identifiable Information (PII) Data|- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number)|
-|Privacy| Canada Personally Identifiable Information (PII) Data|- [Canada driver's license number](sensitive-information-type-entity-definitions.md#canada-drivers-license-number)</br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number) </br> - [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Privacy| Canada Personal Information Protection Act (PIPA)|- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Privacy| Canada Personal Information Protection Act (PIPEDA)|- [Canada driver's license number](sensitive-information-type-entity-definitions.md#canada-drivers-license-number) </br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number) </br> - [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Privacy| France Data Protection Act|- [France national id card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni) </br> - [France social security number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee)|
-|Privacy| France Personally Identifiable Information (PII) Data|- [France social security number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee) </br> - [France driver's license number](sensitive-information-type-entity-definitions.md#france-drivers-license-number) </br> - [France passport number](sensitive-information-type-entity-definitions.md#france-passport-number) </br> - [France national id card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni)|
-|Privacy| General Data Protection Regulation (GDPR) Enhanced|- [Austria Physical Addresses](sensitive-information-type-entity-definitions.md#austria-physical-addresses) </br> - [Belgium Physical Addresses](sensitive-information-type-entity-definitions.md#belgium-physical-addresses)</br> - [Bulgaria Physical Addresses](sensitive-information-type-entity-definitions.md#bulgaria-physical-addresses)</br> - [Croatia Physical Addresses](sensitive-information-type-entity-definitions.md#croatia-physical-addresses)</br> - [Cyprus Physical Addresses](sensitive-information-type-entity-definitions.md#cyprus-physical-addresses)</br> - [Czech Republic Physical Addresses](sensitive-information-type-entity-definitions.md#czech-republic-physical-addresses)</br> - [Denmark Physical Addresses](sensitive-information-type-entity-definitions.md#denmark-physical-addresses)</br> - [Estonia Physical Addresses](sensitive-information-type-entity-definitions.md#estonia-physical-addresses)</br> - [Finland Physical Addresses](sensitive-information-type-entity-definitions.md#finland-physical-addresses)</br> - [France Physical Addresses](sensitive-information-type-entity-definitions.md#france-physical-addresses)</br> - [Germany Physical Addresses](sensitive-information-type-entity-definitions.md#germany-physical-addresses)</br> - [Greece Physical Addresses](sensitive-information-type-entity-definitions.md#greece-physical-addresses)</br> - [Hungary Physical Addresses](sensitive-information-type-entity-definitions.md#hungary-physical-addresses)</br> - [Ireland Physical Addresses](sensitive-information-type-entity-definitions.md#ireland-physical-addresses)</br> - [Italy Physical Addresses](sensitive-information-type-entity-definitions.md#italy-physical-addresses)</br> - [Latvia Physical Addresses](sensitive-information-type-entity-definitions.md#latvia-physical-addresses)</br> - [Lithuania Physical Addresses](sensitive-information-type-entity-definitions.md#lithuania-physical-addresses)</br> - [Luxembourg Physical Addresses](sensitive-information-type-entity-definitions.md#luxemburg-physical-addresses)</br> - [Malta Physical Addresses](sensitive-information-type-entity-definitions.md#malta-physical-addresses)</br> - [Netherlands Physical Addresses](sensitive-information-type-entity-definitions.md#netherlands-physical-addresses)</br> - [Poland Physical Addresses](sensitive-information-type-entity-definitions.md#poland-physical-addresses)</br> - [Portuguese Physical Addresses](sensitive-information-type-entity-definitions.md#portugal-physical-addresses)</br> - [Romania Physical Addresses](sensitive-information-type-entity-definitions.md#romania-physical-addresses)</br> - [Slovakia Physical Addresses](sensitive-information-type-entity-definitions.md#slovakia-physical-addresses)</br> - [Slovenia Physical Addresses](sensitive-information-type-entity-definitions.md#slovenia-physical-addresses)</br> - [Spain Physical Addresses](sensitive-information-type-entity-definitions.md#spain-physical-addresses)</br> - [Sweden Physical Addresses](sensitive-information-type-entity-definitions.md#sweden-physical-addresses)</br> - [Austria Social Security Number](sensitive-information-type-entity-definitions.md#austria-social-security-number)</br> - [France Social Security Number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee)</br> - [Greece Social Security Number (AMKA)](sensitive-information-type-entity-definitions.md#greece-social-security-number-amka)</br> - [Hungarian Social Security Number (TAJ)](sensitive-information-type-entity-definitions.md#hungary-social-security-number-taj)</br> - [Spain Social Security Number (SSN)](sensitive-information-type-entity-definitions.md#spain-social-security-number-ssn)</br> - [Austria Identity Card](sensitive-information-type-entity-definitions.md#austria-identity-card)</br> - [Cyprus Identity Card](sensitive-information-type-entity-definitions.md#cyprus-identity-card)</br> - [Germany Identity Card Number](sensitive-information-type-entity-definitions.md#germany-identity-card-number)</br> - [Malta Identity Card Number](sensitive-information-type-entity-definitions.md#malta-identity-card-number)</br> - [France National ID Card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni)</br> - [Greece National ID Card](sensitive-information-type-entity-definitions.md#greece-national-id-card)</br> - [Finland National ID](sensitive-information-type-entity-definitions.md#finland-national-id)</br> - [Poland National ID (PESEL)](sensitive-information-type-entity-definitions.md#poland-national-id-pesel)</br> - [Sweden National ID](sensitive-information-type-entity-definitions.md#sweden-national-id)</br> - [Croatia Personal Identification (OIB) Number](sensitive-information-type-entity-definitions.md#croatia-personal-identification-oib-number)</br> - [Czech Personal Identity Number](sensitive-information-type-entity-definitions.md#czech-personal-identity-number)</br> - [Denmark Personal Identification Number](sensitive-information-type-entity-definitions.md#denmark-personal-identification-number)</br> - [Estonia Personal Identification Code](sensitive-information-type-entity-definitions.md#estonia-personal-identification-code)</br> - [Hungary Personal Identification Number](sensitive-information-type-entity-definitions.md#hungary-personal-identification-number)</br> - [Luxemburg National Identification Number (Natural persons)](sensitive-information-type-entity-definitions.md#luxemburg-national-identification-number-natural-persons)</br> - [Luxemburg National Identification Number (Non-natural persons)](sensitive-information-type-entity-definitions.md#luxemburg-national-identification-number-non-natural-persons)</br> - [Italy Fiscal Code](sensitive-information-type-entity-definitions.md#italy-fiscal-code)</br> - [Latvia Personal Code](sensitive-information-type-entity-definitions.md#latvia-personal-code)</br> - [Lithuania Personal Code](sensitive-information-type-entity-definitions.md#lithuania-personal-code)</br> - [Romania Personal Numerical Code (CNP)](sensitive-information-type-entity-definitions.md#romania-personal-numeric-code-cnp)</br> - [Netherlands Citizen's Service (BSN) Number](sensitive-information-type-entity-definitions.md#netherlands-citizens-service-bsn-number)</br> - [Ireland Personal Public Service (PPS) Number](sensitive-information-type-entity-definitions.md#ireland-personal-public-service-pps-number)</br> - [Bulgaria Uniform Civil Number](sensitive-information-type-entity-definitions.md#bulgaria-uniform-civil-number)</br> - [Belgium National Number](sensitive-information-type-entity-definitions.md#belgium-national-number)</br> - [Spain DNI](sensitive-information-type-entity-definitions.md#spain-dni)</br> - [Slovenia Unique Master Citizen Number](sensitive-information-type-entity-definitions.md#slovenia-unique-master-citizen-number)</br> - [Slovakia Personal Number](sensitive-information-type-entity-definitions.md#slovakia-personal-number)</br> - [Portugal Citizen Card Number](sensitive-information-type-entity-definitions.md#portugal-citizen-card-number)</br> - [Malta Tax ID Number](sensitive-information-type-entity-definitions.md#malta-tax-identification-number)</br> - [Austria Tax Identification Number](sensitive-information-type-entity-definitions.md#austria-tax-identification-number)</br> - [Cyprus Tax Identification Number](sensitive-information-type-entity-definitions.md#cyprus-tax-identification-number)</br> - [France Tax Identification Number (numéro SPI.)](sensitive-information-type-entity-definitions.md#france-tax-identification-number)</br> - [Germany Tax Identification Number](sensitive-information-type-entity-definitions.md#germany-tax-identification-number)</br> - [Greek Tax identification Number](sensitive-information-type-entity-definitions.md#greece-tax-identification-number)</br> - [Hungary Tax identification Number](sensitive-information-type-entity-definitions.md#hungary-tax-identification-number)</br> - [Netherlands Tax Identification Number](sensitive-information-type-entity-definitions.md#netherlands-tax-identification-number)</br> - [Poland Tax Identification Number](sensitive-information-type-entity-definitions.md#poland-tax-identification-number)</br> - [Portugal Tax Identification Number](sensitive-information-type-entity-definitions.md#portugal-tax-identification-number)</br> - [Slovenia Tax Identification Number](sensitive-information-type-entity-definitions.md#slovenia-tax-identification-number)</br> - [Spain Tax Identification Number](sensitive-information-type-entity-definitions.md#spain-tax-identification-number)</br> - [Sweden Tax Identification Number](sensitive-information-type-entity-definitions.md#sweden-tax-identification-number)</br> - [Austria Driver's License](sensitive-information-type-entity-definitions.md#austria-drivers-license-number)</br> - [Belgium Driver's License Number](sensitive-information-type-entity-definitions.md#belgium-drivers-license-number)</br> - [Bulgaria Driver's License Number](sensitive-information-type-entity-definitions.md#bulgaria-drivers-license-number)</br> - [Croatia Driver's License Number](sensitive-information-type-entity-definitions.md#croatia-drivers-license-number)</br> - [Cyprus Driver's License Number](sensitive-information-type-entity-definitions.md#cyprus-drivers-license-number)</br> - [Czech Driver's License Number](sensitive-information-type-entity-definitions.md#czech-drivers-license-number)</br> - [Denmark Driver's License Number](sensitive-information-type-entity-definitions.md#denmark-drivers-license-number)</br> - [Estonia Driver's License Number](sensitive-information-type-entity-definitions.md#estonia-drivers-license-number)</br> - [Finland Driver's License Number](sensitive-information-type-entity-definitions.md#finland-drivers-license-number)</br> - [France Driver's License Number](sensitive-information-type-entity-definitions.md#france-drivers-license-number)</br> - [German Driver's License Number](sensitive-information-type-entity-definitions.md#germany-drivers-license-number)</br> - [Greece Driver's License Number](sensitive-information-type-entity-definitions.md#greece-drivers-license-number)</br> - [Hungary Driver's License Number](sensitive-information-type-entity-definitions.md#hungary-drivers-license-number)</br> - [Ireland Driver's License Number](sensitive-information-type-entity-definitions.md#ireland-drivers-license-number)</br> - [Italy Driver's License Number](sensitive-information-type-entity-definitions.md#italy-drivers-license-number)</br> - [Latvia Driver's License Number](sensitive-information-type-entity-definitions.md#latvia-drivers-license-number)</br> - [Lithuania Driver's License Number](sensitive-information-type-entity-definitions.md#lithuania-drivers-license-number)</br> - [Luxemburg Driver's License Number](sensitive-information-type-entity-definitions.md#luxemburg-drivers-license-number)</br> - [Malta Driver's License Number](sensitive-information-type-entity-definitions.md#malta-drivers-license-number)</br> - [Netherlands Driver's License Number](sensitive-information-type-entity-definitions.md#netherlands-drivers-license-number)</br> - [Poland Driver's License Number](sensitive-information-type-entity-definitions.md#poland-drivers-license-number)</br> - [Portugal Driver's License Number](sensitive-information-type-entity-definitions.md#portugal-drivers-license-number)</br> - [Romania Driver's License Number](sensitive-information-type-entity-definitions.md#romania-drivers-license-number)</br> - [Slovakia Driver's License Number](sensitive-information-type-entity-definitions.md#slovakia-drivers-license-number)</br> - [Slovenia Driver's License Number](sensitive-information-type-entity-definitions.md#slovenia-drivers-license-number)</br> - [Spain Driver's License Number](sensitive-information-type-entity-definitions.md#spain-drivers-license-number)</br> - [Sweden Driver's License Number](sensitive-information-type-entity-definitions.md#sweden-drivers-license-number)</br> - [Austria Passport Number](sensitive-information-type-entity-definitions.md#austria-passport-number)</br> - [Belgium Passport Number](sensitive-information-type-entity-definitions.md#belgium-passport-number)</br> - [Bulgaria Passport Number](sensitive-information-type-entity-definitions.md#bulgaria-passport-number)</br> - [Croatia Passport Number](sensitive-information-type-entity-definitions.md#croatia-passport-number)</br> - [Cyprus Passport Number](sensitive-information-type-entity-definitions.md#cyprus-passport-number)</br> - [Czech Republic Passport Number](sensitive-information-type-entity-definitions.md#czech-passport-number)</br> - [Denmark Passport Number](sensitive-information-type-entity-definitions.md#denmark-passport-number)</br> - [Estonia Passport Number](sensitive-information-type-entity-definitions.md#estonia-passport-number)</br> - [Finland Passport Number](sensitive-information-type-entity-definitions.md#finland-passport-number)</br> - [France Passport Number](sensitive-information-type-entity-definitions.md#france-passport-number)</br> - [German Passport Number](sensitive-information-type-entity-definitions.md#germany-passport-number)</br> - [Greece Passport Number](sensitive-information-type-entity-definitions.md#greece-passport-number)</br> - [Hungary Passport Number](sensitive-information-type-entity-definitions.md#hungary-passport-number)</br> - [Ireland Passport Number](sensitive-information-type-entity-definitions.md#ireland-passport-number)</br> - [Italy Passport Number](sensitive-information-type-entity-definitions.md#italy-passport-number)</br> - [Latvia Passport Number](sensitive-information-type-entity-definitions.md#latvia-passport-number)</br> - [Lithuania Passport Number](sensitive-information-type-entity-definitions.md#lithuania-passport-number)</br> - [Luxemburg Passport Number](sensitive-information-type-entity-definitions.md#luxemburg-passport-number)</br> - [Malta Passport Number](sensitive-information-type-entity-definitions.md#malta-passport-number)</br> - [Netherlands Passport Number](sensitive-information-type-entity-definitions.md#netherlands-passport-number)</br> - [Poland Passport](sensitive-information-type-entity-definitions.md#poland-passport-number)</br> - [Portugal Passport Number](sensitive-information-type-entity-definitions.md#portugal-passport-number)</br> - [Romania Passport Number](sensitive-information-type-entity-definitions.md#romania-passport-number)</br> - [Slovakia Passport Number](sensitive-information-type-entity-definitions.md#slovakia-passport-number)</br> - [Slovenia Passport Number](sensitive-information-type-entity-definitions.md#slovenia-passport-number)</br> - [Spain Passport Number](sensitive-information-type-entity-definitions.md#spain-passport-number)</br> - [Sweden Passport Number](sensitive-information-type-entity-definitions.md#sweden-passport-number)</br> - [EU Debit Card Number](sensitive-information-type-entity-definitions.md#eu-debit-card-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)|
-|Privacy| General Data Protection Regulation (GDPR)|- [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number) </br> - [EU driver's license number](sensitive-information-type-entity-definitions.md#eu-drivers-license-number) </br> - [EU national identification number](sensitive-information-type-entity-definitions.md#eu-national-identification-number)</br> - [EU passport number](sensitive-information-type-entity-definitions.md#eu-passport-number) </br> - [EU social security number or equivalent identification](sensitive-information-type-entity-definitions.md#eu-social-security-number-or-equivalent-identification)</br> - [EU Tax identification number](sensitive-information-type-entity-definitions.md#eu-tax-identification-number)|
-|Privacy| Germany Personally Identifiable Information (PII) Data|- [Germany driver's license number](sensitive-information-type-entity-definitions.md#germany-drivers-license-number) </br> - [Germany passport number](sensitive-information-type-entity-definitions.md#germany-passport-number)|
-|Privacy| Israel Personally Identifiable Information (PII) Data|- [Israel national identification number](sensitive-information-type-entity-definitions.md#israel-national-identification-number)|
-|Privacy| Israel Protection of Privacy|- [Israel national identification number](sensitive-information-type-entity-definitions.md#israel-national-identification-number)</br> - [Israel bank account number](sensitive-information-type-entity-definitions.md#israel-bank-account-number)|
-|Privacy| Japan Personally Identifiable Information (PII) Data enhanced|- [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)</br> - [Japan My Number - Personal](sensitive-information-type-entity-definitions.md#japan-my-numberpersonal)</br> - [Japan passport number](sensitive-information-type-entity-definitions.md#japan-passport-number)</br> - [Japan driver's license number](sensitive-information-type-entity-definitions.md#japan-drivers-license-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [Japan Physical Addresses](sensitive-information-type-entity-definitions.md#all-physical-addresses)|
-|Privacy| Japan Personally Identifiable Information (PII) Data|- [Japan resident registration number](sensitive-information-type-entity-definitions.md#japan-resident-registration-number) </br> - [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)|
-|Privacy| Japan Protection of Personal Information Enhanced|- [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin) </br> - [Japan My Number - Personal](sensitive-information-type-entity-definitions.md#japan-my-numberpersonal)</br> - [Japan passport number](sensitive-information-type-entity-definitions.md#japan-passport-number) </br> - [Japan driver's license number](sensitive-information-type-entity-definitions.md#japan-drivers-license-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [Japan Physical Addresses](sensitive-information-type-entity-definitions.md#all-physical-addresses)|
-|Privacy| Japan Protection of Personal Information|- [Japan resident registration number](sensitive-information-type-entity-definitions.md#japan-resident-registration-number)</br> - [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)|
-|Privacy| Saudi Arabia Personally Identifiable (PII) Data|- [Saudi Arabia National ID](sensitive-information-type-entity-definitions.md#saudi-arabia-national-id)|
-|Privacy| U.K. Data Protection Act|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
-|Privacy| U.K. Privacy and Electronic Communications Regulations|- [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
-|Privacy| U.K. Personally Identifiable Information (PII) Data|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)|
-|Privacy| U.K. Personal Information Online Code of Practice (PIOCP)|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.K. national health service number](sensitive-information-type-entity-definitions.md#uk-national-health-service-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
-|Privacy| U.S Patriot Act Enhanced|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)|
-|Privacy| U.S. Patriot Act|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
-|Privacy| U.S. Personally Identifiable Information (PII) Data Enhanced|- [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)|
-|Privacy| U.S. Personally Identifiable Information (PII) Data|- [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)|
-|Privacy| U.S. State Breach Notification Laws Enhanced|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)</br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions)|
-|Privacy| U.S. State Breach Notification Laws|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
-|Privacy| U.S. State Social Security Number Confidentiality Laws|- [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
+|Financial| Australia Financial Data| - [SWIFT code](sit-defn-swift-code.md) </br> - [Australia tax file number](sit-defn-australia-tax-file-number.md) </br> - [Australia bank account number](sit-defn-australia-bank-account-number.md) </br> - [Credit card number](sit-defn-credit-card-number.md)|
+|Financial| Canada Financial data |- [Credit card number](sit-defn-credit-card-number.md) </br> - [Canada bank account number](sit-defn-canada-bank-account-number.md)|
+|Financial| France Financial data |- [Credit card number](sit-defn-credit-card-number.md) </br> - [EU debit card number](sit-defn-eu-debit-card-number.md)|
+|Financial| Germany Financial Data |- [Credit card number](sit-defn-credit-card-number.md) </br> - [EU debit card number](sit-defn-eu-debit-card-number.md)|
+|Financial| Israel Financial Data |- [Israel bank account number](sit-defn-israel-bank-account-number.md) </br> - [SWIFT code](sit-defn-swift-code.md) </br> - [Credit card number](sit-defn-credit-card-number.md)|
+|Financial| Japan Financial Data |- [Japan bank account number](sit-defn-japan-bank-account-number.md)</br> - [Credit card number](sit-defn-credit-card-number.md)|
+|Financial| PCI Data Security Standard (PCI DSS)|- [Credit card number](sit-defn-credit-card-number.md)|
+|Financial| Saudi Arabia Anti-Cyber Crime Law|- [SWIFT code](sit-defn-swift-code.md) </br> - [International banking account number (IBAN)](sit-defn-international-banking-account-number.md)|
+|Financial| Saudi Arabia Financial Data |- [Credit card number](sit-defn-credit-card-number.md) </br> - [SWIFT code](sit-defn-swift-code.md) </br> - [International banking account number (IBAN)](sit-defn-international-banking-account-number.md)|
+|Financial| UK Financial Data|- [Credit card number](sit-defn-credit-card-number.md) </br> - [EU debit card number](sit-defn-eu-debit-card-number.md) </br> - [SWIFT code](sit-defn-swift-code.md)|
+|Financial| US Financial Data|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [ABA Routing Number](sit-defn-aba-routing.md)|
+|Financial| U.S. Federal Trade Commission (FTC) Consumer Rules|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [ABA Routing Number](sit-defn-aba-routing.md)|
+|Financial| U.S. Gramm-Leach-Bliley Act (GLBA) Enhanced|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)</br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md) </br> -[U.S. driver's license number](sit-defn-us-drivers-license-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)</br> - [U.S. Physical Addresses](sit-defn-us-physical-addresses.md)|
+|Financial| U.S. Gramm-Leach-Bliley Act (GLBA)|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)|
+|Medical and health| Australia Health Records Act (HRIP Act) Enhanced |- [Australia tax file number](sit-defn-australia-tax-file-number.md)</br> - [Australia medical account number](sit-defn-australia-medical-account-number.md)</br> - [All Full Names](sit-defn-all-full-names.md) </br> - [All Medical Terms And Conditions](sit-defn-all-medical-terms-conditions.md) </br> - [Australia Physical Addresses](sit-defn-australia-physical-addresses.md)|
+|Medical and health| Australia Health Records Act (HRIP Act)|- [Australia tax file number](sit-defn-australia-tax-file-number.md) </br> - [Australia medical account number](sit-defn-australia-medical-account-number.md)|
+|Medical and health| Canada Health Information Act (HIA) |- [Canada passport number](sit-defn-canada-passport-number.md) </br> - [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Medical and health| Canada Personal Health Information Act (PHIA) Manitoba|- [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Medical and health| Canada Personal Health Act (PHIPA) Ontario |- [Canada passport number](sit-defn-canada-passport-number.md) </br> - [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Medical and health| U.K. Access to Medical Reports Act|- [U.K. national health service number](sit-defn-uk-national-health-service-number.md) </br> - [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md)|
+|Medical and health| U.S. Health Insurance Act (HIPAA) Enhanced|</br> - [International classification of diseases (ICD-9-CM)](sit-defn-international-classification-of-diseases-icd-9-cm.md) </br> - [International classification of diseases (ICD-10-CM)](sit-defn-international-classification-of-diseases-icd-10-cm.md) </br> - [All Full Names](sit-defn-all-full-names.md) </br> - [All Medical Terms And Conditions](sit-defn-all-medical-terms-conditions.md) </br> - [U.S. Physical Addresses](sit-defn-us-physical-addresses.md)|
+|Medical and health| U.S. Health Insurance Act (HIPAA)| - [International classification of diseases (ICD-9-CM)](sit-defn-international-classification-of-diseases-icd-9-cm.md) </br> - [International classification of diseases (ICD-10-CM)](sit-defn-international-classification-of-diseases-icd-10-cm.md)|
+|Privacy| Australia Privacy Act Enhanced|- [Australia driver's license number](sit-defn-australia-drivers-license-number.md) </br> - [Australia passport number](sit-defn-australia-passport-number.md) </br> - [All Full Names](sit-defn-all-full-names.md) </br> - [All Medical Terms And Conditions](sit-defn-all-medical-terms-conditions.md) </br> - [Australia Physical Addresses](sit-defn-australia-physical-addresses.md)|
+|Privacy| Australia Privacy Act|- [Australia drivers license number](sit-defn-australia-drivers-license-number.md)</br> - [Australia passport number](sit-defn-australia-passport-number.md)|
+|Privacy| Australia Personally Identifiable Information (PII) Data|- [Australia tax file number](sit-defn-australia-tax-file-number.md) </br> - [Australia driver's license number](sit-defn-australia-drivers-license-number.md)|
+|Privacy| Canada Personally Identifiable Information (PII) Data|- [Canada driver's license number](sit-defn-canada-drivers-license-number.md) </br> - [Canada bank account number](sit-defn-canada-bank-account-number.md) </br> - [Canada passport number](sit-defn-canada-passport-number.md) </br> - [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Privacy| Canada Personal Information Protection Act (PIPA)|- [Canada passport number](sit-defn-canada-passport-number.md) </br> - [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Privacy| Canada Personal Information Protection Act (PIPEDA)|- [Canada driver's license number](sit-defn-canada-drivers-license-number.md) </br> - [Canada bank account number](sit-defn-canada-bank-account-number.md) </br> - [Canada passport number](sit-defn-canada-passport-number.md) </br> - [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Privacy| France Data Protection Act|- [France national id card (CNI)](sit-defn-france-national-id-card.md)</br> - [France social security number (INSEE)](sit-defn-france-social-security-number.md)|
+|Privacy| France Personally Identifiable Information (PII) Data|- [France social security number (INSEE)](sit-defn-france-social-security-number.md) </br> - [France driver's license number](sit-defn-france-drivers-license-number.md) </br> - [France passport number](sit-defn-france-passport-number.md) </br> - [France national id card (CNI)](sit-defn-france-national-id-card.md)|
+|Privacy| General Data Protection Regulation (GDPR) Enhanced|- [Austria Physical Addresses](sit-defn-austria-physical-addresses.md) </br> - [Belgium Physical Addresses](sit-defn-belgium-physical-addresses.md) </br> - [Bulgaria Physical Addresses](sit-defn-bulgaria-physical-addresses.md) </br> - [Croatia Physical Addresses](sit-defn-croatia-physical-addresses.md) </br> - [Cyprus Physical Addresses](sit-defn-cyprus-physical-addresses.md) </br> - [Czech Republic Physical Addresses](sit-defn-czech-republic-physical-addresses.md)</br> - [Denmark Physical Addresses](sit-defn-denmark-physical-addresses.md)</br> - [Estonia Physical Addresses](sit-defn-estonia-physical-addresses.md)</br> - [Finland Physical Addresses](sit-defn-finland-physical-addresses.md)</br> - [France Physical Addresses](sit-defn-france-physical-addresses.md)</br> - [Germany Physical Addresses](sit-defn-germany-physical-addresses.md)</br> - [Greece Physical Addresses](sit-defn-greece-physical-addresses.md)</br> - [Hungary Physical Addresses](sit-defn-hungary-physical-addresses.md)</br> - [Ireland Physical Addresses](sit-defn-ireland-physical-addresses.md)</br> - [Italy Physical Addresses](sit-defn-italy-physical-addresses.md)</br> - [Latvia Physical Addresses](sit-defn-latvia-physical-addresses.md)</br> - [Lithuania Physical Addresses](sit-defn-lithuania-physical-addresses.md)</br> - [Luxembourg Physical Addresses](sit-defn-luxemburg-physical-addresses.md)</br> - [Malta Physical Addresses](sit-defn-malta-physical-addresses.md)</br> - [Netherlands Physical Addresses](sit-defn-netherlands-physical-addresses.md)</br> - [Poland Physical Addresses](sit-defn-poland-physical-addresses.md)</br> - [Portuguese Physical Addresses](sit-defn-portugal-physical-addresses.md)</br> - [Romania Physical Addresses](sit-defn-romania-physical-addresses.md)</br> - [Slovakia Physical Addresses](sit-defn-slovakia-physical-addresses.md)</br> - [Slovenia Physical Addresses](sit-defn-slovenia-physical-addresses.md)</br> - [Spain Physical Addresses](sit-defn-spain-physical-addresses.md)</br> - [Sweden Physical Addresses](sit-defn-sweden-physical-addresses.md)</br> - [Austria Social Security Number](sit-defn-austria-social-security-number.md) </br> - [France Social Security Number (INSEE)](sit-defn-france-social-security-number.md)</br> - [Greece Social Security Number (AMKA)](sit-defn-greece-social-security-number.md)</br> - [Hungarian Social Security Number (TAJ)](sit-defn-hungary-social-security-number.md)</br> - [Spain Social Security Number (SSN)](sit-defn-spain-social-security-number.md)</br> - [Austria Identity Card](sit-defn-austria-identity-card.md) </br> - [Cyprus Identity Card](sit-defn-cyprus-identity-card.md) </br> - [Germany Identity Card Number](sit-defn-germany-identity-card-number.md)</br> - [Malta Identity Card Number](sit-defn-malta-identity-card-number.md)</br> - [France National ID Card (CNI)](sit-defn-france-national-id-card.md)</br> - [Greece National ID Card](sit-defn-greece-national-id-card.md)</br> - [Finland National ID](sit-defn-finland-national-id.md)</br> - [Poland National ID (PESEL)](sit-defn-poland-national-id.md)</br> - [Sweden National ID](sit-defn-sweden-national-id.md)</br> - [Croatia Personal Identification (OIB) Number](sit-defn-croatia-personal-identification-number.md) </br> - [Czech Personal Identity Number](sit-defn-czech-personal-identity-number.md)</br> - [Denmark Personal Identification Number](sit-defn-denmark-personal-identification-number.md)</br> - [Estonia Personal Identification Code](sit-defn-estonia-personal-identification-code.md)</br> - [Hungary Personal Identification Number](sit-defn-hungary-personal-identification-number.md)</br> - [Luxemburg National Identification Number natural persons](sit-defn-luxemburg-national-identification-number-natural-persons.md)</br> - [Luxemburg National Identification Number (Non-natural persons)](sit-defn-luxemburg-national-identification-number-non-natural-persons.md)</br> - [Italy Fiscal Code](sit-defn-italy-fiscal-code.md)</br> - [Latvia Personal Code](sit-defn-latvia-personal-code.md)</br> - [Lithuania Personal Code](sit-defn-lithuania-personal-code.md)</br> - [Romania Personal Numerical Code (CNP)](sit-defn-romania-personal-numeric-code.md)</br> - [Netherlands Citizen's Service (BSN) Number](sit-defn-netherlands-citizens-service-number.md)</br> - [Ireland Personal Public Service (PPS) Number](sit-defn-ireland-personal-public-service-number.md)</br> - [Bulgaria Uniform Civil Number](sit-defn-bulgaria-uniform-civil-number.md) </br> - [Belgium National Number](sit-defn-belgium-national-number.md) </br> - [Spain DNI](sit-defn-spain-dni.md)</br> - [Slovenia Unique Master Citizen Number](sit-defn-slovenia-unique-master-citizen-number.md)</br> - [Slovakia Personal Number](sit-defn-slovakia-personal-number.md)</br> - [Portugal Citizen Card Number](sit-defn-portugal-citizen-card-number.md)</br> - [Malta Tax ID Number](sit-defn-malta-tax-identification-number.md)</br> - [Austria Tax Identification Number](sit-defn-austria-tax-identification-number.md) </br> - [Cyprus Tax Identification Number](sit-defn-cyprus-tax-identification-number.md) </br> -[France Tax Identification Number (numéro SPI.)](sit-defn-france-tax-identification-number.md)</br> - [Germany Tax Identification Number](sit-defn-germany-tax-identification-number.md)</br> - [Greek Tax identification Number](sit-defn-greece-tax-identification-number.md)</br> - [Hungary Tax identification Number](sit-defn-hungary-tax-identification-number.md)</br> - [Netherlands Tax Identification Number](sit-defn-netherlands-tax-identification-number.md)</br> - [Poland Tax Identification Number](sit-defn-poland-tax-identification-number.md)</br> - [Portugal Tax Identification Number](sit-defn-portugal-tax-identification-number.md)</br> - [Slovenia Tax Identification Number](sit-defn-slovenia-tax-identification-number.md)</br> - [Spain Tax Identification Number](sit-defn-spain-tax-identification-number.md)</br> - [Sweden Tax Identification Number](sit-defn-sweden-tax-identification-number.md)</br> - [Austria Driver's License](sit-defn-austria-drivers-license-number.md) </br> - [Belgium Driver's License Number](sit-defn-belgium-drivers-license-number.md) </br> - [Bulgaria Driver's License Number](sit-defn-bulgaria-drivers-license-number.md) </br> - [Croatia Driver's License Number](sit-defn-croatia-drivers-license-number.md) </br> - [Cyprus Driver's License Number](sit-defn-cyprus-drivers-license-number.md) </br> - [Czech Driver's License Number](sit-defn-czech-drivers-license-number.md) </br> - [Denmark Driver's License Number](sit-defn-denmark-drivers-license-number.md)</br> - [Estonia Driver's License Number](sit-defn-estonia-drivers-license-number.md)</br> - [Finland Driver's License Number](sit-defn-finland-drivers-license-number.md)</br> - [France Driver's License Number](sit-defn-france-drivers-license-number.md)</br> - [German Driver's License Number](sit-defn-germany-drivers-license-number.md)</br> - [Greece Driver's License Number](sit-defn-greece-drivers-license-number.md) </br> - [Hungary Driver's License Number](sit-defn-hungary-drivers-license-number.md)</br> - [Ireland Driver's License Number](sit-defn-ireland-drivers-license-number.md)</br> - [Italy Driver's License Number](sit-defn-italy-drivers-license-number.md)</br> - [Latvia Driver's License Number](sit-defn-latvia-drivers-license-number.md)</br> - [Lithuania Driver's License Number](sit-defn-lithuania-drivers-license-number.md)</br> - [Luxemburg Driver's License Number](sit-defn-luxemburg-drivers-license-number.md)</br> - [Malta Driver's License Number](sit-defn-malta-drivers-license-number.md)</br> - [Netherlands Driver's License Number](sit-defn-netherlands-drivers-license-number.md)</br> - [Poland Driver's License Number](sit-defn-poland-drivers-license-number.md)</br> - [Portugal Driver's License Number](sit-defn-portugal-drivers-license-number.md)</br> - [Romania Driver's License Number](sit-defn-romania-drivers-license-number.md)</br> - [Slovakia Driver's License Number](sit-defn-slovakia-drivers-license-number.md)</br> - [Slovenia Driver's License Number](sit-defn-slovenia-drivers-license-number.md)</br> - [Spain Driver's License Number](sit-defn-spain-drivers-license-number.md)</br> - [Sweden Driver's License Number](sit-defn-sweden-drivers-license-number.md)</br> - [Austria Passport Number](sit-defn-austria-passport-number.md) </br> - [Belgium Passport Number](sit-defn-belgium-passport-number.md) </br> - [Bulgaria Passport Number](sit-defn-bulgaria-passport-number.md) </br> - [Croatia Passport Number](sit-defn-croatia-passport-number.md) </br> - [Cyprus Passport Number](sit-defn-cyprus-passport-number.md) </br> - [Czech Republic Passport Number](sit-defn-czech-passport-number.md) </br> - [Denmark Passport Number](sit-defn-denmark-passport-number.md)</br> - [Estonia Passport Number](sit-defn-estonia-passport-number.md)</br> - [Finland Passport Number](sit-defn-finland-passport-number.md)</br> - [France Passport Number](sit-defn-france-passport-number.md)</br> - [German Passport Number](sit-defn-germany-passport-number.md)</br> - [Greece Passport Number](sit-defn-greece-passport-number.md)</br> - [Hungary Passport Number](sit-defn-hungary-passport-number.md)</br> - [Ireland Passport Number](sit-defn-ireland-passport-number.md)</br> - [Italy Passport Number](sit-defn-italy-passport-number.md)</br> - [Latvia Passport Number](sit-defn-latvia-passport-number.md)</br> - [Lithuania Passport Number](sit-defn-lithuania-passport-number.md)</br> - [Luxemburg Passport Number](sit-defn-luxemburg-passport-number.md)</br> - [Malta Passport Number](sit-defn-malta-passport-number.md)</br> - [Netherlands Passport Number](sit-defn-netherlands-passport-number.md)</br> - [Poland Passport](sit-defn-poland-passport-number.md)</br> - [Portugal Passport Number](sit-defn-portugal-passport-number.md)</br> - [Romania Passport Number](sit-defn-romania-passport-number.md)</br> - [Slovakia Passport Number](sit-defn-slovakia-passport-number.md)</br> - [Slovenia Passport Number](sit-defn-slovenia-passport-number.md)</br> - [Spain Passport Number](sit-defn-spain-passport-number.md)</br> - [Sweden Passport Number](sit-defn-sweden-passport-number.md)</br> - [EU Debit Card Number](sit-defn-eu-debit-card-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)|
+|Privacy| General Data Protection Regulation (GDPR)|- [EU debit card number](sit-defn-eu-debit-card-number.md) </br> - [EU driver's license number](sit-defn-eu-drivers-license-number.md) </br> - [EU national identification number](sit-defn-eu-national-identification-number.md)</br> - [EU passport number](sit-defn-eu-passport-number.md) </br> - [EU social security number or equivalent identification](sit-defn-eu-social-security-number-equivalent-identification.md)</br> - [EU Tax identification number](sit-defn-eu-tax-identification-number.md)|
+|Privacy| Germany Personally Identifiable Information (PII) Data|- [Germany driver's license number](sit-defn-germany-drivers-license-number.md) </br> - [Germany passport number](sit-defn-germany-passport-number.md)|
+|Privacy| Israel Personally Identifiable Information (PII) Data|- [Israel national identification number](sit-defn-israel-national-identification-number.md)|
+|Privacy| Israel Protection of Privacy|- [Israel national identification number](sit-defn-israel-national-identification-number.md)</br> - [Israel bank account number](sit-defn-israel-bank-account-number.md)|
+|Privacy| Japan Personally Identifiable Information (PII) Data enhanced|- [Japan Social Insurance Number (SIN)](sit-defn-japan-social-insurance-number.md)</br> - [Japan My Number - Personal](sit-defn-japan-my-number-personal.md)</br> - [Japan passport number](sit-defn-japan-passport-number.md)</br> - [Japan driver's license number](sit-defn-japan-drivers-license-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)</br> - [Japan Physical Addresses](sit-defn-all-physical-addresses.md)|
+|Privacy| Japan Personally Identifiable Information (PII) Data|- [Japan resident registration number](sit-defn-japan-resident-registration-number.md) </br> - [Japan Social Insurance Number (SIN)](sit-defn-japan-social-insurance-number.md)|
+|Privacy| Japan Protection of Personal Information Enhanced|- [Japan Social Insurance Number (SIN)](sit-defn-japan-social-insurance-number.md) </br> - [Japan My Number - Personal](sit-defn-japan-my-number-personal.md)</br> - [Japan passport number](sit-defn-japan-passport-number.md) </br> - [Japan driver's license number](sit-defn-japan-drivers-license-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)</br> - [Japan Physical Addresses](sit-defn-all-physical-addresses.md)|
+|Privacy| Japan Protection of Personal Information|- [Japan resident registration number](sit-defn-japan-resident-registration-number.md)</br> - [Japan Social Insurance Number (SIN)](sit-defn-japan-social-insurance-number.md)|
+|Privacy| Saudi Arabia Personally Identifiable (PII) Data|- [Saudi Arabia National ID](sit-defn-saudi-arabia-national-id.md)|
+|Privacy| U.K. Data Protection Act|- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md) </br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md) </br> - [SWIFT code](sit-defn-swift-code.md)|
+|Privacy| U.K. Privacy and Electronic Communications Regulations|- [SWIFT code](sit-defn-swift-code.md)|
+|Privacy| U.K. Personally Identifiable Information (PII) Data|- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md) </br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)|
+|Privacy| U.K. Personal Information Online Code of Practice (PIOCP)|- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md) </br> - [U.K. national health service number](sit-defn-uk-national-health-service-number.md) </br> - [SWIFT code](sit-defn-swift-code.md)|
+|Privacy| U.S Patriot Act Enhanced|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)</br> - [U.S. Physical Addresses](sit-defn-us-physical-addresses.md)|
+|Privacy| U.S. Patriot Act|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)|
+|Privacy| U.S. Personally Identifiable Information (PII) Data Enhanced|- [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)</br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)</br> - [U.S. Physical Addresses](sit-defn-us-physical-addresses.md)|
+|Privacy| U.S. Personally Identifiable Information (PII) Data|- [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)</br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)|
+|Privacy| U.S. State Breach Notification Laws Enhanced|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> -[U.S. driver's license number](sit-defn-us-drivers-license-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)</br> - [All Full Names](sit-defn-all-full-names.md) </br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)</br> - [All Medical Terms And Conditions](sit-defn-all-medical-terms-conditions.md)|
+|Privacy| U.S. State Breach Notification Laws|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> -[U.S. driver's license number](sit-defn-us-drivers-license-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)|
+|Privacy| U.S. State Social Security Number Confidentiality Laws|- [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)|
## Locations
A DLP policy can find and protect items that contain sensitive information acros
|Microsoft Defender for Cloud Apps | cloud app instance |data-at-rest | - [Use data loss prevention policies for non-Microsoft cloud apps](dlp-use-policies-non-microsoft-cloud-apps.md#use-data-loss-prevention-policies-for-non-microsoft-cloud-apps) | |Devices |user or group |data-at-rest </br> data-in-use </br> data-in-motion |- [Learn about Endpoint data loss prevention](endpoint-dlp-learn-about.md) </br>- [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md) </br>- [Configure device proxy and internet connection settings for Information Protection](device-onboarding-configure-proxy.md#configure-device-proxy-and-internet-connection-settings-for-information-protection) | |On-premises repositories (file shares and SharePoint) |repository | data-at-rest | - [Learn about the data loss prevention on-premises scanner](dlp-on-premises-scanner-learn.md) </br> - [Get started with the data loss prevention on-premises scanner](dlp-on-premises-scanner-get-started.md#get-started-with-the-data-loss-prevention-on-premises-scanner) |
-|PowerBI| workspaces | data-in-use | No|
+|Power BI| workspaces | data-in-use | No|
If you choose to include specific distribution groups in Exchange, the DLP policy will be scoped only to the members of that group. Similarly excluding a distribution group will exclude all the members of that distribution group from policy evaluation. You can choose to scope a policy to the members of distribution lists, dynamic distribution groups, and security groups. A DLP policy can contain no more than 50 such inclusions and exclusions.
DLP policies detect sensitive items by matching them to a sensitive information
|Teams Chat and Channel messages | Yes| No| No| |Devices |Yes | Yes| No| |Microsoft Defender for Cloud Apps | Yes| Yes| Yes|
-|On-Premises repositories| Yes| Yes| No|
-|PowerBI|Yes | Yes| No|
+|On-premises repositories| Yes| Yes| No|
+|Power BI|Yes | Yes| No|
> [!NOTE]
-> DLP supports (in preview) the using trainable classifiers as a condition to detect sensitive documents. Content can be defined by trainable classifiers in Exchange email online, Sharepoint Online sites, OneDrive for Business accounts, Teams Chat and Channels, and Devices. For more information, see [Trainable Classifiers](classifier-learn-about.md).
+> DLP supports (in preview) using trainable classifiers as a condition to detect sensitive documents. Content can be defined by trainable classifiers in Exchange Online, Sharepoint Online sites, OneDrive for Business accounts, Teams Chat and Channels, and Devices. For more information, see [Trainable Classifiers](classifier-learn-about.md).
> [!NOTE]
-> DLP supports detecting sensitivity labels on emails and attachments See, [Use sensitivity labels as conditions in DLP policies](dlp-sensitivity-label-as-condition.md#use-sensitivity-labels-as-conditions-in-dlp-policies).
+> DLP supports detecting sensitivity labels on emails and attachments. For more information, see [Use sensitivity labels as conditions in DLP policies](dlp-sensitivity-label-as-condition.md#use-sensitivity-labels-as-conditions-in-dlp-policies).
## Rules
Rules are the business logic of DLP policies. They consist of:
- [**Conditions**](#conditions) that when matched, trigger the policy - [**Exceptions**](#exceptions) to the conditions - [**Actions**](#actions) to take when the policy is triggered-- [**User notifications**](#user-notifications-and-policy-tips) to inform your users when they are doing something that triggers a policy and help educate them on how your org wants sensitive information treated
+- [**User notifications**](#user-notifications-and-policy-tips) to inform your users when they're doing something that triggers a policy and help educate them on how your organization wants sensitive information treated
- [**User Overrides**](#user-overrides) when configured by an admin, allow users to selectively override a blocking action - [**Incident Reports**](#incident-reports) that notify admins and other key stakeholders when a rule match occurs - [**Additional Options**](#additional-options) which define the priority for rule evaluation and can stop further rule and policy processing.
Rules are the business logic of DLP policies. They consist of:
#### Hosted service workloads
-For the hosted service workloads, like Exchange Online, SharePoint Online and OneDrive for Business, each rule is assigned a priority in the order in which it's created. That means, the rule created first has first priority, the rule created second has second priority, and so on.
+For the hosted service workloads, like Exchange Online, SharePoint Online and OneDrive for Business, each rule is assigned a priority in the order in which it's created. That means, the rule created first has first priority, the rule created second has second priority, and so on.
![Rules in priority order](../media/dlp-rules-in-priority-order.png)
When content is evaluated against rules, the rules are processed in priority ord
- Rule 1: only notifies users - Rule 2: notifies users, restricts access, and allows user overrides-- *Rule 3: notifies users, restricts access, and does not allow user overrides*
+- *Rule 3: notifies users, restricts access, and doesn't allow user overrides*
- Rule 4: restricts access Rules 1, 2, and 4 would be evaluated, but not applied. In this example, matches for all of the rules are recorded in the audit logs and shown in the DLP reports, even though only the most restrictive rule is applied.
For example, you might have a DLP policy that helps you detect the presence of i
Priority for rules on endpoints is also assigned according to the order in which it's created. That means, the rule created first has first priority, the rule created second has second priority, and so on.
-When a file on an endpoint matches multiple DLP policies, the first rule that's enabled with most restrictive enforcement on the [endpoint activities](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on) is the one that gets enforced on the content. For example, if content matches all of the following rules, then rule 2 takes precedence over the other rules since its the most restrictive.
+When a file on an endpoint matches multiple DLP policies, the first rule that's enabled with most restrictive enforcement on the [endpoint activities](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on) is the one that gets enforced on the content. For example, if content matches all of the following rules, then rule 2 takes precedence over the other rules since it's the most restrictive.
-- Rule 1: only audits all activity
+- Rule 1: only audits all activity
- *Rule 2: blocks all activity* - Rule 3: blocks all activity with option for end user to override
-In the below example, Rule 1 takes precedence over the other matching rules since its the most restrictive.
+In the below example, Rule 1 takes precedence over the other matching rules since it's the most restrictive.
-- *Rule 1: blocks activity and does not allow user override*
+- *Rule 1: blocks activity and doesn't allow user override*
- Rule 2: blocks activity and allows user overrides - Rule 3: only audits all activity - Rule 4: no enforcement
-All the other rules are evaluated but their actions are not enforced. Audit logs will show the most restrictive rule applied on the file. If there is more than one rule that matches and they are equally restrictive, then policy and rule priority governs which rule would be applied on the file.
+All the other rules are evaluated but their actions aren't enforced. Audit logs will show the most restrictive rule applied on the file. If there's more than one rule that matches and they're equally restrictive, then policy and rule priority governs which rule would be applied on the file.
### Conditions
Conditions are inclusive and are where you define what you want the rule to look
- [retention labels](retention.md#using-a-retention-label-as-a-condition-in-a-dlp-policy) - [Trainable Classifiers](classifier-learn-about.md) (in preview)
-depending on the [location(s)](#location-support-for-how-content-can-be-defined) you choose to apply the policy to.
+depending on the [location(s)](#location-support-for-how-content-can-be-defined) you choose to apply the policy to.
-The rule will only look for the presence of any **sensitivity labels** and **retention labels** you pick.
+The rule will only look for the presence of any **sensitivity labels** and **retention labels** you pick.
-SITs have a pre-defined [**confidence level**](https://www.microsoft.com/videoplayer/embed/RE4Hx60) which you can alter if needed. For more information, see [More on confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels).
+SITs have a pre-defined [**confidence level**](https://www.microsoft.com/videoplayer/embed/RE4Hx60) which you can alter if needed. For more information, see [More on confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels).
> [!IMPORTANT] > SITs have two different ways of defining the max unique instance count parameters. To learn more, see [Instance count supported values for SIT](create-a-custom-sensitive-information-type.md#instance-count-supported-values-for-sit).
The actions that are available in a rule are dependent on the locations that hav
#### Devices actions <!--- (preview) Audit or restricted activities when users acceses sensitive websites in Microsoft Edge browser on Windows devices. See, [Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains-preview) for more information.
+- (preview) Audit or restricted activities when users accesses sensitive websites in Microsoft Edge browser on Windows devices. See, [Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains-preview) for more information.
- Audit or restrict activities on Windows devices To use `Audit or restrict activities on Windows devices`, you have to configure options in **DLP settings** and in the policy in which you want to use them. See, [Restricted apps and app groups](dlp-configure-endpoint-settings.md#restricted-apps-and-app-groups) for more information.
This table shows the DLP blocking and notification behavior for policies that ar
|||||| |- **Content is shared from Microsoft 365** </br>- **with people outside my organization** |No actions are configured |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected |- **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** set to **On** </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |- Notifications will be sent only when a file is shared with an external user and an external user access the file. | |- **Content is shared from Microsoft 365** </br>- **only with people inside my organization** | No actions are configured |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |- Notifications are sent when a file is uploaded |
-|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** | - **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block users from receiveing email or accessing shared SharePoint, OndeDrive, and Teams files** is selected </br>- **Block only people outside your organization** is selected |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** | - Access to a sensitive file is blocked as soon as it is uploaded </br>- Notifications sent when content is shared from Microsoft 365 with people outside my organization |
-|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** | - **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block users from receiveing email or accessing shared SharePoint, OndeDrive, and Teams files** is selected </br>- **Block everyone** is selected | - **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |Notifications are sent when a file is shared with an external user and an external user access that file. |
+|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** | - **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block users from receiving email or accessing shared SharePoint, OneDrive, and Teams files** is selected </br>- **Block only people outside your organization** is selected |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** | - Access to a sensitive file is blocked as soon as it is uploaded </br>- Notifications sent when content is shared from Microsoft 365 with people outside my organization |
+|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** | - **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block users from receiving email or accessing shared SharePoint, OneDrive, and Teams files** is selected </br>- **Block everyone** is selected | - **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |Notifications are sent when a file is shared with an external user and an external user access that file. |
|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** |- **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block only people who were given access to the content through the "Anyone with the link" option** is selected. | - **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected. </br>- **Notify the user who sent, shared, or last modified the content** is selected |- **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |Notifications are sent as soon as a file is uploaded |
compliance Enable Mailbox Auditing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-mailbox-auditing.md
Here are some benefits of mailbox auditing on by default:
- Auditing is automatically enabled when you create a new mailbox. You don't need to manually enable it for new users. - You don't need to manage the mailbox actions that are audited. A predefined set of mailbox actions are audited by default for each logon type (Admin, Delegate, and Owner).-- When Microsoft releases a new mailbox action, the action might be automatically added to the list of mailbox actions that are audited by default (subject to the user having the appropriate license). This means you don't need to monitor add new actions on mailboxes.
+- When Microsoft releases a new mailbox action, the action might be added automatically to the list of mailbox actions that are audited by default (subject to the user having the appropriate license). This means you don't need to monitor add new actions on mailboxes.
- You have a consistent mailbox auditing policy across your organization (because you're auditing the same actions for all mailboxes). > [!NOTE]
Remember, an admin with Full Access permission to a Microsoft 365 Group mailbox
|**SendAs**|A message was sent using the SendAs permission.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|| |**SendOnBehalf**|A message was sent using the SendOnBehalf permission.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|| |**SoftDelete**|A message was permanently deleted or deleted from the Deleted Items folder. Soft-deleted items are moved to the Recoverable Items folder.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**Update**|A message or any of its property was changed.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**Update**|A message or any of its properties was changed.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
### Verify that default mailbox actions are being logged for each logon type
compliance Encryption Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-sensitivity-labels.md
You can use the following options to let users assign permissions when they manu
This option is supported by the Azure Information Protection unified labeling client and by some apps that use built-in labeling. For apps that don't support this capability, the label either won't be visible for users, or the label is visible for consistency but it can't be applied with an explanation message to users.
- To check which apps that use built-in labeling support this option, use the [capabilities table for Word, Excel, and PowerPoint](sensitivity-labels-office-apps.md#sensitivity-label-capabilities-in-word-excel-and-powerpoint) and the row **Let users assign permissions: - Prompt users**.
+ To check which apps that use built-in labeling support this option, use the [capabilities table for Word, Excel, and PowerPoint](sensitivity-labels-office-apps.md#sensitivity-label-capabilities-in-word-excel-and-powerpoint) and the rows for **Let users assign permissions**.
When the options are supported, use the following table to identify when users see the sensitivity label:
For built-in labeling, and for the Azure Information Protection unified labeling
> [!TIP] > If users were familiar with configuring custom permissions with the Azure Information Protection unified labeling client before [co-authoring was enabled](sensitivity-labels-coauthoring.md), you might find it helpful to review the mapping of permission levels to individual usage rights: [Rights included in permissions levels](/azure/information-protection/configure-usage-rights#rights-included-in-permissions-levels).
+#### Support for organization-wide custom permissions
+
+Now rolling out in preview for built-in labeling in Windows, users can specify a domain name that will apply to all users in an organization that owns the domain and it is in Azure Active Directory. This capability provides [parity with the Azure Information Protection unified labeling client](sensitivity-labels-aip.md#feature-parity-for-built-in-labeling-and-the-aip-add-in-for-office-apps):
+
+![Updated dialog box to support organization-wide custom permissions.](../media/org-wide-custom-permissions-dialog.png)
+
+For example, a user types "@contoso.com" (or "contoso.com") and grants read access. Because Contoso Corporation owns the contoso.com domain, all users in that domain and all other domains that the organization owns in Azure Active Directory will be granted read access.
+
+It's important to let users know that access isn't restricted to just the users in the domain specified. For example, "@sales.contoso.com" wouldn't restrict access to users in just the sales subdomain, but also grant access to users in the marketing.contoso.com domain, and even users with a disjoint namespace in the same Azure Active Directory tenant.
+ ## Example configurations for the encryption settings For each example that follows, do the configuration from the **Encryption** page when **Configure encryption settings** is selected:
compliance Endpoint Dlp Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-learn-about.md
Onboarding and offboarding are handled via scripts you download from the Device
Use the procedures in [Getting started with Microsoft 365 Endpoint DLP](endpoint-dlp-getting-started.md) to onboard devices.
-If you have onboarded devices through [Microsoft Defender for Endpoint](../security/defender-endpoint/configure-machines-onboarding.md), those devices will automatically show up in the list of devices. This is because onboarding to Defender also onboards devices to DLP. You only need to **Turn on device monitoring** to use endpoint DLP. .
+If you have onboarded devices through [Microsoft Defender for Endpoint](../security/defender-endpoint/configure-machines-onboarding.md), those devices will automatically show up in the list of devices. This is because onboarding to Defender also onboards devices to DLP. You only need to **Turn on device monitoring** to use endpoint DLP. .
> [!div class="mx-imgBorder"] > ![managed devices list.](../media/endpoint-dlp-learn-about-2-device-list.png)
compliance Get Started With Data Lifecycle Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-data-lifecycle-management.md
Ready to start managing the lifecycle of your organization's data by retaining t
A number of different subscriptions support data lifecycle management capabilities.
-To see the options for licensing your users to benefit from Microsoft Purview features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For the features listed on this page, see the [Microsoft Purview Data Lifecycle Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management) section and related [PDF download](https://go.microsoft.com/fwlink/?linkid=2139145) for feature-level licensing requirements.
+To see the options for licensing your users to benefit from Microsoft Purview features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For the features listed on this page, see the [Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management--microsoft-purview-records-management) section for feature-level licensing requirements.
## Permissions
compliance Get Started With Records Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-records-management.md
Ready to start managing your organization's high-value content for legal, busine
- [Publish retention labels and apply them in apps](create-apply-retention-labels.md) - [Apply a retention label to content automatically](apply-retention-labels-automatically.md)
+> [!TIP]
+> If you're migrating records to Microsoft 365 and need to validate that they haven't been altered, see [Validating migrated records](records-management.md#validating-migrated-records).
+ ## Subscription and licensing requirements A number of different subscriptions support records management and the licensing requirements for users depends on the features you use.
-To see the options for licensing your users to benefit from Microsoft Purview features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For records management, see the [Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-records-management) section and related PDF download for feature-level licensing requirements.
+To see the options for licensing your users to benefit from Microsoft Purview features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For records management, see the [Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management--microsoft-purview-records-management) section for feature-level licensing requirements.
## Permissions
If you're using retention policies for baseline data governance, they typically
In comparison, retention labels have a UI presence in Microsoft 365 apps, so make sure you provide guidance for end users and your help desk before these labels are deployed to your production network. To help users apply retention labels in SharePoint and OneDrive, and information about unlocking records for editing, see [Apply retention labels to files in SharePoint or OneDrive](https://support.microsoft.com/office/apply-retention-labels-to-files-in-sharepoint-or-onedrive-11a6835b-ec9f-40db-8aca-6f5ef18132df).
-However, the most effective end-user documentation will be customized guidance and instructions you provide for the retention label names and configurations you choose. See the following page and downloads that you can use to help train your users: [End User Training for Retention Labels](https://microsoft.github.io/ComplianceCxE/enduser/retention/).
+However, the most effective end-user documentation will be customized guidance and instructions you provide for the retention label names and configurations you choose. See the following page and downloads that you can use to help train your users: [End User Training for Retention Labels](https://microsoft.github.io/ComplianceCxE/enduser/retention/).
compliance Get Started With Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-sensitivity-labels.md
All scenarios require you to [Create and configure sensitivity labels and their
|Extend labeling to File Explorer and PowerShell, with additional features for Office apps on Windows (if needed)|[Azure Information Protection unified labeling client for Windows](/azure/information-protection/rms-client/aip-clientv2)| |Encrypt documents and emails with sensitivity labels and restrict who can access that content and how it can be used |[Restrict access to content by using sensitivity labels to apply encryption](encryption-sensitivity-labels.md)| |Enable sensitivity labels for Office on the web, with support for coauthoring, eDiscovery, data loss prevention, searchΓÇöeven when documents are encrypted | [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md)
+|Files in SharePoint to be automatically labeled with a default sensitivity label | [Configure a default sensitivity label for a SharePoint document library](sensitivity-labels-sharepoint-default-label.md)
|Use co-authoring and AutoSave in Office desktop apps when documents are encrypted | [Enable co-authoring for files encrypted with sensitivity labels](sensitivity-labels-coauthoring.md) |Automatically apply sensitivity labels to documents and emails | [Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md)| |Use sensitivity labels to protect content in Teams and SharePoint |[Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](sensitivity-labels-teams-groups-sites.md)|
compliance Import Epic Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-epic-data.md
description: "Administrators can set up a data connector to import electronic he
# Set up a connector to import Epic EHR audit data (preview)
-You can set up a data connector in the Microsoft Purview compliance portal to import audit records for user activity in your organization's Epic Electronic Healthcare Records (EHR) system. Audit records from your Epic EHR system include records for events related to accessing a patient's health records. Epic EHR audit records can be used by the Microsoft 365 [insider risk management solution](insider-risk-management.md) to help protect your organization from unauthorized access to patient information.
+You can set up a data connector in the Microsoft Purview compliance portal to import audit records for user activity in your organization's Epic Electronic Healthcare Records (EHR) system. Audit records from your Epic EHR system include records for events related to accessing a patient's health records. Epic EHR audit records can be used by the Microsoft Purview [Insider Risk Management solution](insider-risk-management.md) to help protect your organization from unauthorized access to patient information.
Setting up an Epic connector consists of the following tasks:
The next step is to create an Epic connector in the compliance portal. After you
A status page is displayed that confirms the connector was created. This page contains two important things that you need to complete the next step to run the sample script to upload your Epic EHR audit records data.
- Review page with job ID and link to github for sample script
+ Review page with job ID and link to GitHub for sample script
1. **Job ID.** You'll need this job ID to run the script in the next step. You can copy it from this page or from the connector flyout page.
compliance Import Healthcare Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-healthcare-data.md
description: "Administrators can set up a data connector to import electronic he
# Set up a connector to import healthcare EHR audit data (preview)
-You can set up a data connector in the Microsoft Purview compliance portal to import auditing data for user activity in your organization's Electronic Healthcare Records (EHR) system. Auditing data from your healthcare EHR system include data for events related to accessing a patient's health records. Healthcare EHR auditing data can be used by the Microsoft 365 [insider risk management solution](insider-risk-management.md) to help protect your organization from unauthorized access to patient information.
+You can set up a data connector in the Microsoft Purview compliance portal to import auditing data for user activity in your organization's Electronic Healthcare Records (EHR) system. Auditing data from your healthcare EHR system include data for events related to accessing a patient's health records. Healthcare EHR auditing data can be used by the Microsoft Purview [Insider Risk Management solution](insider-risk-management.md) to help protect your organization from unauthorized access to patient information.
Setting up a Healthcare connector consists of the following tasks:
compliance Import Physical Badging Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-physical-badging-data.md
description: "Administrators can set up a data connector to import data from the
# Set up a connector to import physical badging data (preview)
-You can set up a data connector in the Microsoft Purview compliance portal to import physical badging data, such as employeeΓÇÖs raw physical access events or any physical access alarms generated by your organization's badging system. Examples of physical access points are an entry to a building or an entry to server room or data center. Physical badging data can be used by the Microsoft 365 [insider risk management solution](insider-risk-management.md) to help protect your organization from malicious activity or data theft inside your organization.
+You can set up a data connector in the Microsoft Purview compliance portal to import physical badging data, such as employeeΓÇÖs raw physical access events or any physical access alarms generated by your organization's badging system. Examples of physical access points are an entry to a building or an entry to server room or data center. Physical badging data can be used by the Microsoft Purview [Insider Risk Management solution](insider-risk-management.md) to help protect your organization from malicious activity or data theft inside your organization.
Setting up a physical badging connector consists of the following tasks:
compliance Information Protection Solution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-protection-solution.md
Use the information from knowing where your sensitive data resides to help you m
|Step|Description|More information| |:|--|:| | 1|Define your [sensitivity labels](sensitivity-labels.md) and policies that will protect your organization's data. <br /><br />In addition to identifying the sensitivity of content, these labels can apply protection actions, such as headers, footers, watermarks, and encryption. | [Get started with sensitivity labels](get-started-with-sensitivity-labels.md) <br /><br /> [Create and configure sensitivity labels and their policies](create-sensitivity-labels.md) <br /><br /> [Restrict access to content by using sensitivity labels to apply encryption](encryption-sensitivity-labels.md) |
-| 2|Label and protect items for Microsoft 365 apps and services. <br /><br />Sensitivity labels are supported for Microsoft 365 Word, Excel, PowerPoint, Outlook, and containers that include SharePoint and OneDrive sites, and Microsoft 365 groups. Use a combination of labeling methods such as manual labeling, automatic labeling, a default label, and mandatory labeling.| [Manage sensitivity labels in Office apps](sensitivity-labels-office-apps.md) <br /><br /> [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md) <br /><br /> [Enable co-authoring for files encrypted with sensitivity labels](sensitivity-labels-coauthoring.md) <br /><br /> [Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /><br /> [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](sensitivity-labels-teams-groups-sites.md) <br /><br /> [Use sensitivity labels to set the default sharing link for sites and documents in SharePoint and OneDrive](sensitivity-labels-default-sharing-link.md) <br /><br /> [Apply a sensitivity label to a model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model) <br /><br /> [Sensitivity labels in Power BI](/power-bi/admin/service-security-sensitivity-label-overview) |
+| 2|Label and protect items for Microsoft 365 apps and services. <br /><br />Sensitivity labels are supported for Microsoft 365 Word, Excel, PowerPoint, Outlook, and containers that include SharePoint and OneDrive sites, and Microsoft 365 groups. Use a combination of labeling methods such as manual labeling, automatic labeling, a default label, and mandatory labeling.| [Manage sensitivity labels in Office apps](sensitivity-labels-office-apps.md) <br /><br /> [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md) <br /><br /> [Enable co-authoring for files encrypted with sensitivity labels](sensitivity-labels-coauthoring.md) <br /><br /> [Configure a default sensitivity label for a SharePoint document library](sensitivity-labels-sharepoint-default-label.md) <br /><br /> [Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /><br /> [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](sensitivity-labels-teams-groups-sites.md) <br /><br /> [Use sensitivity labels to set the default sharing link for sites and documents in SharePoint and OneDrive](sensitivity-labels-default-sharing-link.md) <br /><br /> [Apply a sensitivity label to a model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model) <br /><br /> [Sensitivity labels in Power BI](/power-bi/admin/service-security-sensitivity-label-overview) |
|3|Discover, label, and protect sensitive items that reside in data stores in the cloud by using [Microsoft Defender for Cloud Apps](/cloud-app-security/what-is-cloud-app-security) with your sensitivity labels.| [Discover, classify, label, and protect regulated and sensitive data stored in the cloud](/cloud-app-security/best-practices#discover-classify-label-and-protect-regulated-and-sensitive-data-stored-in-the-cloud)| |4|Discover, label, and protect sensitive items that reside in data stores on premises by deploying the [Azure Information Protection unified labeling scanner](/azure/information-protection/deploy-aip-scanner) with your sensitivity labels.| [Configuring and installing the Azure Information Protection unified labeling scanner](/azure/information-protection/deploy-aip-scanner-configure-install)| |5|Extend your sensitivity labels to Azure by using [Microsoft Purview Data Map](/azure/purview/overview), to discover and label items for Azure Blob Storage, Azure files, Azure Data Lake Storage Gen1, and Azure Data Lake Storage Gen12. | [Labeling in Microsoft Purview Data Map](/azure/purview/create-sensitivity-label)|
compliance Insider Risk Management Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-configure.md
You'll choose from these role group options and solution actions when working wi
|View & export audit logs|Yes|No|No|No|Yes| > [!IMPORTANT]
-> Make sure you always have at least one user in the *Insider Risk Management* or *Insider Risk Management Admin* role groups (depending on the option you choose) so that your insider risk management configuration doesn't get in to a 'zero administrator' scenario if specific users leave your organization.
+> Make sure you always have at least one user in the built-in *Insider Risk Management* or *Insider Risk Management Admin* role groups (depending on the option you choose) so that your insider risk management configuration doesn't get into a 'zero administrator' scenario if specific users leave your organization.
Members of the following roles can assign users to insider risk management role groups and have the same solution permissions included with the *Insider Risk Management Admin* role group:
compliance Manage Data Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/manage-data-governance.md
Ready to start using some or all of these capabilities? See [Get started with re
## Licensing requirements
-To understand your licensing requirements and options, see the following sections from the [Microsoft 365 licensing documentation](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance):
-- [Microsoft Purview Data Lifecycle Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management)-- [Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-records-management)-
-Any additional licensing requirements will be included in the documentation instructions. For example, licensing specific to managing mailboxes might require licenses from Exchange Online.
+To understand your licensing requirements and options, see the information from the Microsoft 365 guidance for security & compliance, [Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management--microsoft-purview-records-management) section for feature-level licensing requirements.
compliance Office 365 Service Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/office-365-service-encryption.md
description: "Summary: Understand data resiliency in Microsoft Office 365."
In addition to using volume-level encryption, Exchange Online, Microsoft Teams, SharePoint Online, and OneDrive for Business also use Service Encryption to encrypt customer data. Service Encryption allows for two key management options: ## Microsoft-managed keys
-Microsoft manages all cryptographic keys including the root keys for service encryption. This option is currently enabled by default for Exchange Online, SharePoint Online, OneDrive for Business. Microsoft-managed keys provide default service encryption unless you decide to onboard using Customer Key. If, at a later date, you decide to stop using Customer Key without following the data purge path, then your data stays encrypted using the Microsoft-managed keys. Your data is always encrypted at this default level at a minimum.
+Microsoft manages all cryptographic keys including the root keys for service encryption. This option is currently enabled by default for Exchange Online, SharePoint Online, OneDrive for Business. Microsoft-managed keys provide default service encryption unless you decide to onboard using Customer Key. If, at a later date, you decide to stop using Customer Key without following the data purge path, then your data stays encrypted using the Microsoft-managed keys. Your data is always encrypted at this default level at a minimum.
## Customer Key You supply root keys used with service encryption and you manage these keys using Azure Key Vault. Microsoft manages all other keys. This option is called Customer Key, and it is currently available for Exchange Online, SharePoint Online, and OneDrive for Business. (Previously referred to as Advanced Encryption with BYOK. See [Enhancing transparency and control for Office 365 customers](https://www.microsoft.com/en-us/microsoft-365/blog/2015/04/21/enhancing-transparency-and-control-for-office-365-customers/) for the original announcement.)
compliance Records Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/records-management.md
Containers include SharePoint document libraries, OneDrive accounts, and Exchang
> > Because of the restrictions and irreversible actions, make sure you really do need to use regulatory records before you select this option for your retention labels. To help prevent accidental configuration, this option is not available by default but must first be enabled by using PowerShell. Instructions are included in [Declare records by using retention labels](declare-records.md).
+## Validating migrated records
+
+If you're migrating records to SharePoint or OneDrive, you might need to validate these records haven't been altered and retain their immutability status. For example, you're using a migration solution and need to meet the chain of custody requirements for your records. Typical file properties and methods often used for this type of validation, such as file size or file hash, might not be sufficient because SharePoint automatically updates the metadata for a file when it's uploaded.
+
+Instead, to validate your migrated records, you can use the value of the `vti_writevalidationtoken` property, which is a base64-encoded XOR hash of the file before it is modified by SharePoint. Use the following steps:
+
+1. Generate the XOR hash of the original file by using the QuickXorHash algorithm. For more information, see the [QuickXorHash Algorithm code snippet](/onedrive/developer/code-snippets/quickxorhash).
+
+2. Base64-encode the XOR hash. For more information, see the [Base64Encode method documentation](/windows/win32/seccrypto/utilities-base64encode).
+
+3. After the file is migrated, retrieve the value of the `vti_writevalidationtoken` property from the uploaded file.
+
+4. Compare the value generated in step 2 with the value retrieved in step 3. These two values should match. If they do, you've validated that the record hasn't changed.
++ ## Configuration guidance See [Get started with records management](get-started-with-records-management.md). This article has information about subscriptions, permissions, and links to end-to-end configuration guidance for records management scenarios.
compliance Retention Policies Sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-sharepoint.md
Only pages and sections are impacted by the retention settings that you specify.
Versioning is a feature of all document lists and libraries in SharePoint and OneDrive. By default, versioning retains a minimum of 500 major versions, although you can increase this limit. For more information, see [Enable and configure versioning for a list or library](https://support.office.com/article/1555d642-23ee-446a-990a-bcab618c7a37) and [How versioning works in lists and libraries](https://support.microsoft.com/office/how-versioning-works-in-lists-and-libraries-0f6cd105-974f-44a4-aadb-43ac5bdfd247).
-When a document with versions is subject to retention settings to retain that content, versions that get copied to the Preservation Hold library exist as a separate item. If the retention settings are configured to delete at the end of the retention period:
+When a document with versions is subject to retention settings to retain that content, how the versions are stored in the Preservation Hold library changed in July 2022 to improve performance. Now, all versions of the file are retained in a single file in the Preservation Hold library. Before the change, versions were copied to the Preservation Hold library as separate files, and after the change, remain as separate files.
+
+If the retention settings are configured to delete at the end of the retention period:
- If the retention period is based on when the content was created, each version has the same expiration date as the original document. The original document and its versions all expire at the same time. -- If the retention period is based on when the content was last modified, each version has its own expiration date based on when the original document was modified to create that version. The original document and its versions expire independently of each other.
+- If the retention period is based on when the content was last modified:
+ - **After the change where all versions of the file are retained in a single file in the Preservation Hold library**: Each version has the same expiration date as the last version of the document. The last version of the document and its versions all expire at the same time.
+ - **Before the change where versions were copied to the Preservation Hold library as separate files**: Each version has its own expiration date based on when the original document was modified to create that version. The original document and its versions expire independently of each other.
When the retention action is to delete the document, all versions not in the Preservation Hold library are deleted at the same time according to the current version.
compliance Retention Policies Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md
For other workloads, see:
## What's included for retention and deletion > [!NOTE]
-> Retention policies now support [shared channels](/MicrosoftTeams/shared-channels), currently in preview. Any shared channels inherit retention settings from the parent channel.
+> Retention policies support [shared channels](/MicrosoftTeams/shared-channels). Any shared channels inherit retention settings from the parent channel.
Teams chats messages, channel messages, and private channel messages can be deleted by using retention policies for Teams, and in addition to the text in the messages, the following items can be retained for compliance reasons: Embedded images, tables, hypertext links, links to other Teams messages and files, and [card content](/microsoftteams/platform/task-modules-and-cards/what-are-cards). Chat messages and private channel messages include all the names of the people in the conversation, and channel messages include the team name and the message title (if supplied).
compliance Retention Regulatory Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-regulatory-requirements.md
This report helps you understand how the system aspects of the New Zealand Publi
## SEC 17a-4(f), FINRA 4511(c), and CFTC 1.31(c)-(d)
-**Cohasset Assessment - Microsoft 365 - SEC Rule 17a-4(f) - Immutable Storage for SharePoint, OneDrive, Teams, Exchange, and Skype** - [Download assessment](https://servicetrust.microsoft.com/ViewPage/TrustDocuments?command=Download&downloadType=Document&downloadId=9fa8349d-a0c9-47d9-93ad-472aa0fa44ec&docTab=6d000410-c9e9-11e7-9a91-892aae8839ad_FAQ_and_White_Papers)
+**Cohasset Assessment - Microsoft 365 - SEC Rule 17a-4(f) - Immutable Storage for SharePoint, OneDrive, Exchange, Teams, and Yammer** - [Download assessment](https://servicetrust.microsoft.com/ViewPage/TrustDocuments?command=Download&downloadType=Document&downloadId=9fa8349d-a0c9-47d9-93ad-472aa0fa44ec&docTab=6d000410-c9e9-11e7-9a91-892aae8839ad_FAQ_and_White_Papers)
-Applicable workloads: SharePoint, OneDrive, Teams, Exchange, and Skype for Business
+Applicable workloads: SharePoint, OneDrive, Teams, Exchange, and Yammer
-Released November 2020, this report has been produced in partnership with Cohasset Associates, Inc. (Cohasset) to assess the capabilities of Microsoft 365 services for recording, storing, and managing requirements for electronic records, as specified by:
+Latest version released July 2022, this report has been produced in partnership with Cohasset Associates, Inc. (Cohasset) to assess the capabilities of Microsoft 365 services for recording, storing, and managing requirements for electronic records, as specified by:
- Securities and Exchange Commission (SEC) in 17 CFR § 240.17a-4(f), which regulates exchange members, brokers or dealers.
compliance Sensitive Information Type Entity Definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md
hideEdit: true feedback_system: None recommendations: false
-description: "There are many sensitive information types that are ready for you to use in your DLP policies. This article lists all of these sensitive information types and shows what a DLP policy looks for when it detects each type."
+description: "There are many sensitive information types that are ready for you to use in your DLP policies. This article is a list of all these sensitive information type entity definitions."
# Sensitive information type entity definitions
-This article lists all sensitive information type entity definitions. Each definition shows what a DLP policy looks for to detect each type. To learn more about sensitive information types, see [Sensitive information types](sensitive-information-type-learn-about.md)
+This article is a list of all sensitive information type (SIT) entity definitions. Each link takes you to the definition of that specific SIT and shows what a DLP policy looks for to detect each type. To learn more about sensitive information types, see [Sensitive information types](sensitive-information-type-learn-about.md)
> [!NOTE] > Mapping of confidence level (high/medium/low) with accuracy number (numeric value of 1 to 100)
This article lists all sensitive information type entity definitions. Each defin
> - Medium confidence: 75 > - High confidence: 85
-## ABA routing number
+- [ABA routing number](sit-defn-aba-routing.md)
+- [All full names](sit-defn-all-full-names.md)
+- [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md)
+- [All Physical Addresses](sit-defn-all-physical-addresses.md)
+- [Amazon S3 Client Secret Access Key (preview)](sit-defn-amazon-s3-client-secret-access-key.md)
+- [Argentina national identity (DNI) number](sit-defn-argentina-national-identity-numbers.md)
+- [Argentina Unique Tax Identification Key (CUIT/CUIL)](sit-defn-argentina-unique-tax-identification-key.md)
+- [ASP.NET machine Key (preview)](sit-defn-asp-net-machine-key.md)
+- [Australia bank account number](sit-defn-australia-bank-account-number.md)
+- [Australia business number](sit-defn-australia-business-number.md)
+- [Australia company number](sit-defn-australia-business-number.md)
+- [Australia drivers license number](sit-defn-australia-drivers-license-number.md)
+- [Australia medical account number](sit-defn-australia-medical-account-number.md)
+- [Australia passport number](sit-defn-australia-passport-number.md)
+- [Australia physical addresses](sit-defn-australia-physical-addresses.md)
+- [Australia tax file number](sit-defn-australia-tax-file-number.md)
+- [Austria drivers license number](sit-defn-austria-drivers-license-number.md)
+- [Austria identity card](sit-defn-austria-identity-card.md)
+- [Austria passport number](sit-defn-austria-passport-number.md)
+- [Austria physical addresses](sit-defn-austria-physical-addresses.md)
+- [Austria social security number](sit-defn-austria-social-security-number.md)
+- [Austria tax identification number](sit-defn-austria-tax-identification-number.md)
+- [Austria value added tax](sit-defn-austria-value-added-tax.md)
+- [Azure AD client access token (preview)](sit-defn-azure-ad-client-access-token.md)
+- [Azure AD client secret (preview)](sit-defn-azure-ad-client-secret.md)
+- [Azure AD User Credentials (preview)](sit-defn-azure-ad-user-credentials.md)
+- [Azure App Service deployment password (preview)](sit-defn-azure-app-service-deployment-password.md)
+- [Azure Batch shared access key (preview)](sit-defn-azure-batch-shared-access-key.md)
+- [Azure Bot Framework secret key (preview)](sit-defn-azure-bot-framework-secret-key.md)
+- [Azure Bot service app secret (preview)](sit-defn-azure-bot-service-app-secret.md)
+- [Azure Cognitive Search API key (preview)](sit-defn-azure-cognitive-search-api-key.md)
+- [Azure Cognitive Service key (preview)](sit-defn-azure-cognitive-service-key.md)
+- [Azure Container Registry access key (preview)](sit-defn-azure-container-registry-access-key.md)
+- [Azure COSMOS DB account access key (preview)](sit-defn-azure-cosmos-db-account-access-key.md)
+- [Azure Databricks personal access token (preview)](sit-defn-azure-databricks-personal-access-token.md)
+- [Azure DevOps app secret (preview)](sit-defn-azure-devops-app-secret.md)
+- [Azure DevOps personal access token (preview)](sit-defn-azure-devops-personal-access-token.md)
+- [Azure DocumentDB auth key](sit-defn-azure-document-db-auth-key.md)
+- [Azure EventGrid access key (preview)](sit-defn-azure-eventgrid-access-key.md)
+- [Azure Function Master / API key (preview)](sit-defn-azure-function-master-api-key.md)
+- [Azure IAAS database connection string and Azure SQL connection string](sit-defn-azure-iaas-database-connection-string-azure-sql-connection-string.md)
+- [Azure IoT connection string](sit-defn-azure-iot-connection-string.md)
+- [Azure IoT shared access key (preview)](sit-defn-azure-iot-shared-access-key.md)
+- [Azure Logic app shared access signature (preview)](sit-defn-azure-logic-app-shared-access-signature.md)
+- [Azure Machine Learning web service API key (preview)](sit-defn-azure-machine-learning-web-service-api-key.md)
+- [Azure Maps subscription key (preview)](sit-defn-azure-maps-subscription-key.md)
+- [Azure publish setting password](sit-defn-azure-publish-setting-password.md)
+- [Azure Redis cache connection string](sit-defn-azure-redis-cache-connection-string.md)
+- [Azure Redis cache connection string password (preview)](sit-defn-azure-redis-cache-connection-string-password.md)
+- [Azure SAS](sit-defn-azure-sas.md)
+- [Azure service bus connection string](sit-defn-azure-service-bus-connection-string.md)
+- [Azure service bus shared access signature (preview)](sit-defn-azure-service-bus-shared-access-signature.md)
+- [Azure Shared Access key / Web Hook token (preview)](sit-defn-azure-shared-access-key-web-hook-token.md)
+- [Azure SignalR access key (preview)](sit-defn-azure-signalr-access-key.md)
+- [Azure SQL connection string (preview)](sit-defn-azure-sql-connection-string.md)
+- [Azure storage account access key (preview)](sit-defn-azure-storage-account-access-key.md)
+- [Azure storage account key](sit-defn-azure-storage-account-key.md)
+- [Azure Storage account key (generic)](sit-defn-azure-storage-account-key-generic.md)
+- [Azure Storage account shared access signature (preview)](sit-defn-azure-storage-account-shared-access-signature.md)
+- [Azure Storage account shared access signature for high risk resources (preview)](sit-defn-azure-storage-account-shared-access-signature-high-risk-resources.md)
+- [Azure subscription management certificate (preview)](sit-defn-azure-subscription-management-certificate.md)
+- [Belgium driver's license number](sit-defn-belgium-drivers-license-number.md)
+- [Belgium national number](sit-defn-belgium-national-number.md)
+- [Belgium passport number](sit-defn-belgium-passport-number.md)
+- [Belgium physical addresses](sit-defn-belgium-physical-addresses.md)
+- [Belgium value added tax number](sit-defn-belgium-value-added-tax-number.md)
+- [Blood test terms](sit-defn-blood-test-terms.md)
+- [Brand medication names](sit-defn-brand-medication-names.md)
+- [Brazil CPF number](sit-defn-brazil-cpf-number.md)
+- [Brazil legal entity number (CNPJ)](sit-defn-brazil-legal-entity-number.md)
+- [Brazil national identification card (RG)](sit-defn-brazil-national-identification-card.md)
+- [Brazil physical addresses](sit-defn-brazil-physical-addresses.md)
+- [Bulgaria driver's license number](sit-defn-bulgaria-drivers-license-number.md)
+- [Bulgaria passport number](sit-defn-bulgaria-passport-number.md)
+- [Bulgaria physical addresses](sit-defn-bulgaria-physical-addresses.md)
+- [Bulgaria uniform civil number](sit-defn-bulgaria-uniform-civil-number.md)
+- [Canada bank account number](sit-defn-canada-bank-account-number.md)
+- [Canada driver's license number](sit-defn-canada-drivers-license-number.md)
+- [Canada health service number](sit-defn-canada-health-service-number.md)
+- [Canada passport number](sit-defn-canada-passport-number.md)
+- [Canada personal health identification number (PHIN)](sit-defn-canada-personal-health-identification-number.md)
+- [Canada physical addresses](sit-defn-canada-physical-addresses.md)
+- [Canada social insurance number](sit-defn-canada-social-insurance-number.md)
+- [Chile identity card number](sit-defn-chile-identity-card-number.md)
+- [China resident identity card (PRC) number](sit-defn-china-resident-identity-card-number.md)
+- [Client secret / API key (preview)](sit-defn-client-secret-api-key.md)
+- [Credentials in URL](sit-defn-credentials-in-url.md)
+- [Credit card number](sit-defn-credit-card-number.md)
+- [Croatia driver's license number](sit-defn-croatia-drivers-license-number.md)
+- [Croatia identity card number](sit-defn-croatia-identity-card-number.md)
+- [Croatia passport number](sit-defn-croatia-passport-number.md)
+- [Croatia personal identification (OIB) number](sit-defn-croatia-personal-identification-number.md)
+- [Croatia physical addresses](sit-defn-croatia-physical-addresses.md)
+- [Cyprus drivers license number](sit-defn-cyprus-drivers-license-number.md)
+- [Cyprus identity card](sit-defn-cyprus-identity-card.md)
+- [Cyprus passport number](sit-defn-cyprus-passport-number.md)
+- [Cyprus physical addresses](sit-defn-cyprus-physical-addresses.md)
+- [Cyprus tax identification number](sit-defn-cyprus-tax-identification-number.md)
+- [Czech driver's license number](sit-defn-czech-drivers-license-number.md)
+- [Czech passport number](sit-defn-czech-passport-number.md)
+- [Czech personal identity number](sit-defn-czech-personal-identity-number.md)
+- [Czech Republic physical addresses](sit-defn-czech-republic-physical-addresses.md)
+- [Denmark driver's license number](sit-defn-denmark-drivers-license-number.md)
+- [Denmark passport number](sit-defn-denmark-passport-number.md)
+- [Denmark personal identification number](sit-defn-denmark-personal-identification-number.md)
+- [Denmark physical addresses](sit-defn-denmark-physical-addresses.md)
+- [Diseases](sit-defn-diseases.md)
+- [Drug Enforcement Agency (DEA) number](sit-defn-drug-enforcement-agency-number.md)
+- [Estonia driver's license number](sit-defn-estonia-drivers-license-number.md)
+- [Estonia passport number](sit-defn-estonia-passport-number.md)
+- [Estonia Personal Identification Code](sit-defn-estonia-personal-identification-code.md)
+- [Estonia physical addresses](sit-defn-estonia-physical-addresses.md)
+- [EU debit card number](sit-defn-eu-debit-card-number.md)
+- [EU driver's license number](sit-defn-eu-drivers-license-number.md)
+- [EU national identification number](sit-defn-eu-national-identification-number.md)
+- [EU passport number](sit-defn-eu-passport-number.md)
+- [EU social security number or equivalent identification](sit-defn-eu-social-security-number-equivalent-identification.md)
+- [EU Tax identification number](sit-defn-eu-tax-identification-number.md)
+- [Finland driver's license number](sit-defn-finland-drivers-license-number.md)
+- [Finland european health insurance number](sit-defn-finland-european-health-insurance-number.md)
+- [Finland national ID](sit-defn-finland-national-id.md)
+- [Finland passport number](sit-defn-finland-passport-number.md)
+- [Finland physical addresses](sit-defn-finland-physical-addresses.md)
+- [France driver's license number](sit-defn-france-drivers-license-number.md)
+- [France health insurance number](sit-defn-france-health-insurance-number.md)
+- [France national id card (CNI)](sit-defn-france-national-id-card.md)
+- [France passport number](sit-defn-france-passport-number.md)
+- [France physical addresses](sit-defn-france-physical-addresses.md)
+- [France social security number (INSEE)](sit-defn-france-social-security-number.md)
+- [France tax identification number](sit-defn-france-tax-identification-number.md)
+- [France value added tax number](sit-defn-france-value-added-tax-number.md)
+- [General password (preview)](sit-defn-general-password.md)
+- [General Symmetric key (preview)](sit-defn-general-symmetric-key.md)
+- [Generic medication names](sit-defn-generic-medication-names.md)
+- [Germany driver's license number](sit-defn-germany-drivers-license-number.md)
+- [Germany identity card number](sit-defn-germany-identity-card-number.md)
+- [Germany passport number](sit-defn-germany-passport-number.md)
+- [Germany physical addresses](sit-defn-germany-physical-addresses.md)
+- [Germany tax identification number](sit-defn-germany-tax-identification-number.md)
+- [Germany value added tax number](sit-defn-germany-value-added-tax-number.md)
+- [GitHub Personal Access Token (preview)](sit-defn-github-personal-access-token.md)
+- [Google API key (preview)](sit-defn-google-api-key.md)
+- [Greece driver's license number](sit-defn-greece-drivers-license-number.md)
+- [Greece national ID card](sit-defn-greece-national-id-card.md)
+- [Greece passport number](sit-defn-greece-passport-number.md)
+- [Greece physical addresses](sit-defn-greece-physical-addresses.md)
+- [Greece Social Security Number (AMKA)](sit-defn-greece-social-security-number.md)
+- [Greece tax identification number](sit-defn-greece-tax-identification-number.md)
+- [Hong Kong identity card (HKID) number](sit-defn-hong-kong-identity-card-number.md)
+- [Http authorization header (preview)](sit-defn-http-authorization-header.md)
+- [Hungary driver's license number](sit-defn-hungary-drivers-license-number.md)
+- [Hungary passport number](sit-defn-hungary-passport-number.md)
+- [Hungary personal identification number](sit-defn-hungary-personal-identification-number.md)
+- [Hungary physical addresses](sit-defn-hungary-physical-addresses.md)
+- [Hungary social security number (TAJ)](sit-defn-hungary-social-security-number.md)
+- [Hungary tax identification number](sit-defn-hungary-tax-identification-number.md)
+- [Hungary value added tax number](sit-defn-hungary-value-added-tax-number.md)
+- [Iceland physical addresses](sit-defn-iceland-physical-addresses.md)
+- [Impairments Listed In The U.S. Disability Evaluation Under Social Security](sit-defn-impairments-us-disability-evaluation-under-social-security.md)
+- [India Driver's License Number](sit-defn-india-drivers-license-number.md)
+- [India GST Number](sit-defn-india-gst-number.md)
+- [India permanent account number (PAN)](sit-defn-india-permanent-account-number.md)
+- [India unique identification (Aadhaar) number](sit-defn-india-unique-identification-number.md)
+- [India Voter Id Card](sit-defn-india-voter-id-card.md)
+- [Indonesia identity card (KTP) number](sit-defn-indonesia-identity-card-number.md)
+- [International banking account number (IBAN)](sit-defn-international-banking-account-number.md)
+- [International classification of diseases (ICD-10-CM)](sit-defn-international-classification-of-diseases-icd-10-cm.md)
+- [International classification of diseases (ICD-9-CM)](sit-defn-international-classification-of-diseases-icd-9-cm.md)
+- [IP address](sit-defn-ip-address.md)
+- [IP Address v4](sit-defn-ip-address-v4.md)
+- [IP Address v6](sit-defn-ip-address-v6.md)
+- [Ireland driver's license number](sit-defn-ireland-drivers-license-number.md)
+- [Ireland passport number](sit-defn-ireland-passport-number.md)
+- [Ireland personal public service (PPS) number](sit-defn-ireland-personal-public-service-number.md)
+- [Ireland physical addresses](sit-defn-ireland-physical-addresses.md)
+- [Israel bank account number](sit-defn-israel-bank-account-number.md)
+- [Israel national identification number](sit-defn-israel-national-identification-number.md)
+- [Italy driver's license number](sit-defn-italy-drivers-license-number.md)
+- [Italy fiscal code](sit-defn-italy-fiscal-code.md)
+- [Italy passport number](sit-defn-italy-passport-number.md)
+- [Italy physical addresses](sit-defn-italy-physical-addresses.md)
+- [Italy value added tax number](sit-defn-italy-value-added-tax-number.md)
+- [Japan bank account number](sit-defn-japan-bank-account-number.md)
+- [Japan driver's license number](sit-defn-japan-drivers-license-number.md)
+- [Japan My Number - Corporate](sit-defn-japan-my-number-corporate.md)
+- [Japan My Number - Personal](sit-defn-japan-my-number-personal.md)
+- [Japan passport number](sit-defn-japan-passport-number.md)
+- [Japan residence card number](sit-defn-japan-residence-card-number.md)
+- [Japan resident registration number](sit-defn-japan-resident-registration-number.md)
+- [Japan social insurance number (SIN)](sit-defn-japan-social-insurance-number.md)
+- [Lab test terms](sit-defn-lab-test-terms.md)
+- [Latvia driver's license number](sit-defn-latvia-drivers-license-number.md)
+- [Latvia passport number](sit-defn-latvia-passport-number.md)
+- [Latvia personal code](sit-defn-latvia-personal-code.md)
+- [Latvia physical addresses](sit-defn-latvia-physical-addresses.md)
+- [Liechtenstein physical addresses](sit-defn-liechtenstein-physical-addresses.md)
+- [Lifestyles that relate to medical conditions](sit-defn-lifestyles-relate-to-medical-conditions.md)
+- [Lithuania driver's license number](sit-defn-lithuania-drivers-license-number.md)
+- [Lithuania passport number](sit-defn-lithuania-passport-number.md)
+- [Lithuania personal code](sit-defn-lithuania-personal-code.md)
+- [Lithuania physical addresses](sit-defn-lithuania-physical-addresses.md)
+- [Luxemburg driver's license number](sit-defn-luxemburg-drivers-license-number.md)
+- [Luxemburg national identification number (natural persons)](sit-defn-luxemburg-national-identification-number-natural-persons.md)
+- [Luxemburg national identification number (non-natural persons)](sit-defn-luxemburg-national-identification-number-non-natural-persons.md)
+- [Luxemburg passport number](sit-defn-luxemburg-passport-number.md)
+- [Luxemburg physical addresses](sit-defn-luxemburg-physical-addresses.md)
+- [Malaysia identification card number](sit-defn-malaysia-identification-card-number.md)
+- [Malta driver's license number](sit-defn-malta-drivers-license-number.md)
+- [Malta identity card number](sit-defn-malta-identity-card-number.md)
+- [Malta passport number](sit-defn-malta-passport-number.md)
+- [Malta physical addresses](sit-defn-malta-physical-addresses.md)
+- [Malta tax identification number](sit-defn-malta-tax-identification-number.md)
+- [Medical specialities](sit-defn-medical-specialities.md)
+- [Medicare Beneficiary Identifier (MBI) card](sit-defn-medicare-beneficiary-Identifier-card.md)
+- [Mexico Unique Population Registry Code (CURP)](sit-defn-mexico-unique-population-registry-code.md)
+- [Microsoft Bing maps key (preview)](sit-defn-microsoft-bing-maps-key.md)
+- [Netherlands citizen's service (BSN) number](sit-defn-netherlands-citizens-service-number.md)
+- [Netherlands driver's license number](sit-defn-netherlands-drivers-license-number.md)
+- [Netherlands passport number](sit-defn-netherlands-passport-number.md)
+- [Netherlands physical addresses](sit-defn-netherlands-physical-addresses.md)
+- [Netherlands tax identification number](sit-defn-netherlands-tax-identification-number.md)
+- [Netherlands value added tax number](sit-defn-netherlands-value-added-tax-number.md)
+- [New Zealand bank account number](sit-defn-new-zealand-bank-account-number.md)
+- [New Zealand driver's license number](sit-defn-new-zealand-drivers-license-number.md)
+- [New Zealand inland revenue number](sit-defn-new-zealand-inland-revenue-number.md)
+- [New Zealand ministry of health number](sit-defn-new-zealand-ministry-of-health-number.md)
+- [New Zealand physical addresses](sit-defn-new-zealand-physical-addresses.md)
+- [New Zealand social welfare number](sit-defn-new-zealand-social-welfare-number.md)
+- [Norway identification number](sit-defn-norway-identification-number.md)
+- [Norway physical addresses](sit-defn-norway-physical-addresses.md)
+- [Philippines unified multi-purpose identification number](sit-defn-philippines-unified-multi-purpose-identification-number.md)
+- [Poland driver's license number](sit-defn-poland-drivers-license-number.md)
+- [Poland identity card](sit-defn-poland-identity-card.md)
+- [Poland national ID (PESEL)](sit-defn-poland-national-id.md)
+- [Poland passport number](sit-defn-poland-passport-number.md)
+- [Poland physical addresses](sit-defn-poland-physical-addresses.md)
+- [Poland REGON number](sit-defn-poland-regon-number.md)
+- [Poland tax identification number](sit-defn-poland-tax-identification-number.md)
+- [Portugal citizen card number](sit-defn-portugal-citizen-card-number.md)
+- [Portugal driver's license number](sit-defn-portugal-drivers-license-number.md)
+- [Portugal passport number](sit-defn-portugal-passport-number.md)
+- [Portugal physical addresses](sit-defn-portugal-physical-addresses.md)
+- [Portugal tax identification number](sit-defn-portugal-tax-identification-number.md)
+- [Romania driver's license number](sit-defn-romania-drivers-license-number.md)
+- [Romania passport number](sit-defn-romania-passport-number.md)
+- [Romania personal numeric code (CNP)](sit-defn-romania-personal-numeric-code.md)
+- [Romania physical addresses](sit-defn-romania-physical-addresses.md)
+- [Russia passport number domestic](sit-defn-russia-passport-number-domestic.md)
+- [Russia passport number international](sit-defn-russia-passport-number-international.md)
+- [Saudi Arabia National ID](sit-defn-saudi-arabia-national-id.md)
+- [Singapore national registration identity card (NRIC) number](sit-defn-singapore-national-registration-identity-card-number.md)
+- [Slack access token (preview)](sit-defn-slack-access-token.md)
+- [Slovakia driver's license number](sit-defn-slovakia-drivers-license-number.md)
+- [Slovakia passport number](sit-defn-slovakia-passport-number.md)
+- [Slovakia personal number](sit-defn-slovakia-personal-number.md)
+- [Slovakia physical addresses](sit-defn-slovakia-physical-addresses.md)
+- [Slovenia driver's license number](sit-defn-slovenia-drivers-license-number.md)
+- [Slovenia passport number](sit-defn-slovenia-passport-number.md)
+- [Slovenia physical addresses](sit-defn-slovenia-physical-addresses.md)
+- [Slovenia tax identification number](sit-defn-slovenia-tax-identification-number.md)
+- [Slovenia Unique Master Citizen Number](sit-defn-slovenia-unique-master-citizen-number.md)
+- [South Africa identification number](sit-defn-south-africa-identification-number.md)
+- [South Korea resident registration number](sit-defn-south-korea-resident-registration-number.md)
+- [Spain DNI](sit-defn-spain-dni.md)
+- [Spain driver's license number](sit-defn-spain-drivers-license-number.md)
+- [Spain passport number](sit-defn-spain-passport-number.md)
+- [Spain physical addresses](sit-defn-spain-physical-addresses.md)
+- [Spain social security number (SSN)](sit-defn-spain-social-security-number.md)
+- [Spain tax identification number](sit-defn-spain-tax-identification-number.md)
+- [SQL Server connection string](sit-defn-sql-server-connection-string.md)
+- [Surgical procedures](sit-defn-surgical-procedures.md)
+- [Sweden driver's license number](sit-defn-sweden-drivers-license-number.md)
+- [Sweden national ID](sit-defn-sweden-national-id.md)
+- [Sweden passport number](sit-defn-sweden-passport-number.md)
+- [Sweden physical addresses](sit-defn-sweden-physical-addresses.md)
+- [Sweden tax identification number](sit-defn-sweden-tax-identification-number.md)
+- [SWIFT code](sit-defn-swift-code.md)
+- [Switzerland physical addresses](sit-defn-switzerland-physical-addresses.md)
+- [Switzerland SSN AHV number](sit-defn-switzerland-ssn-ahv-number.md)
+- [Taiwan national identification number](sit-defn-taiwan-national-identification-number.md)
+- [Taiwan passport number](sit-defn-taiwan-passport-number.md)
+- [Taiwan-resident certificate (ARC/TARC) number](sit-defn-taiwan-resident-certificate-number.md)
+- [Thai population identification code](sit-defn-thai-population-identification-code.md)
+- [Turkey national identification number](sit-defn-turkey-national-identification-number.md)
+- [Turkey physical addresses](sit-defn-turkey-physical-addresses.md)
+- [Types of medication](sit-defn-types-of-medication.md)
+- [U.K. driver's license number](sit-defn-uk-drivers-license-number.md)
+- [U.K. electoral roll number](sit-defn-uk-electoral-roll-number.md)
+- [U.K. national health service number](sit-defn-uk-national-health-service-number.md)
+- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md)
+- [U.K. physical addresses](sit-defn-uk-physical-addresses.md)
+- [U.K. Unique Taxpayer Reference Number](sit-defn-uk-unique-taxpayer-reference-number.md)
+- [U.S. bank account number](sit-defn-us-bank-account-number.md)
+- [U.S. driver's license number](sit-defn-us-drivers-license-number.md)
+- [U.S. individual taxpayer identification number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md)
+- [U.S. physical addresses](sit-defn-us-physical-addresses.md)
+- [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)
+- [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)
+- [Ukraine passport domestic](sit-defn-ukraine-passport-domestic.md)
+- [Ukraine passport international](sit-defn-ukraine-passport-international.md)
+- [User login credentials (preview)](sit-defn-user-login-credentials.md)
+- [X.509 certificate private key (preview)](sit-defn-x-509-certificate-private-key.md)
-### Format
-
-nine digits that may be in a formatted or unformatted pattern
-
-### Pattern
--- two digits in the ranges 00-12, 21-32, 61-72, or 80-- two digits-- an optional hyphen-- four digits-- an optional hyphen-- a digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_aba_routing finds content that matches the pattern.-- A keyword from Keyword_ABA_Routing is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_aba_routing finds content that matches the pattern.-
-```xml
- <!-- ABA Routing Number -->
- <Entity id="cb353f78-2b72-4c3c-8827-92ebe4f69fdf" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_aba_routing" />
- <Match idRef="Keyword_ABA_Routing" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_aba_routing" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_aba_routing
--- aba number-- aba#-- aba-- abarouting#-- abaroutingnumber-- americanbankassociationrouting#-- americanbankassociationroutingnumber-- bankrouting#-- bankroutingnumber-- routing #-- routing no-- routing number-- routing transit number-- routing#-- RTN-
-## All full names
-
-All full names is a bundled named entity. It detects full names for people from all supported countries/regions, which include Australia, China, Japan, U.S., and countries in the EU. Use this SIT to detect all possible matches of full names.
-
-### Format
-
-Various.
-
-### Pattern
-
-Various.
-
-### Checksum
-
-No.
-
-### Description
-
-This named entity SIT matches personal names that a human would identify as a name with high confidence. For example, if a string is found consisting of a given name and is followed by a family name then a match is made with high confidence. It uses three primary resources:
--- A dictionary of given names.-- A dictionary of family names.-- Patterns of how names are formed.-
-The three resources are different for each country. The strings *Olivia Wilson* would trigger a match. Common given/family names are given a higher confidence than rarer names. However, the pattern also allows partial matches. If a given name from the dictionary is found and it's followed by a family name that isn't in the dictionary, then a partial match is triggered. For example, *Tomas Richard* would trigger a partial match. Partial matches are given lower confidence.
-
-In addition, patterns that a human would see as indicative of names are also matched with appropriate confidence. Like *O. Wilson*, *O.P. Wilson*, *Dr. O. P. Wilson*, *Wilson, O.P.* or *T. Richard, Jr.* would be matches.
-
-### Supported languages
--- English-- Bulgarian-- Croatian-- Czech-- Danish-- Estonian-- Finnish-- French-- German-- Hungarian-- Icelandic-- Irish-- Italian-- Japanese-- Latvian-- Lithuanian-- Maltese-- Dutch-- Norwegian-- Polish-- Portuguese-- Romanian-- Slovak-- Slovenian-- Spanish-- Swedish-- Turkish-
-## All medical terms and conditions
-
-All medical terms and conditions is a bundled named entity that detects medical terms and medical conditions. It detects English terms only. Use this SIT to detect all possible matches of medical terms and conditions.
-
-### Format
-
-Dictionary
-
-### Pattern
-
-Dictionary
-
-### Checksum
-
-No
-
-### Description
-
-This bundled named entity matches text that mentions medical conditions that are present in curated dictionaries. There's one curated dictionary per supported language. The dictionaries are from many international medical resources. The dictionaries include as many medical conditions as possible without risking a large number of false positives. Each entry contains the different forms that a single condition is commonly written in to ensure coverage, for example:
--- *TB*-- *tuberculosis*-- *phthisis pulmonalis*-
-### Contains
-
-This bundled named entity SIT contains these individual SITs.
--- Blood test terms-- Types of medication-- Diseases-- Generic medication names-- Impairments listed in the U.S. Disability Evaluation Under Social Security-- Lab test terms-- Lifestyles that relate to medical conditions-- Medical specialties-- Surgical procedures-- Brand medication names-
-## All Physical Addresses
-
-All physical addresses is a bundled entity SIT, which detects patterns related to physical addresses from all supported countries/regions.
-
-### Format
-
-Various
-
-### Pattern
-
-Various
-
-### Checksum
-
-No
-
-### Description
-
-The matching of street addresses is designed to match strings that a human would identify as a street address. To do this, it uses several primary resources:
--- A dictionary of settlements, counties and regions.-- A dictionary of street suffixes, like Road, Street, or Avenue.-- Patterns of postal codes.-- Patterns of address formats.-
-The resources are different for each country. The primary resources are the patterns of address formats that are used in a given country. Different formats are chosen to make sure that as many addresses as possible are matched. These formats allow flexibility, for example, an address may omit the postal code or omit a town name or have a street with no street suffix. In all cases, such matches are used to increase the confidence of the match.
-
-The patterns are designed to match individual single addresses, not generic locations. So strings such as *Redmond, WA 98052* or *Main Street, Albuquerque* won't be matched.
-
-### Contains
-
-This bundled named entity SIT contains these individual SITs:
--- Australia physical addresses-- Austria physical addresses-- Belgium physical addresses-- Brazil physical addresses-- Bulgaria physical addresses-- Canada physical addresses-- Croatia physical addresses-- Cyprus physical addresses-- Czech Republic physical addresses-- Denmark physical addresses-- Estonia physical addresses-- Finland physical addresses-- France physical addresses-- Germany physical addresses-- Greece physical addresses-- Hungary physical addresses-- Iceland physical addresses-- Ireland physical addresses-- Italy physical addresses-- Latvia physical addresses-- Liechtenstein physical addresses-- Lithuania physical addresses-- Luxembourg physical addresses-- Malta physical addresses-- Netherlands physical addresses-- New Zealand physical addresses-- Norway physical addresses-- Poland physical addresses-- Portugal physical addresses-- Romania physical addresses-- Slovakia physical addresses-- Slovenia physical addresses-- Spain physical addresses-- Sweden physical addresses-- Switzerland physical addresses-- Turkey physical addresses-- United Kingdom physical addresses-- United States physical addresses-
-### Supported languages
--- English-- Bulgarian-- Chinese-- Croatian-- Czech-- Danish-- Estonian-- Finnish-- French-- German-- Hungarian-- Icelandic-- Irish-- Italian-- Japanese-- Latvian-- Lithuanian-- Maltese-- Dutch-- Norwegian-- Polish-- Portuguese-- Romanian-- Slovak-- Slovenian-- Spanish-- Swedish-- Turkish-
-## Argentina national identity (DNI) number
-
-### Format
-
-Eight digits with or without periods
-
-### Pattern
-
-Eight digits:
--- two digits-- an optional period-- three digits-- an optional period-- three digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_argentina_national_id finds content that matches the pattern.-- A keyword from Keyword_argentina_national_id is found.-
-```xml
-<!-- Argentina National Identity (DNI) Number -->
-<Entity id="eefbb00e-8282-433c-8620-8f1da3bffdb2" recommendedConfidence="75" patternsProximity="300">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_argentina_national_id"/>
- <Match idRef="Keyword_argentina_national_id"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_argentina_national_id
--- Argentina National Identity number-- cedula-- cédula-- dni-- documento nacional de identidad-- documento número-- documento numero-- registro nacional de las personas-- rnp-
-## Argentina Unique Tax Identification Key (CUIT/CUIL)
-
-### Format
-
-11 digits with dash
-
-### Pattern
-
-11 digits with a dash:
--- two digits in 20, 23, 24, 27, 30, 33 or 34-- a hyphen (-)-- eight digits-- a hyphen (-)-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_Argentina_Unique_Tax_Key` finds content that matches the pattern.-- A keyword from `Keyword_Argentina_Unique_Tax_Key` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_Argentina_Unique_Tax_Key` finds content that matches the pattern.-
-```xml
- <!-- Argentina Unique Tax Identification Key (CUIT/CUIL) -->
- <Entity id="98da3da1-9199-4571-b7c4-b6522980b507" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_Argentina_Unique_Tax_Key" />
- <Match idRef="Keyword_Argentina_Unique_Tax_Key" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_Argentina_Unique_Tax_Key" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_Argentina_Unique_Tax_Key
--- Clave Unica de Identificacion Tributaria-- CUIT-- unique code of labour identification-- Clave Única de Identificación Tributaria-- unique labour identification code-- CUIL-- Unique Tax Identification Key-- Unique Labour Identification Key-- Unique Key of Labour Identification-- Unique Work Identification Code-- Unique Code of Work Identification-- Unique Work Identification Key-- Unique Key of Work Identification-- Unique Code of Tax Identification-- Unique Key of Tax Identification-- Unique Labor Identification Code-- Unique Code of Labor Identification-- Unique Labor Identification Key-- Unique Key of Labor Identification-- tax ID-- taxID#-- taxId-- taxidnumber-- tax number-- tax no-- tax #-- tax#-- taxpayer ID-- taxpayer number-- taxpayer no-- taxpayer #-- taxpayer#-- tax identity-- tax identification-- Número de Identificación Fiscal-- número de contribuyente-
-## Australia bank account number
-
-### Format
-
-six to 10 digits with or without a bank state branch number
-
-### Pattern
-
-Account number is 6 to 10 digits.
-
-Australia bank state branch number:
--- three digits-- a hyphen-- three digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_australia_bank_account_number finds content that matches the pattern.-- A keyword from Keyword_australia_bank_account_number is found.-- The regular expression Regex_australia_bank_account_number_bsb finds content that matches the pattern.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_australia_bank_account_number finds content that matches the pattern.--- A keyword from Keyword_australia_bank_account_number is found.-
-```xml
-<!-- Australia Bank Account Number -->
-<Entity id="74a54de9-2a30-4aa0-a8aa-3d9327fc07c7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_australia_bank_account_number" />
- <Match idRef="Keyword_australia_bank_account_number" />
- <Match idRef="Regex_australia_bank_account_number_bsb" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_australia_bank_account_number" />
- <Match idRef="Keyword_australia_bank_account_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_australia_bank_account_number
--- swift bank code-- correspondent bank-- base currency-- usa account-- holder address-- bank address-- information account-- fund transfers-- bank charges-- bank details-- banking information-- full names-- iaea-
-## Australia business number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits with optional delimiters
-
-### Pattern
-
-11 digits with optional delimiters:
--- two digits-- an optional hyphen or space-- three digits-- an optional hyphen or space-- three digits-- an optional hyphen or space-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_australian_business_number finds content that matches the pattern.-- A keyword from Keywords_australian_business_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_australian_business_number finds content that matches the pattern.-
-```xml
- <!-- Australia Business Number -->
- <Entity id="76e83b3b-01ee-4530-aced-e667a6609f49" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_australian_business_number" />
- <Match idRef="Keywords_australian_business_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_australian_business_number" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_australia_business_number
--- australia business no-- business number-- abn#-- businessid#-- business id-- abn-- businessno#-
-## Australia company number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-nine digits with delimiters
-
-### Pattern
-
-nine digits with delimiters:
--- three digits-- a space-- three digits-- a space-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Australian_Company_Number finds content that matches the pattern.-- A keyword from Keyword_Australian_Company_Number is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Australian_Company_Number finds content that matches the pattern.-
-```xml
- <!-- Australia Company Number -->
- <Entity id="b1fba4f7-7b3e-4bb9-8f9a-9366df604dbb" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_Australian_Company_Number" />
- <Match idRef="Keyword_Australian_Company_Number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_Australian_Company_Number" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_australia_company_number
--- acn-- australia company no-- australia company no#-- australia company number-- australian company no-- australian company no#-- australian company number-
-## Australia driver's license number
-
-### Format
-
-nine letters and digits
-
-### Pattern
-
-nine letters and digits:
--- two digits or letters (not case-sensitive)-- two digits-- five digits or letters (not case-sensitive)-
-OR
--- one to two optional letters (not case-sensitive)-- four to nine digits-
-OR
--- nine digits or letters (not case-sensitive)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_australia_drivers_license_number finds content that matches the pattern.-- A keyword from Keyword_australia_drivers_license_number is found.-- No keyword from Keyword_australia_drivers_license_number_exclusions is found.-
-```xml
-<!-- Australia Drivers License Number -->
-<Entity id="1cbbc8f5-9216-4392-9eb5-5ac2298d1356" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_australia_drivers_license_number" />
- <Match idRef="Keyword_australia_drivers_license_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keyword_australia_drivers_license_number_exclusions" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_australia_drivers_license_number
--- international driving permits-- australian automobile association-- international driving permit-- DriverLicence-- DriverLicences-- Driver Lic-- Driver Licence-- Driver Licences-- DriversLic-- DriversLicence-- DriversLicences-- Drivers Lic-- Drivers Lics-- Drivers Licence-- Drivers Licences-- Driver'Lic-- Driver'Lics-- Driver'Licence-- Driver'Licences-- Driver' Lic-- Driver' Lics-- Driver' Licence-- Driver' Licences-- Driver'sLic-- Driver'sLics-- Driver'sLicence-- Driver'sLicences-- Driver's Lic-- Driver's Lics-- Driver's Licence-- Driver's Licences-- DriverLic#-- DriverLics#-- DriverLicence#-- DriverLicences#-- Driver Lic#-- Driver Lics#-- Driver Licence#-- Driver Licences#-- DriversLic#-- DriversLics#-- DriversLicence#-- DriversLicences#-- Drivers Lic#-- Drivers Lics#-- Drivers Licence#-- Drivers Licences#-- Driver'Lic#-- Driver'Lics#-- Driver'Licence#-- Driver'Licences#-- Driver' Lic#-- Driver' Lics#-- Driver' Licence#-- Driver' Licences#-- Driver'sLic#-- Driver'sLics#-- Driver'sLicence#-- Driver'sLicences#-- Driver's Lic#-- Driver's Lics#-- Driver's Licence#-- Driver's Licences#-
-#### Keyword_australia_drivers_license_number_exclusions
--- aaa-- DriverLicense-- DriverLicenses-- Driver License-- Driver Licenses-- DriversLicense-- DriversLicenses-- Drivers License-- Drivers Licenses-- Driver'License-- Driver'Licenses-- Driver' License-- Driver' Licenses-- Driver'sLicense-- Driver'sLicenses-- Driver's License-- Driver's Licenses-- DriverLicense#-- DriverLicenses#-- Driver License#-- Driver Licenses#-- DriversLicense#-- DriversLicenses#-- Drivers License#-- Drivers Licenses#-- Driver'License#-- Driver'Licenses#-- Driver' License#-- Driver' Licenses#-- Driver'sLicense#-- Driver'sLicenses#-- Driver's License#-- Driver's Licenses#-
-## Australia medical account number
-
-### Format
-
-10-11 digits
-
-### Pattern
-
-10-11 digits:
--- First digit is in the range 2-6-- Ninth digit is a check digit-- Tenth digit is the issue digit-- 11th digit (optional) is the individual number-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_australian_medical_account_number finds content that matches the pattern.-- A keyword from Keyword_Australia_Medical_Account_Number is found.-- The checksum passes.-
-```xml
- <!-- Australia Medical Account Number -->
-<Entity id="104a99a0-3d3b-4542-a40d-ab0b9e1efe63" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_australian_medical_account_number"/>
- <Match idRef="Keyword_Australia_Medical_Account_Number"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_Australia_Medical_Account_Number
--- bank account details-- medicare payments-- mortgage account-- bank payments-- information branch-- credit card loan-- department of human services-- local service-- medicare-
-## Australia passport number
-
-### Format
-
-eight or nine alphanumeric characters
-
-### Pattern
--- one letter (N, E, D, F, A, C, U, X) followed by seven digits
-or
-- Two letters (PA, PB, PC, PD, PE, PF, PU, PW, PX, PZ) followed by seven digits.-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_australia_passport_number` finds content that matches the pattern.-- A keyword from `Keyword_australia_passport_number` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_australia_passport_number` finds content that matches the pattern.-
-```xml
- <!-- Australia Passport Number -->
- <Entity id="29869db6-602d-4853-ab93-3484f905df50" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_australia_passport_number" />
- <Match idRef="Keyword_australia_passport_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_australia_passport_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_australia_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-- passport details-- immigration and citizenship-- commonwealth of australia-- department of immigration-- national identity card-- travel document-- issuing authority-
-## Australia physical addresses
-
-Unbundled named entity, detects patterns related to physical address from Australia. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-medium
-
-## Australia tax file number
-
-### Format
-
-eight to nine digits
-
-### Pattern
-
-eight to nine digits typically presented with spaces as follows:
--- three digits-- an optional space-- three digits-- an optional space-- two to three digits where the last digit is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_australian_tax_file_number finds content that matches the pattern.-- No keyword from Keyword_Australia_Tax_File_Number or Keyword_number_exclusions is found.-- The checksum passes.-
-```xml
- <!-- Australia Tax File Number -->
- <Entity id="e29bc95f-ff70-4a37-aa01-04d17360a4c5" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_australian_tax_file_number" />
- <Match idRef="Keyword_Australia_Tax_File_Number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_australia_tax_file_number
--- australian business number-- marginal tax rate-- medicare levy-- portfolio number-- service veterans-- withholding tax-- individual tax return-- tax file number-- tfn-
-## Austria driver's license number
-
-### Format
-
-eight digits without spaces and delimiters
-
-### Pattern
-
-eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_austria_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_austria_eu_driver's_license_number` is found.-
-```xml
- <!-- Austria Driver's License Number -->
- <Entity id="682f18ce-44eb-482b-8198-2bcb96a0761e" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_austria_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_austria_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_austria_eu_driver's_license_number
--- fuhrerschein-- f├╝hrerschein-- F├╝hrerscheine-- F├╝hrerscheinnummer-- F├╝hrerscheinnummern-
-## Austria identity card
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-A 24-character combination of letters, digits, and special characters
-
-### Pattern
-
-24 characters:
--- 22 letters (not case-sensitive), digits, backslashes, forward slashes, or plus signs--- two letters (not case-sensitive), digits, backslashes, forward slashes, plus signs, or equal signs-
-### Checksum
-
-Not applicable
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_austria_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_austria_eu_national_id_card` is found.-
-```xml
- <!-- Austria Identity Card -->
- <Entity id="5ec06c3b-007e-4820-8343-7ff73b889735" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_austria_eu_national_id_card" />
- <Match idRef="Keywords_austria_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_austria_eu_national_id_card
--- identity number-- national id-- personalausweis republik ├╢sterreich-
-## Austria passport number
-
-### Format
-
-One letter followed by an optional space and seven digits
-
-### Pattern
-
-A combination of one letter, seven digits, and one space:
--- one letter (not case-sensitive)-- one space (optional)-- seven digits-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.-
-```xml
- <!-- Austria Passport Number -->
- <Entity id="1c96ae4e-303b-447d-86c7-77113ac266bf" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_austria_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_austria_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_austria_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_austria_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_austria_eu_passport_number
--- reisepassnummer-- reisepasse-- No-Reisepass-- Nr-Reisepass-- Reisepass-Nr-- Passnummer-- reisepässe-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Austria physical addresses
-
-This unbundled named entity detects patterns related to physical address from Austria. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Austria social security number
-
-### Format
-
-10 digits in the specified format
-
-### Pattern
-
-10 digits:
--- three digits that correspond to a serial number-- one check digit-- six digits that correspond to the birth date (DDMMYY)-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.-- a keyword from `Keywords_austria_eu_ssn_or_equivalent` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.-
-```xml
- <!-- Austria Social Security Number -->
- <Entity id="6896a906-86c9-4d19-a2da-6e43ccd19b7b" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_austria_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_austria_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_austria_eu_ssn_or_equivalent" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_austria_eu_telephone_number" />
- <Match idRef="Keywords_austria_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_austria_eu_ssn_or_equivalent
--- austrian ssn-- ehic number-- ehic no-- insurance code-- insurancecode#-- insurance number-- insurance no-- krankenkassennummer-- krankenversicherung-- socialsecurityno-- socialsecurityno#-- social security no-- social security number-- social security code-- sozialversicherungsnummer-- sozialversicherungsnummer#-- soziale sicherheit kein-- sozialesicherheitkein#-- ssn#-- ssn-- versicherungscode-- versicherungsnummer-- zdravstveno zavarovanje-
-## Austria tax identification number
-
-### Format
-
-nine digits with optional hyphen and forward slash
-
-### Pattern
-
-nine digits with optional hyphen and forward slash:
--- two digits-- a hyphen (optional)-- three digits-- a forward slash (optional)-- four digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_austria_eu_tax_file_number` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Austria Tax Identification Number -->
- <Entity id="4fd58d22-af28-4451-b18a-6f722430a56d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_austria_eu_tax_file_number" />
- <Match idRef="Keywords_austria_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_austria_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_austria_eu_tax_file_number
--- ├╢sterreich-- st.nr.-- steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- tax number-
-## Austria value added tax
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11-character alphanumeric pattern
-
-### Pattern
-
-11-character alphanumeric pattern:
--- A or a-- T or t-- Optional space-- U or u-- optional space-- two or three digits-- optional space-- four digits-- optional space-- one or two digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Austria_Value_Added_Tax finds content that matches the pattern.-- A keyword from Keyword_Austria_Value_Added_Tax is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Austria_Value_Added_Tax finds content that matches the pattern.-
-```xml
- <!-- Austria Value Added Tax -->
- <Entity id="b6a3eda2-c56c-4b69-a5f7-dca34db00f48" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_Austria_Value_Added_Tax" />
- <Match idRef="Keyword_Austria_Value_Added_Tax" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_Austria_Value_Added_Tax" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_austria_value_added_tax
--- vat number-- vat#-- austrian vat number-- vat no.-- vatno#-- value added tax number-- austrian vat-- mwst-- umsatzsteuernummer-- mwstnummer-- ust.-identifikationsnummer-- umsatzsteuer-identifikationsnummer-- vat identification number-- atu number-- uid number-
-## Azure DocumentDB auth key
-
-### Format
-
-The string "DocumentDb" followed by the characters and strings outlined in the pattern below.
-
-### Pattern
--- The string "DocumentDb"-- Any combination of between 3-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- A greater than symbol (>), an equal sign (=), a quotation mark ("), or an apostrophe (')-- Any combination of 86 lower- or uppercase letters, digits, forward slash (/), or plus sign (+)-- Two equal signs (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureDocumentDBAuthKey finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!-- Azure Document DB Auth Key -->
-<Entity id="0f587d92-eb28-44a9-bd1c-90f2892b47aa" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureDocumentDBAuthKey" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_CommonExampleKeywords
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure IAAS database connection string and Azure SQL connection string
-
-### Format
-
-The string "Server", "server", or "data source" followed by the characters and strings outlined in the pattern below, including the string "cloudapp.azure.<!--no-hyperlink-->com" or "cloudapp.azure.<!--no-hyperlink-->net" or "database.windows.<!--no-hyperlink-->net", and the string "Password" or "password" or "pwd".
-
-### Pattern
--- the string "Server", "server", or "data source"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- The string "cloudapp.azure.<!--no-hyperlink-->com", "cloudapp.azure.<!--no-hyperlink-->net", or "database.windows.<!--no-hyperlink-->net"-- any combination of between 1-300 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "Password", "password", or "pwd"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- one or more characters that aren't a semicolon (;), quotation mark ("), or apostrophe (')-- a semicolon (;), quotation mark ("), or apostrophe (')-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureConnectionString finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure IAAS Database Connection String and Azure SQL Connection String-->
-<Entity id="ce1a126d-186f-4700-8c0c-486157b953fd" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureConnectionString" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_common_example_keywords
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure IoT connection string
-
-### Format
-
-The string "HostName" followed by the characters and strings outlined in the pattern below, including the strings "azure-devices.<!--no-hyperlink-->net" and "SharedAccessKey".
-
-### Pattern
--- the string "HostName"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "azure-devices.<!--no-hyperlink-->net"-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "SharedAccessKey"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of 43 lower- or uppercase letters, digits, forward slash (/), or plus sign (+)-- an equal sign (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureIoTConnectionString finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure IoT Connection String-->
-<Entity id="0b34bec3-d5d6-4974-b7b0-dcdb5c90c29d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureIoTConnectionString" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_common_example_keywords
-
-This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure publish setting password
-
-### Format
-
-The string "userpwd=" followed by an alphanumeric string.
-
-### Pattern
--- the string "userpwd="-- any combination of 60 lowercase letters or digits-- a quotation mark (")-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzurePublishSettingPasswords finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure Publish Setting Password-->
-<Entity id="75f4cc8a-a68e-49e5-89ce-fa8f03d286a5" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzurePublishSettingPasswords" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_common_example_keywords
-
-This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure Redis cache connection string
-
-### Format
-
-The string "redis.cache.windows.<!--no-hyperlink-->net" followed by the characters and strings outlined in the pattern below, including the string "password" or "pwd".
-
-### Pattern
--- the string "redis.cache.windows.<!--no-hyperlink-->net"-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "password" or "pwd"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of 43 characters that are lower- or uppercase letters, digits, forward slash (/), or plus sign (+)-- an equal sign (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureRedisCacheConnectionString finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure Redis Cache Connection String-->
-<Entity id="095a7e6c-efd8-46d5-af7b-5298d53a49fc" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureRedisCacheConnectionString" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_common_example_keywords
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure SAS
-
-### Format
-
-The string "sig" followed by the characters and strings outlined in the pattern below.
-
-### Pattern
--- the string "sig"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of between 43-53 characters that are lower- or uppercase letters, digits, or the percent sign (%)-- the string "%3d"-- any character that isn't a lower- or uppercase letter, digit, or percent sign (%)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureSAS finds content that matches the pattern.-
-```xml
-<!--Azure SAS-->
-<Entity id="4d235014-e564-47f4-a6fb-6ebb4a826834" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureSAS" />
- </Pattern>
-</Entity>
-```
-
-## Azure service bus connection string
-
-### Format
-
-The string "EndPoint" followed by the characters and strings outlined in the pattern below, including the strings "servicebus.windows.<!--no-hyperlink-->net" and "SharedAccesKey".
-
-### Pattern
--- the string "EndPoint"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "servicebus.windows.<!--no-hyperlink-->net"-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "SharedAccessKey"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of 43 characters that are lower- or uppercase letters, digits, forward slash (/), or plus sign (+)-- an equal sign (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureServiceBusConnectionString finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure Service Bus Connection String-->
-<Entity id="b9a6578f-a83f-4fcd-bf44-2130bae49a6f" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureServiceBusConnectionString" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_common_example_keywords
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure storage account key
-
-### Format
-
-The string "DefaultEndpointsProtocol" followed by the characters and strings outlined in the pattern below, including the string "AccountKey".
-
-### Pattern
--- the string "DefaultEndpointsProtocol"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "AccountKey"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of 86 characters that are lower- or uppercase letters, digits, forward slash (/), or plus sign (+)-- two equal signs (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureStorageAccountKey finds content that matches the pattern.-- The regular expression CEP_AzureEmulatorStorageAccountFilter doesn't find content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure Storage Account Key-->
-<Entity id="c7bc98e8-551a-4c35-a92d-d2c8cda714a7" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureStorageAccountKey" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_AzureEmulatorStorageAccountFilter" />
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_azure_emulator_storage_account_filter
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==-
-#### CEP_common_example_keywords
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure Storage account key (generic)
-
-### Format
-
-Any combination of 86 lower- or uppercase letters, digits, the forward slash (/), or plus sign (+), preceded or followed by the characters outlined in the pattern below.
-
-### Pattern
--- zero to one of the greater than symbol (>), apostrophe ('), equal sign (=), quotation mark ("), or number sign (#)-- any combination of 86 characters that are lower- or uppercase letters, digits, the forward slash (/), or plus sign (+)-- two equal signs (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureStorageAccountKeyGeneric finds content that matches the pattern.-
-```xml
-<!--Azure Storage Account Key (Generic)-->
-<Entity id="7ff41bd0-5419-4523-91d6-383b3a37f084" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureStorageAccountKeyGeneric" />
- </Pattern>
-</Entity>
-```
-
-## Belgium driver's license number
-
-### Format
-
-10 digits without spaces and delimiters
-
-### Pattern
-
-10 digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_belgium_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_belgium_eu_driver's_license_number` is found.-
-```xml
- <!-- Belgium Driver's License Number -->
- <Entity id="d89fd329-9324-433c-b687-2c37bd5166f3" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_belgium_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_belgium_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_belgium_eu_driver's_license_number
--- rijbewijs-- rijbewijsnummer-- führerschein-- führerscheinnummer-- füehrerscheinnummer-- fuhrerschein-- fuehrerschein-- fuhrerscheinnummer-- fuehrerscheinnummer-- permis de conduire-- numéro permis conduire-
-## Belgium national number
-
-### Format
-
-11 digits plus optional delimiters
-
-### Pattern
-
-11 digits plus delimiters:
--- six digits and two optional periods in the format YY.MM.DD for date of birth-- An optional delimiter from dot, dash, space-- three sequential digits (odd for males, even for females)-- An optional delimiter from dot, dash, space-- two check digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_belgium_national_number finds content that matches the pattern.-- A keyword from Keyword_belgium_national_number is found.-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_belgium_national_number finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Belgium National Number -->
- <Entity id="fb969c9e-0fd1-4b18-8091-a2123c5e6a54" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_belgium_national_number" />
- <Match idRef="Keyword_belgium_national_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_belgium_national_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_belgium_national_number
--- belasting aantal-- bnn#-- bnn-- carte d'identité-- identifiant national-- identifiantnational#-- identificatie-- identification-- identifikation-- identifikationsnummer-- identifizierung-- identité-- identiteit-- identiteitskaart-- identity-- inscription-- national number-- national register-- nationalnumber#-- nationalnumber-- nif#-- nif-- numéro d'assuré-- numéro de registre national-- numéro de sécurité-- numéro d'identification-- numéro d'immatriculation-- numéro national-- numéronational#-- personal id number-- personalausweis-- personalidnumber#-- registratie-- registration-- registrationsnumme-- registrierung-- social security number-- ssn#-- ssn-- steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Belgium passport number
-
-### Format
-
-two letters followed by six digits with no spaces or delimiters
-
-### Pattern
-
-two letters and followed by six digits
-
-### Checksum
-
-not applicable
-
-### Definition
-
- A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` or `Keywords_belgium_eu_passport_number` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.-
-```xml
- <!-- Belgium Passport Number -->
- <Entity id="d7b1315b-21ca-4774-a32a-596010ff78fd" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_belgium_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_belgium_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date2" />
- <Match idRef="Keywords_eu_passport_date" />
- <Match idRef="Keywords_belgium_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_belgium_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_belgium_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_belgium_eu_passport_number
--- numéro passeport-- paspoort nr-- paspoort-nr-- paspoortnummer-- paspoortnummers-- Passeport carte-- Passeport livre-- Pass-Nr-- Passnummer-- reisepass kein-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Belgium physical addresses
-
-This unbundled named entity detects patterns related to physical addresses from Belgium. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Belgium value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-12-character alphanumeric pattern
-
-### Pattern
-
-12-character alphanumeric pattern:
--- a letter B or b-- a letter E or e-- a digit 0-- a digit from 1 to 9-- an optional dot or Hyphen or space-- four digits-- an optional dot or Hyphen or space-- four digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_belgium_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_belgium_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_belgium_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- Belgium Value Added Tax Number -->
- <Entity id="85b5b3c3-f2de-4ae8-ac46-fd3cb38bf9ed" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_belgium_value_added_tax_number" />
- <Match idRef="Keywords_belgium_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_belgium_value_added_tax_number" />
- </Pattern>
- </Entity>
- </Version>
-```
-### Keywords
-
-#### Keyword_belgium_value_added_tax_number
--- nº tva-- vat number-- vat no-- numéro t.v.a-- umsatzsteuer-identifikationsnummer-- umsatzsteuernummer-- btw-- btw#-- vat#-
-## Blood test terms
-
-This unbundled named entity detects terms related to blood tests, such as *hCG*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Brand medication names
-
-This unbundled named entity detects names of brand medication, such as *Tylenol*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Brazil CPF number
-
-### Format
-
-11 digits that include a check digit and can be formatted or unformatted
-
-### Pattern
-
-Formatted:
--- three digits-- a period-- three digits-- a period-- three digits-- a hyphen-- two digits that are check digits-
-Unformatted:
--- 11 digits where the last two digits are check digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_brazil_cpf finds content that matches the pattern.-- A keyword from Keyword_brazil_cpf is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_brazil_cpf finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Brazil CPF Number -->
-<Entity id="78e09124-f2c3-4656-b32a-c1a132cd2711" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_brazil_cpf"/>
- <Match idRef="Keyword_brazil_cpf"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_brazil_cpf"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_brazil_cpf
--- CPF-- Identification-- Registration-- Revenue-- Cadastro de Pessoas Físicas-- Imposto-- Identificação-- Inscrição-- Receita-
-## Brazil legal entity number (CNPJ)
-
-### Format
-
-14 digits that include a registration number, branch number, and check digits, plus delimiters
-
-### Pattern
-
-14 digits, plus delimiters:
--- two digits-- a period-- three digits-- a period-- three digits (these first eight digits are the registration number)-- a forward slash-- four-digit branch number-- a hyphen-- two digits that are check digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_brazil_cnpj finds content that matches the pattern.-- A keyword from Keyword_brazil_cnpj is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_brazil_cnpj finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Brazil Legal Entity Number (CNPJ) -->
-<Entity id="9b58b5cd-5e90-4df6-b34f-1ebcc88ceae4" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_brazil_cnpj"/>
- <Match idRef="Keyword_brazil_cnpj"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_brazil_cnpj"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_brazil_cnpj
--- CNPJ-- CNPJ/MF-- CNPJ-MF-- National Registry of Legal Entities-- Taxpayers Registry-- Legal entity-- Legal entities-- Registration Status-- Business-- Company-- CNPJ-- Cadastro Nacional da Pessoa Jurídica-- Cadastro Geral de Contribuintes-- CGC-- Pessoa jurídica-- Pessoas jurídicas-- Situação cadastral-- Inscrição-- Empresa-
-## Brazil national identification card (RG)
-
-### Format
-
-Registro Geral (old format): Nine digits
-
-Registro de Identidade (RIC) (new format): 11 digits
-
-### Pattern
-
-Registro Geral (old format):
--- two digits-- a period-- three digits-- a period-- three digits-- a hyphen-- one digit that is a check digit-
-Registro de Identidade (RIC) (new format):
--- 10 digits-- a hyphen-- one digit that is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_brazil_rg finds content that matches the pattern.-- A keyword from Keyword_brazil_rg is found.-- The checksum passes.-
-```xml
- <!-- Brazil National ID Card (RG) -->
- <Entity id="486de900-db70-41b3-a886-abdf25af119c" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_brazil_rg" />
- <Match idRef="Keyword_brazil_rg" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_brazil_rg
--- Cédula de identidade-- identity card-- national id-- número de rregistro-- registro de Iidentidade-- registro geral-- RG (this keyword is case-sensitive)-- RIC (this keyword is case-sensitive)-
-## Brazil physical addresses
-
-This unbundled named entity detects patterns related to physical address from Brazil. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Bulgaria driver's license number
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_bulgaria_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_bulgaria_eu_driver's_license_number` is found.-
-```xml
- <!-- Bulgaria Driver's License Number -->
- <Entity id="66d39258-94c2-43b2-804b-aa312258e54b" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_bulgaria_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_bulgaria_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_bulgaria_eu_driver's_license_number
--- свидетелство за управление на мпс-- свидетелство за управление на моторно превозно средство-- сумпс-- шофьорска книжка-- шофьорски книжки-
-## Bulgaria passport number
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.-
-```xml
- <!-- Bulgaria Passport Number -->
- <Entity id="f7172b82-c588-4216-845e-4e54e397f29a" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_bulgaria_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_bulgaria_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_bulgaria_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_bulgaria_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_bulgaria_eu_passport_number
--- номер на паспорта-- номер на паспорт-- паспорт №-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Bulgaria physical addresses
-
-This unbundled named entity detects patterns related to physical address from Bulgaria. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Bulgaria uniform civil number
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10 digits without spaces and delimiters
-
-### Pattern
-
-10 digits without spaces and delimiters
--- six digits that correspond to the birth date (YYMMDD)-- two digits that correspond to the birth order-- one digit that corresponds to gender: An even digit for male and an odd digit for female-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_bulgaria_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Bulgaria Uniform Civil Number -->
- <Entity id="100d58b1-0a35-4fb1-aa89-e4a86fb53fcc" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_bulgaria_eu_national_id_card" />
- <Match idRef="Keywords_bulgaria_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_bulgaria_eu_national_id_card" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_bulgaria_eu_telephone_number" />
- <Match idRef="Keywords_bulgaria_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_bulgaria_eu_national_id_card
--- bnn#-- bnn-- bucn#-- bucn-- edinen grazhdanski nomer-- egn#-- egn-- identification number-- national id-- national number-- nationalnumber#-- nationalnumber-- personal id-- personal no-- personal number-- personalidnumber#-- social security number-- ssn#-- ssn-- uniform civil id-- uniform civil no-- uniform civil number-- uniformcivilno#-- uniformcivilno-- uniformcivilnumber#-- uniformcivilnumber-- unique citizenship number-- егн#-- егн-- единен граждански номер-- идентификационен номер-- личен номер-- лична идентификация-- лично не-- национален номер-- номер на гражданството-- униформ id-- униформ граждански id-- униформ граждански не-- униформ граждански номер-- униформгражданскиid#-- униформгражданскине.#-
-## Canada bank account number
-
-### Format
-
-7 or 12 digits
-
-### Pattern
-
-A Canada Bank Account Number is 7 or 12 digits.
-
-A Canada bank account transit number is:
--- five digits-- a hyphen-- three digits
-OR
-- a zero "0"-- eight digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_canada_bank_account_number finds content that matches the pattern.-- A keyword from Keyword_canada_bank_account_number is found.-- The regular expression Regex_canada_bank_account_transit_number finds content that matches the pattern.-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_canada_bank_account_number finds content that matches the pattern.-- A keyword from Keyword_canada_bank_account_number is found.-
-```xml
-<!-- Canada Bank Account Number -->
-<Entity id="552e814c-cb50-4d94-bbaa-bb1d1ffb34de" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_canada_bank_account_number" />
- <Match idRef="Keyword_canada_bank_account_number" />
- <Match idRef="Regex_canada_bank_account_transit_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_canada_bank_account_number" />
- <Match idRef="Keyword_canada_bank_account_number" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_canada_bank_account_number
--- canada savings bonds-- canada revenue agency-- canadian financial institution-- direct deposit form-- canadian citizen-- legal representative-- notary public-- commissioner for oaths-- child care benefit-- universal child care-- canada child tax benefit-- income tax benefit-- harmonized sales tax-- social insurance number-- income tax refund-- child tax benefit-- territorial payments-- institution number-- deposit request-- banking information-- direct deposit-
-## Canada driver's license number
-
-### Format
-
-Varies by province
-
-### Pattern
-
-Various patterns covering:
--- Alberta-- British Columbia-- Manitoba-- New Brunswick-- Newfoundland/Labrador-- Nova Scotia-- Ontario-- Prince Edward Island-- Quebec-- Saskatchewan-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_[province_name]_drivers_license_number finds content that matches the pattern.-- A keyword from Keyword_[province_name]_drivers_license_name is found.-- A keyword from Keyword_canada_drivers_license is found.-
-```xml
-<!-- Canada Driver's License Number -->
- <Entity id="37186abb-8e48-4800-ad3c-e3d1610b3db0" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_alberta_drivers_license_number" />
- <Match idRef="Keyword_alberta_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_british_columbia_drivers_license_number" />
- <Match idRef="Keyword_british_columbia_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_manitoba_drivers_license_number" />
- <Match idRef="Keyword_manitoba_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_new_brunswick_drivers_license_number" />
- <Match idRef="Keyword_new_brunswick_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_newfoundland_labrador_drivers_license_number" />
- <Match idRef="Keyword_newfoundland_labrador_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_nova_scotia_drivers_license_number" />
- <Match idRef="Keyword_nova_scotia_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_ontario_drivers_license_number" />
- <Match idRef="Keyword_ontario_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_prince_edward_island_drivers_license_number" />
- <Match idRef="Keyword_prince_edward_island_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_quebec_drivers_license_number" />
- <Match idRef="Keyword_quebec_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_saskatchewan_drivers_license_number" />
- <Match idRef="Keyword_saskatchewan_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_[province_name]_drivers_license_name
--- The province abbreviation, for example AB-- The province name, for example Alberta-
-#### Keyword_canada_drivers_license
--- DL-- DLS-- CDL-- CDLS-- DriverLic-- DriverLics-- DriverLicense-- DriverLicenses-- DriverLicence-- DriverLicences-- Driver Lic-- Driver Lics-- Driver License-- Driver Licenses-- Driver Licence-- Driver Licences-- DriversLic-- DriversLics-- DriversLicence-- DriversLicences-- DriversLicense-- DriversLicenses-- Drivers Lic-- Drivers Lics-- Drivers License-- Drivers Licenses-- Drivers Licence-- Drivers Licences-- Driver'Lic-- Driver'Lics-- Driver'License-- Driver'Licenses-- Driver'Licence-- Driver'Licences-- Driver' Lic-- Driver' Lics-- Driver' License-- Driver' Licenses-- Driver' Licence-- Driver' Licences-- Driver'sLic-- Driver'sLics-- Driver'sLicense-- Driver'sLicenses-- Driver'sLicence-- Driver'sLicences-- Driver's Lic-- Driver's Lics-- Driver's License-- Driver's Licenses-- Driver's Licence-- Driver's Licences-- Permis de Conduire-- id-- ids-- idcard number-- idcard numbers-- idcard #-- idcard #s-- idcard card-- idcard cards-- idcard-- identification number-- identification numbers-- identification #-- identification #s-- identification card-- identification cards-- identification-- DL#-- DLS#-- CDL#-- CDLS#-- DriverLic#-- DriverLics#-- DriverLicense#-- DriverLicenses#-- DriverLicence#-- DriverLicences#-- Driver Lic#-- Driver Lics#-- Driver License#-- Driver Licenses#-- Driver License#-- Driver Licences#-- DriversLic#-- DriversLics#-- DriversLicense#-- DriversLicenses#-- DriversLicence#-- DriversLicences#-- Drivers Lic#-- Drivers Lics#-- Drivers License#-- Drivers Licenses#-- Drivers Licence#-- Drivers Licences#-- Driver'Lic#-- Driver'Lics#-- Driver'License#-- Driver'Licenses#-- Driver'Licence#-- Driver'Licences#-- Driver' Lic#-- Driver' Lics#-- Driver' License#-- Driver' Licenses#-- Driver' Licence#-- Driver' Licences#-- Driver'sLic#-- Driver'sLics#-- Driver'sLicense#-- Driver'sLicenses#-- Driver'sLicence#-- Driver'sLicences#-- Driver's Lic#-- Driver's Lics#-- Driver's License#-- Driver's Licenses#-- Driver's Licence#-- Driver's Licences#-- Permis de Conduire#-- id#-- ids#-- idcard card#-- idcard cards#-- idcard#-- identification card#-- identification cards#-- identification#-
-## Canada health service number
-
-### Format
-
- 10 digits
-
-### Pattern
-
-10 digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_canada_health_service_number finds content that matches the pattern.-- A keyword from Keyword_canada_health_service_number is found.-
-```xml
-<!-- Canada Health Service Number -->
-<Entity id="59c0bf39-7fab-482c-af25-00faa4384c94" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_canada_health_service_number" />
- <Any minMatches="1">
- <Match idRef="Keyword_canada_health_service_number" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_canada_health_service_number
--- personal health number-- patient information-- health services-- speciality services-- automobile accident-- patient hospital-- psychiatrist-- workers compensation-- disability-
-## Canada passport number
-
-### Format
-
-two uppercase letters followed by six digits
-
-### Pattern
-
-two uppercase letters followed by six digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_canada_passport_number finds content that matches the pattern.-- A keyword from Keyword_canada_passport_number or Keyword_passport is found.-
-```xml
-<!-- Canada Passport Number -->
-<Entity id="14d0db8b-498a-43ed-9fca-f6097ae687eb" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_canada_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keyword_canada_passport_number" />
- <Match idRef="Keyword_passport" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_canada_passport_number
--- canadian citizenship-- canadian passport-- passport application-- passport photos-- certified translator-- canadian citizens-- processing times-- renewal application-
-#### Keyword_passport
--- Passport Number-- Passport No-- Passport #-- Passport#-- PassportID-- Passportno-- passportnumber-- パスポート-- パスポート番号-- パスポートのNum-- パスポート#-- Numéro de passeport-- Passeport n °-- Passeport Non-- Passeport #-- Passeport#-- PasseportNon-- Passeportn °-
-## Canada personal health identification number (PHIN)
-
-### Format
-
-nine digits
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_canada_phin finds content that matches the pattern.-- At least two keywords from Keyword_canada_phin or Keyword_canada_provinces are found.-
-```xml
-<!-- Canada PHIN -->
-<Entity id="722e12ac-c89a-4ec8-a1b7-fea3469f89db" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_canada_phin" />
- <Any minMatches="2">
- <Match idRef="Keyword_canada_phin" />
- <Match idRef="Keyword_canada_provinces" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_canada_phin
--- social insurance number-- health information act-- income tax information-- manitoba health-- health registration-- prescription purchases-- benefit eligibility-- personal health-- power of attorney-- registration number-- personal health number-- practitioner referral-- wellness professional-- patient referral-- health and wellness-
-#### Keyword_canada_provinces
--- Nunavut-- Quebec-- Northwest Territories-- Ontario-- British Columbia-- Alberta-- Saskatchewan-- Manitoba-- Yukon-- Newfoundland and Labrador-- New Brunswick-- Nova Scotia-- Prince Edward Island-- Canada-
-## Canada physical addresses
-
-This unbundled named entity detects patterns related to physical address from Canada. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Canada social insurance number
-
-### Format
-
-nine digits with optional hyphens or spaces
-
-### Pattern
-
-Formatted:
--- three digits-- a hyphen or space-- three digits-- a hyphen or space-- three digits-
-Unformatted: nine digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_canadian_sin finds content that matches the pattern.-- At least two of the following patterns:
- - A keyword from Keyword_sin is found.
- - A keyword from Keyword_sin_collaborative is found.
- - The function Func_eu_date finds a date in the right date format.
-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_unformatted_canadian_sin finds content that matches the pattern.-- A keyword from Keyword_sin is found.-- The checksum passes.-
-```xml
-<!-- Canada Social Insurance Number -->
-<Entity id="a2f29c85-ecb8-4514-a610-364790c0773e" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_canadian_sin" />
- <Any minMatches="2">
- <Match idRef="Keyword_sin" />
- <Match idRef="Keyword_sin_collaborative" />
- <Match idRef="Func_eu_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_unformatted_canadian_sin" />
- <Match idRef="Keyword_sin" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_sin
--- sin-- social insurance-- numero d'assurance sociale-- sins-- ssn-- ssns-- social security-- numero d'assurance social-- national identification number-- national id-- sin#-- soc ins-- social ins-
-#### Keyword_sin_collaborative
--- driver's license-- drivers license-- driver's licence-- drivers licence-- DOB-- Birthdate-- Birthday-- Date of Birth-
-## Chile identity card number
-
-### Format
-
-seven to eight digits plus delimiters a check digit or letter
-
-### Pattern
-
-seven to eight digits plus delimiters:
--- one to two digits-- an optional period-- three digits-- an optional period-- three digits-- a dash-- one digit or letter (not case-sensitive) which is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_chile_id_card finds content that matches the pattern.-- A keyword from Keyword_chile_id_card is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_chile_id_card finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Chile Identity Card Number -->
-<Entity id="4e979794-49a0-407e-a0b9-2c536937b925" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_chile_id_card"/>
- <Match idRef="Keyword_chile_id_card"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_chile_id_card"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_chile_id_card
--- cédula de identidad-- identificación-- national identification-- national identification number-- national id-- número de identificación nacional-- rol único nacional-- rol único tributario-- RUN-- RUT-- tarjeta de identificación-- Rol Unico Nacional-- Rol Unico Tributario-- RUN#-- RUT#-- nationaluniqueroleID#-- nacional identidad-- número identificación-- identidad número-- numero identificacion-- identidad numero-- Chilean identity no.-- Chilean identity number-- Chilean identity #-- Unique Tax Registry-- Unique Tributary Role-- Unique Tax Role-- Unique Tributary Number-- Unique National Number-- Unique National Role-- National unique role-- Chile identity no.-- Chile identity number-- Chile identity #-- R.U.T-- R.U.N-
-## China resident identity card (PRC) number
-
-### Format
-
-18 digits
-
-### Pattern
-
-18 digits:
--- six digits that are an address code-- eight digits in the form YYYYMMDD, which are the date of birth-- three digits that are an order code-- one digit that is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_china_resident_id finds content that matches the pattern.-- A keyword from Keyword_china_resident_id is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_china_resident_id finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- China Resident Identity Card (PRC) Number -->
-<Entity id="c92daa86-2d16-4871-901f-816b3f554fc1" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_china_resident_id"/>
- <Match idRef="Keyword_china_resident_id"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_china_resident_id"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-### Keyword_china_resident_id
--- Resident Identity Card-- PRC-- National Identification Card-- 身份证-- 居民 身份证-- 居民身份证-- 鉴定-- 身分證-- 居民 身份證-- 鑑定-
-## Credit card number
-
-### Format
-
-14 to 19 digits that can be formatted or unformatted (dddddddddddddddd) and that must pass the Luhn test.
-
-### Pattern
-
-Detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, diner's cards, Rupay and China UnionPay.
-
-### Checksum
-
-Yes, the Luhn check
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_credit_card finds content that matches the pattern.-- One of the following conditions is true:
- - A keyword from Keyword_cc_verification is found.
- - A keyword from Keyword_cc_name is found.
- - The function Func_expiration_date finds a date in the right date format.
-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_credit_card finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Credit Card Number -->
-<Entity id="50842eb7-edc8-4019-85dd-5a5c1f2bb085" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_credit_card" />
- <Any minMatches="1">
- <Match idRef="Keyword_cc_verification" />
- <Match idRef="Keyword_cc_name" />
- <Match idRef="Func_expiration_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_credit_card" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_cc_verification
--- card verification-- card identification number-- cvn-- cid-- cvc2-- cvv2-- pin block-- security code-- security number-- security no-- issue number-- issue no-- cryptogramme-- numéro de sécurité-- numero de securite-- kreditkartenprüfnummer-- kreditkartenprufnummer-- prüfziffer-- prufziffer-- sicherheits Kode-- sicherheitscode-- sicherheitsnummer-- verfalldatum-- codice di verifica-- cod. sicurezza-- cod sicurezza-- n autorizzazione-- código-- codigo-- cod. seg-- cod seg-- código de segurança-- codigo de seguranca-- codigo de segurança-- código de seguranca-- cód. segurança-- cod. seguranca-- cod. segurança-- cód. seguranca-- cód segurança-- cod seguranca-- cod segurança-- cód seguranca-- número de verificação-- numero de verificacao-- ablauf-- gültig bis-- gültigkeitsdatum-- gultig bis-- gultigkeitsdatum-- scadenza-- data scad-- fecha de expiracion-- fecha de venc-- vencimiento-- válido hasta-- valido hasta-- vto-- data de expiração-- data de expiracao-- data em que expira-- validade-- valor-- vencimento-- transaction-- transaction number-- reference number-- セキュリティコード-- セキュリティ コード-- セキュリティナンバー-- セキュリティ ナンバー-- セキュリティ番号-
-#### Keyword_cc_name
--- amex-- american express-- americanexpress-- americano espresso-- Visa-- mastercard-- master card-- mc-- mastercards-- master cards-- diner's Club-- diners club-- dinersclub-- discover-- discover card-- discovercard-- discover cards-- JCB-- BrandSmart-- japanese card bureau-- carte blanche-- carteblanche-- credit card-- cc#-- cc#:--- expiration date-- exp date-- expiry date-- date d'expiration-- date d'exp-- date expiration-- bank card-- bankcard-- card number-- card num-- cardnumber-- cardnumbers-- card numbers-- creditcard-- credit cards-- creditcards-- ccn-- card holder-- cardholder-- card holders-- cardholders-- check card-- checkcard-- check cards-- checkcards-- debit card-- debitcard-- debit cards-- debitcards-- atm card-- atmcard-- atm cards-- atmcards-- enroute-- en route-- card type-- Cardmember Acct-- cardmember account-- Cardno-- Corporate Card-- Corporate cards-- Type of card-- card account number-- card member account-- Cardmember Acct.-- card no.-- card no-- card number-- carte bancaire-- carte de crédit-- carte de credit-- numéro de carte-- numero de carte-- nº de la carte-- nº de carte-- kreditkarte-- karte-- karteninhaber-- karteninhabers-- kreditkarteninhaber-- kreditkarteninstitut-- kreditkartentyp-- eigentümername-- kartennr-- kartennummer-- kreditkartennummer-- kreditkarten-nummer-- carta di credito-- carta credito-- n. carta-- n carta-- nr. carta-- nr carta-- numero carta-- numero della carta-- numero di carta-- tarjeta credito-- tarjeta de credito-- tarjeta crédito-- tarjeta de crédito-- tarjeta de atm-- tarjeta atm-- tarjeta debito-- tarjeta de debito-- tarjeta débito-- tarjeta de débito-- nº de tarjeta-- no. de tarjeta-- no de tarjeta-- numero de tarjeta-- número de tarjeta-- tarjeta no-- tarjetahabiente-- cartão de crédito-- cartão de credito-- cartao de crédito-- cartao de credito-- cartão de débito-- cartao de débito-- cartão de debito-- cartao de debito-- débito automático-- debito automatico-- número do cartão-- numero do cartão-- número do cartao-- numero do cartao-- número de cartão-- numero de cartão-- número de cartao-- numero de cartao-- nº do cartão-- nº do cartao-- nº. do cartão-- no do cartão-- no do cartao-- no. do cartão-- no. do cartao-- rupay-- union pay-- unionpay-- diner's-- diners-- クレジットカード番号-- クレジットカードナンバー-- クレジットカード#-- クレジットカード-- クレジット-- クレカ-- カード番号-- カードナンバー-- カード#-- アメックス-- アメリカンエクスプレス-- アメリカン エクスプレス-- Visaカード-- Visa カード-- マスターカード-- マスター カード-- マスター-- ダイナースクラブ-- ダイナース クラブ-- ダイナース-- 有効期限-- 期限-- キャッシュカード-- キャッシュ カード-- カード名義人-- カードの名義人-- カードの名義-- デビット カード-- デビットカード-- 中国银联-- 银联-
-## Croatia driver's license number
-
-### Format
-
-eight digits without spaces and delimiters
-
-### Pattern
-
-eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_croatia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_croatia_eu_driver's_license_number` is found.-
-```xml
- <!-- Croatia Driver's License Number -->
- <Entity id="005b3ef1-47dd-4e68-bb02-c6db484d00f2" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_croatia_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_croatia_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_croatia_eu_driver's_license_number
--- voza─ìka dozvola-- voza─ìke dozvole-
-## Croatia identity card number
-
-This entity is included in the EU National Identification Number sensitive information type. It's available as a stand-alone sensitive information type entity.
-
-### Format
-
-nine digits
-
-### Pattern
-
-nine consecutive digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_croatia_id_card finds content that matches the pattern.-- A keyword from Keyword_croatia_id_card is found.-
-```xml
-<!--Croatia Identity Card Number-->
-<Entity id="ff12f884-c20a-4189-b185-34c8e7258d47" recommendedConfidence="75" patternsProximity="300">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_croatia_id_card"/>
- <Match idRef="Keyword_croatia_id_card"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_croatia_id_card
--- majstorski broj gra─æana-- master citizen number-- nacionalni identifikacijski broj-- national identification number-- oib#-- oib-- osobna iskaznica-- osobni id-- osobni identifikacijski broj-- personal identification number-- porezni broj-- porezni identifikacijski broj-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Croatia passport number
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.-
-```xml
- <!-- Croatia Passport Number -->
- <Entity id="7d7a729d-32d8-4204-8d01-d5e6a6c25581" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_croatia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_croatia_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_croatia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_croatia_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_croatia_eu_passport_number
--- broj putovnice-- br. Putovnice-- br putovnice-
-## Croatia personal identification (OIB) number
-
-### Format
-
-11 digits
-
-### Pattern
-
-11 digits:
--- 10 digits-- final digit is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_croatia_oib_number finds content that matches the pattern.-- A keyword from Keywords_croatia_eu_tax_file_number is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_croatia_oib_number finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- Croatia Personal Identification (OIB) Number -->
- <Entity id="31983b6d-db95-4eb2-a630-b44bd091968d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_croatia_oib_number" />
- <Match idRef="Keywords_croatia_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_croatia_oib_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_croatia_oib_number
--- majstorski broj gra─æana-- master citizen number-- nacionalni identifikacijski broj-- national identification number-- oib#-- oib-- osobna iskaznica-- osobni id-- osobni identifikacijski broj-- personal identification number-- porezni broj-- porezni identifikacijski broj-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Croatia physical addresses
-
-This unbundled named entity detects patterns related to physical address from Croatia. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Cyprus drivers license number
-
-### Format
-
-12 digits without spaces and delimiters
-
-### Pattern
-
-12 digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_cyprus_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_cyprus_eu_driver's_license_number` is found.-
-```xml
- <!-- Cyprus Driver's License Number -->
- <Entity id="356fa104-f9ac-4aff-a0e4-2e6e65ea06c4" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_cyprus_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_cyprus_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_cyprus_eu_driver's_license_number
--- άδεια οδήγησης-- αριθμό άδειας οδήγησης-- άδειες οδήγησης-
-## Cyprus identity card
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10 digits without spaces and delimiters
-
-### Pattern
-
-10 digits
-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_cyprus_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_cyprus_eu_national_id_card` is found.-
-```xml
- <!-- Cyprus Identity Card -->
- <Entity id="3ba8afe5-7a6c-4929-8247-0001b6878438" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_cyprus_eu_national_id_card" />
- <Match idRef="Keywords_cyprus_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_cyprus_eu_national_id_card
--- id card number-- identity card number-- kimlik karti-- national identification number-- personal id number-- ταυτοτητασ-
-## Cyprus passport number
-
-### Format
-
-one letter followed by 6-8 digits with no spaces or delimiters
-
-### Pattern
-
-one letter followed by six to eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.-- The regular expression `Regex_cyprus_eu_passport_date` finds date in the format DD/MM/YYYY or a keyword from `Keywords_cyprus_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.-
-```xml
- <!-- Cyprus Passport Number -->
- <Entity id="9193e2e8-7f8c-43c1-a274-ac40d651936f" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_cyprus_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_cyprus_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_cyprus_eu_passport_date" />
- <Match idRef="Keywords_cyprus_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_cyprus_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_cyprus_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_cyprus_eu_passport_number
--- αριθμό διαβατηρίου-- pasaportu-- Αριθμός Διαβατηρίου-- κυπριακό διαβατήριο-- διαβατήριο#-- διαβατήριο-- αριθμός διαβατηρίου-- Pasaport Kimliği-- pasaport numarası-- Pasaport no.-- Αρ. Διαβατηρίου-
-#### Keywords_cyprus_eu_passport_date
--- expires on-- issued on-
-## Cyprus physical addresses
-
-This unbundled named entity detects patterns related to physical address from Cyprus. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Cyprus tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-eight digits and one letter in the specified pattern
-
-### Pattern
-
-eight digits and one letter:
--- a "0" or "9"-- seven digits-- one letter (not case-sensitive)-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_cyprus_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Cyprus Tax Identification Number -->
- <Entity id="40e64bd9-55f3-4a09-9bd6-1db18dced9dd" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_cyprus_eu_tax_file_number" />
- <Match idRef="Keywords_cyprus_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_cyprus_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_cyprus_eu_tax_file_number
--- tax id-- tax identification code-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tic#-- tic-- tin id-- tin no-- tin#-- vergi kimlik kodu-- vergi kimlik numarası-- αριθμός φορολογικού μητρώου-- κωδικός φορολογικού μητρώου-- φορολογική ταυτότητα-- φορολογικού κωδικού-
-## Czech driver's license number
-
-### Format
-
-two letters followed by six digits
-
-### Pattern
-
-eight letters and digits:
--- letter 'E' (not case-sensitive)-- a letter-- a space (optional)-- six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_czech_republic_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_czech_republic_eu_driver's_license_number` is found.-
-```xml
- <Entity id="86b40d3b-d8ea-4c36-aab0-ef9416a6769c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_czech_republic_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_czech_republic_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_czech_republic_eu_driver's_license_number
--- řidičský prúkaz-- řidičské průkazy-- číslo řidičského průkazu-- čísla řidičských průkazů-
-## Czech passport number
-
-### Format
-
-eight digits without spaces or delimiters
-
-### Pattern
-
-eight digits without spaces or delimiters
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.-
-```xml
- <!-- Czech Republic Passport Number -->
- <Entity id="7bcd8ce8-5e92-4bbe-bc92-fa669f0369fa" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_czech_republic_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_czech_republic_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_czech_republic_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_czech_republic_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_czech_republic_eu_passport_number
--- cestovní pas-- číslo pasu-- cestovní pasu-- passeport no-- čísla pasu-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Czech personal identity number
-
-### Format
-
-nine digits with optional forward slash (old format)
-
-10 digits with optional forward slash (new format)
-
-### Pattern
-
-nine digits (old format):
--- six digits that represent date of birth-- an optional forward slash-- three digits-
-10 digits (new format):
--- six digits that represent date of birth-- an optional forward slash-- four digits where last digit is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_czech_id_card finds content that matches the pattern.-- A keyword from Keyword_czech_id_card is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_czech_id_card_new_format finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Czech Personal Identity Number -->
- <!-- Czech Personal Identity Number -->
- <Entity id="60c0725a-4eb6-455b-9dda-05d8a7396497" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_czech_id_card" />
- <Match idRef="Keyword_czech_id_card" />
- </Pattern>
- <Version minEngineVersion="15.20.3000.000">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_czech_id_card_new_format" />
- </Pattern>
- </Version>
- </Entity>
-```
-### Keywords
-
-#### Keyword_czech_id_card
--- birth number-- czech republic id-- czechidno#-- daňové číslo-- identifikační číslo-- identity no-- identity number-- identityno#-- identityno-- insurance number-- national identification number-- nationalnumber#-- national number-- osobní číslo-- personalidnumber#-- personal id number-- personal identification number-- personal number-- pid#-- pid-- pojištění číslo-- rč-- rodne cislo-- rodné číslo-- ssn-- ssn#-- social security number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- unique identification number-
-## Czech Republic physical addresses
-
-This unbundled named entity detects patterns related to physical address from the Czech Republic. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Denmark driver's license number
-
-### Format
-
-eight digits without spaces and delimiters
-
-### Pattern
-
-eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_denmark_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_denmark_eu_driver's_license_number` is found.-
-```xml
- <!-- Denmark Driver's License Number -->
- <Entity id="98a95812-6203-451a-a220-d39870ebef0e" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_denmark_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_denmark_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_denmark_eu_driver's_license_number
--- k├╕rekort-- k├╕rekortnummer-
-## Denmark passport number
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.-
-```xml
- <!-- Denmark Passport Number -->
- <Entity id="25e8c47e-e6fe-4884-a211-74898f8c0196" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_denmark_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_denmark_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date2" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_denmark_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_denmark_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_denmark_eu_passport_number
--- pasnummer-- Passeport n┬░-- pasnumre-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Denmark personal identification number
-
-### Format
-
-10 digits containing a hyphen
-
-### Pattern
-
-10 digits:
--- six digits in the format DDMMYY, which are the date of birth-- an optional space or hyphen-- four digits where the final digit is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Func_denmark_eu_tax_file_number finds content that matches the pattern.-- A keyword from Keyword_denmark_id is found.-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Func_denmark_eu_tax_file_number finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Denmark Personal Identification Number -->
- <!-- Denmark Personal Identification Number -->
- <Entity id="6c4f2fef-56e1-4c00-8093-88d7a01cf460" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_denmark_eu_tax_file_number" />
- <Match idRef="Keyword_denmark_id" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_denmark_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_denmark_id
--- centrale personregister-- civilt registreringssystem-- cpr-- cpr#-- gesundheitskarte nummer-- gesundheitsversicherungkarte nummer-- health card-- health insurance card number-- health insurance number-- identification number-- identifikationsnummer-- identifikationsnummer#-- identity number-- krankenkassennummer-- nationalid#-- nationalnumber#-- national number-- personalidnumber#-- personalidentityno#-- personal id number-- personnummer-- personnummer#-- reisekrankenversicherungskartenummer-- rejsesygesikringskort-- ssn-- ssn#-- skat id-- skat kode-- skat nummer-- skattenummer-- social security number-- sundhedsforsikringskort-- sundhedsforsikringsnummer-- sundhedskort-- sundhedskortnummer-- sygesikring-- sygesikringkortnummer-- tax code-- travel health insurance card-- uniqueidentityno#-- tax number-- tax registration number-- tax id-- tax identification number-- taxid#-- taxnumber#-- tax no-- taxno#-- taxnumber-- tax identification no-- tin#-- taxidno#-- taxidnumber#-- tax no#-- tin id-- tin no-- cpr.nr-- cprnr-- cprnummer-- personnr-- personregister-- sygesikringsbevis-- sygesikringsbevisnr-- sygesikringsbevisnummer-- sygesikringskort-- sygesikringskortnr-- sygesikringskortnummer-- sygesikringsnr-- sygesikringsnummer-
-## Denmark physical addresses
-
-This unbundled named entity detects patterns related to physical address from Denmark. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Diseases
-
-This unbundled named entity detects text that matches disease names, such as *diabetes*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Drug Enforcement Agency (DEA) number
-
-### Format
-
-two letters followed by seven digits
-
-### Pattern
-
-Pattern must include all of the following:
--- one letter (not case-sensitive) from this set of possible letters: A/B/F/G/M/P/R, which is a registrant code-- one letter (not case-sensitive), which is the first letter of the registrant's last name or digit '9'-- seven digits, the last of which is the check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_dea_number finds content that matches the pattern.-- A keyword from `Keyword_dea_number` is found-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_dea_number finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- DEA Number -->
- <Entity id="9a5445ad-406e-43eb-8bd7-cac17ab6d0e4" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_dea_number" />
- </Pattern>
- <Version minEngineVersion="15.20.1207.000" maxEngineVersion="15.20.3134.000">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_dea_number" />
- </Pattern>
- </Version>
- <Version minEngineVersion="15.20.3135.000">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_dea_number" />
- <Match idRef="Keyword_dea_number" />
- </Pattern>
- </Version>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_dea_number
--- dea-- dea#-- drug enforcement administration-- drug enforcement agency-
-## Estonia driver's license number
-
-### Format
-
-two letters followed by six digits
-
-### Pattern
-
-two letters and six digits:
--- the letters "ET" (not case-sensitive)-- six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_estonia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_estonia_eu_driver's_license_number` is found.-
-```xml
- <!-- Estonia Driver's License Number -->
- <Entity id="51da8171-da70-4cc1-9d65-055a59ca4f83" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_estonia_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_estonia_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_estonia_eu_driver's_license_number
--- permis de conduire-- juhilubade numbrid-- juhiloa number-- juhiluba-
-## Estonia passport number
-
-### Format
-
-one letter followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-one letter followed by seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.-
-```xml
- <!-- Estonia Passport Number -->
- <Entity id="61f7073a-509e-425b-a754-bc01bb5d5b8c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_estonia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_estonia_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_estonia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_estonia_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_estonia_eu_passport_number
-
-eesti kodaniku pass
-passi number
-passinumbrid
-document number
-document no
-dokumendi nr
-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Estonia Personal Identification Code
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits without spaces and delimiters
-
-### Pattern
-
-11 digits:
--- one digit that corresponds to sex and century of birth (odd number male, even number female; 1-2: 19th century; 3-4: 20th century; 5-6: 21st century)-- six digits that correspond to date of birth (YYMMDD)-- three digits that correspond to a serial number separating persons born on the same date-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_estonia_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Estonia Personal Identification Code -->
- <Entity id="bfb26de6-dad5-4d48-ab72-4789cdd0654c" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_estonia_eu_national_id_card" />
- <Match idRef="Keywords_estonia_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_estonia_eu_national_id_card" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_estonia_eu_telephone_number" />
- <Match idRef="Keywords_estonia_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_estonia_eu_national_id_card
--- id-kaart-- ik-- isikukood#-- isikukood-- maksu id-- maksukohustuslase identifitseerimisnumber-- maksunumber-- national identification number-- national number-- personal code-- personal id number-- personal identification code-- personal identification number-- personalidnumber#-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Estonia physical addresses
-
-This unbundled named entity detects patterns related to physical address from Estonia. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## EU debit card number
-
-### Format
-
-16 digits
-
-### Pattern
-
-Complex and robust pattern
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_eu_debit_card finds content that matches the pattern.-- At least one of the following is true:
- - A keyword from Keyword_eu_debit_card is found.
- - A keyword from Keyword_card_terms_dict is found.
- - A keyword from Keyword_card_security_terms_dict is found.
- - A keyword from Keyword_card_expiration_terms_dict is found.
- - The function Func_expiration_date finds a date in the right date format.
-- The checksum passes.-
-```xml
- <!-- EU Debit Card Number -->
- <Entity id="0e9b3178-9678-47dd-a509-37222ca96b42" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_eu_debit_card" />
- <Any minMatches="1">
- <Match idRef="Keyword_eu_debit_card" />
- <Match idRef="Keyword_card_terms_dict" />
- <Match idRef="Keyword_card_security_terms_dict" />
- <Match idRef="Keyword_card_expiration_terms_dict" />
- <Match idRef="Func_expiration_date" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_eu_debit_card
--- account number-- card number-- card no.-- security number-- cc#-
-#### Keyword_card_terms_dict
--- acct nbr-- acct num-- acct no-- american express-- americanexpress-- americano espresso-- amex-- atm card-- atm cards-- atm kaart-- atmcard-- atmcards-- atmkaart-- atmkaarten-- bancontact-- bank card-- bankkaart-- card holder-- card holders-- card num-- card number-- card numbers-- card type-- cardano numerico-- cardholder-- cardholders-- cardnumber-- cardnumbers-- carta bianca-- carta credito-- carta di credito-- cartao de credito-- cartao de crédito-- cartao de debito-- cartao de débito-- carte bancaire-- carte blanche-- carte bleue-- carte de credit-- carte de crédit-- carte di credito-- carteblanche-- cartão de credito-- cartão de crédito-- cartão de debito-- cartão de débito-- cb-- ccn-- check card-- check cards-- checkcard-- checkcards-- chequekaart-- cirrus-- cirrus-edc-maestro-- controlekaart-- controlekaarten-- credit card-- credit cards-- creditcard-- creditcards-- debetkaart-- debetkaarten-- debit card-- debit cards-- debitcard-- debitcards-- debito automatico-- diners club-- dinersclub-- discover-- discover card-- discover cards-- discovercard-- discovercards-- débito automático-- edc-- eigentümername-- european debit card-- hoofdkaart-- hoofdkaarten-- in viaggio-- japanese card bureau-- japanse kaartdienst-- jcb-- kaart-- kaart num-- kaartaantal-- kaartaantallen-- kaarthouder-- kaarthouders-- karte-- karteninhaber-- karteninhabers-- kartennr-- kartennummer-- kreditkarte-- kreditkarten-nummer-- kreditkarteninhaber-- kreditkarteninstitut-- kreditkartennummer-- kreditkartentyp-- maestro-- master card-- master cards-- mastercard-- mastercards-- mc-- mister cash-- n carta-- carta-- no de tarjeta-- no do cartao-- no do cartão-- no. de tarjeta-- no. do cartao-- no. do cartão-- nr carta-- nr. carta-- numeri di scheda-- numero carta-- numero de cartao-- numero de carte-- numero de cartão-- numero de tarjeta-- numero della carta-- numero di carta-- numero di scheda-- numero do cartao-- numero do cartão-- numéro de carte-- nº carta-- nº de carte-- nº de la carte-- nº de tarjeta-- nº do cartao-- nº do cartão-- nº. do cartão-- número de cartao-- número de cartão-- número de tarjeta-- número do cartao-- scheda dell'assegno-- scheda dell'atmosfera-- scheda dell'atmosfera-- scheda della banca-- scheda di controllo-- scheda di debito-- scheda matrice-- schede dell'atmosfera-- schede di controllo-- schede di debito-- schede matrici-- scoprono la scheda-- scoprono le schede-- solo-- supporti di scheda-- supporto di scheda-- switch-- tarjeta atm-- tarjeta credito-- tarjeta de atm-- tarjeta de credito-- tarjeta de debito-- tarjeta debito-- tarjeta no-- tarjetahabiente-- tipo della scheda-- ufficio giapponese della-- scheda-- v pay-- v-pay-- visa-- visa plus-- visa electron-- visto-- visum-- vpay-
-#### Keyword_card_security_terms_dict
--- card identification number-- card verification-- cardi la verifica-- cid-- cod seg-- cod seguranca-- cod segurança-- cod sicurezza-- cod. seg-- cod. seguranca-- cod. segurança-- cod. sicurezza-- codice di sicurezza-- codice di verifica-- codigo-- codigo de seguranca-- codigo de segurança-- crittogramma-- cryptogram-- cryptogramme-- cv2-- cvc-- cvc2-- cvn-- cvv-- cvv2-- cód seguranca-- cód segurança-- cód. seguranca-- cód. segurança-- código-- código de seguranca-- código de segurança-- de kaart controle-- geeft nr uit-- issue no-- issue number-- kaartidentificatienummer-- kreditkartenprufnummer-- kreditkartenprüfnummer-- kwestieaantal-- no. dell'edizione-- no. di sicurezza-- numero de securite-- numero de verificacao-- numero dell'edizione-- numero di identificazione della-- scheda-- numero di sicurezza-- numero van veiligheid-- numéro de sécurité-- nº autorizzazione-- número de verificação-- perno il blocco-- pin block-- prufziffer-- prüfziffer-- security code-- security no-- security number-- sicherheits kode-- sicherheitscode-- sicherheitsnummer-- speldblok-- veiligheid nr-- veiligheidsaantal-- veiligheidscode-- veiligheidsnummer-- verfalldatum-
-#### Keyword_card_expiration_terms_dict
--- ablauf-- data de expiracao-- data de expiração-- data del exp-- data di exp-- data di scadenza-- data em que expira-- data scad-- data scadenza-- date de validité-- datum afloop-- datum van exp-- de afloop-- espira-- espira-- exp date-- exp datum-- expiration-- expire-- expires-- expiry-- fecha de expiracion-- fecha de venc-- gultig bis-- gultigkeitsdatum-- gültig bis-- gültigkeitsdatum-- la scadenza-- scadenza-- valable-- validade-- valido hasta-- valor-- venc-- vencimento-- vencimiento-- verloopt-- vervaldag-- vervaldatum-- vto-- válido hasta-
-## EU driver's license number
-
-These entities are in the EU Driver's License Number and are sensitive information types.
--- [Austria](#austria-drivers-license-number)-- [Belgium](#belgium-drivers-license-number)-- [Bulgaria](#bulgaria-drivers-license-number)-- [Croatia](#croatia-drivers-license-number)-- [Cyprus](#cyprus-drivers-license-number)-- [Czech](#czech-drivers-license-number)-- [Denmark](#denmark-drivers-license-number)-- [Estonia](#estonia-drivers-license-number)-- [Finland](#finland-drivers-license-number)-- [France](#france-drivers-license-number)-- [Germany](#germany-drivers-license-number)-- [Greece](#greece-drivers-license-number)-- [Hungary](#hungary-drivers-license-number)-- [Ireland](#ireland-drivers-license-number)-- [Italy](#italy-drivers-license-number)-- [Latvia](#latvia-drivers-license-number)-- [Lithuania](#lithuania-drivers-license-number)-- [Luxemburg](#luxemburg-drivers-license-number)-- [Malta](#malta-drivers-license-number)-- [Netherlands](#netherlands-drivers-license-number)-- [Poland](#poland-drivers-license-number)-- [Portugal](#portugal-drivers-license-number)-- [Romania](#romania-drivers-license-number)-- [Slovakia](#slovakia-drivers-license-number)-- [Slovenia](#slovenia-drivers-license-number)-- [Spain](#spain-drivers-license-number)-- [Sweden](#sweden-drivers-license-number)-- [U.K.](#uk-drivers-license-number)-
-## EU national identification number
-
-These entities are in the EU National Identification Number and are sensitive information types.
--- [Austria](#austria-identity-card)-- [Belgium](#belgium-national-number)-- [Bulgaria](#bulgaria-uniform-civil-number)-- [Croatia](#croatia-identity-card-number)-- [Cyprus](#cyprus-identity-card)-- [Czech](#czech-personal-identity-number)-- [Denmark](#denmark-personal-identification-number)-- [Estonia](#estonia-personal-identification-code)-- [Finland](#finland-national-id)-- [France](#france-national-id-card-cni)-- [Germany](#germany-identity-card-number)-- [Greece](#greece-national-id-card)-- [Hungary](#hungary-personal-identification-number)-- [Ireland](#ireland-personal-public-service-pps-number)-- [Italy](#italy-fiscal-code)-- [Latvia](#latvia-personal-code)-- [Lithuania](#lithuania-personal-code)-- [Luxemburg](#luxemburg-national-identification-number-natural-persons)-- [Malta](#malta-identity-card-number)-- [Netherlands](#netherlands-citizens-service-bsn-number)-- [Poland](#poland-national-id-pesel)-- [Portugal](#portugal-citizen-card-number)-- [Romania](#romania-personal-numeric-code-cnp)-- [Slovakia](#slovakia-personal-number)-- [Slovenia](#slovenia-unique-master-citizen-number)-- [Spain](#spain-dni)-- [U.K.](#uk-national-insurance-number-nino)-
-## EU passport number
-
-These entities are in the EU passport number and are sensitive information types. These entities are in the EU passport number bundle.
--- [Austria](#austria-passport-number)-- [Belgium](#belgium-passport-number)-- [Bulgaria](#bulgaria-passport-number)-- [Croatia](#croatia-passport-number)-- [Cyprus](#cyprus-passport-number)-- [Czech](#czech-passport-number)-- [Denmark](#denmark-passport-number)-- [Estonia](#estonia-passport-number)-- [Finland](#finland-passport-number)-- [France](#france-passport-number)-- [Germany](#germany-passport-number)-- [Greece](#greece-passport-number)-- [Hungary](#hungary-passport-number)-- [Ireland](#ireland-passport-number)-- [Italy](#italy-passport-number)-- [Latvia](#latvia-passport-number)-- [Lithuania](#lithuania-passport-number)-- [Luxemburg](#luxemburg-passport-number)-- [Malta](#malta-passport-number)-- [Netherlands](#netherlands-passport-number)-- [Poland](#poland-passport-number)-- [Portugal](#portugal-passport-number)-- [Romania](#romania-passport-number)-- [Slovakia](#slovakia-passport-number)-- [Slovenia](#slovenia-passport-number)-- [Spain](#spain-passport-number)-- [Sweden](#sweden-passport-number)-- [U.S./U.K. passport number](#usuk-passport-number)-
-## EU social security number or equivalent identification
-
-These entities are in the EU Social Security Number or equivalent identification and are sensitive information types.
--- [Austria](#austria-social-security-number)-- [Belgium](#belgium-national-number)-- [Croatia](#croatia-personal-identification-oib-number)-- [Czech](#czech-personal-identity-number)-- [Denmark](#denmark-personal-identification-number)-- [Finland](#finland-national-id)-- [France](#france-social-security-number-insee)-- [Germany](#germany-identity-card-number)-- [Greece](#greece-national-id-card)-- [Hungary](#hungary-social-security-number-taj)-- [Portugal](#portugal-citizen-card-number)-- [Spain](#spain-social-security-number-ssn)-- [Sweden](#sweden-national-id)-
-## EU Tax identification number
-
-These entities are in the EU Tax identification number sensitive information type.
--- [Austria](#austria-tax-identification-number)-- [Belgium](#belgium-national-number)-- [Bulgaria](#bulgaria-uniform-civil-number)-- [Croatia](#croatia-identity-card-number)-- [Cyprus](#cyprus-tax-identification-number)-- [Czech](#czech-personal-identity-number)-- [Denmark](#denmark-personal-identification-number)-- [Estonia](#estonia-personal-identification-code)-- [Finland](#finland-national-id)-- [France](#france-tax-identification-number)-- [Germany](#germany-tax-identification-number)-- [Greece](#greece-tax-identification-number)-- [Hungary](#hungary-tax-identification-number)-- [Ireland](#ireland-personal-public-service-pps-number)-- [Italy](#italy-fiscal-code)-- [Latvia](#latvia-personal-code)-- [Lithuania](#lithuania-personal-code)-- [Luxemburg](#luxemburg-national-identification-number-non-natural-persons)-- [Malta](#malta-tax-identification-number)-- [Netherlands](#netherlands-tax-identification-number)-- [Poland](#poland-tax-identification-number)-- [Portugal](#portugal-tax-identification-number)-- [Romania](#romania-personal-numeric-code-cnp)-- [Slovakia](#slovakia-personal-number)-- [Slovenia](#slovenia-tax-identification-number)-- [Spain](#spain-tax-identification-number)-- [Sweden](#sweden-tax-identification-number)-- [U.K.](#uk-unique-taxpayer-reference-number)-
-## Finland driver's license number
-
-### Format
-
-10 digits containing a hyphen
-
-### Pattern
-
-10 digits containing a hyphen:
--- six digits-- a hyphen-- three digits-- a digit or letter-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_finland_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_finland_eu_driver's_license_number` is found.-
-```xml
- <!-- Finland Driver's License Number -->
- <Entity id="bb3b27a3-79bd-4ac4-81a7-f9fca3c7d1a7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_finland_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_finland_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_finland_eu_driver's_license_number
--- ajokortti-- permis de conduire-- ajokortin numero-- kuljettaja lic.-- k├╢rkort-- k├╢rkortnummer-- f├╢rare lic.-- ajokortit-- ajokortin numerot-
-## Finland european health insurance number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-20-digit number
-
-### Pattern
-
-20-digit number:
--- 10 digits - 8024680246-- an optional space or hyphen-- 10 digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regex Regex_Finland_European_Health_Insurance_Number finds content that matches the pattern.-- A keyword from Keyword_Finland_European_Health_Insurance_Number is found.-
-```xml
- <!-- Finland European Health Insurance Number -->
- <Entity id="60f75aed-81bf-4625-89b0-0846b9248ee7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_Finland_European_Health_Insurance_Number"/>
- <Match idRef="Keyword_Finland_European_Health_Insurance_Number"/>
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_finland_european_health_insurance_number
--- ehic#-- ehic-- finlandehicnumber#-- finska sjukförsäkringskort-- health card-- health insurance card-- health insurance number-- hälsokort-- sairaanhoitokortin-- sairausvakuutuskortti-- sairausvakuutusnumero-- sjukförsäkring nummer-- sjukförsäkringskort-- suomen sairausvakuutuskortti-- terveyskortti-
-## Finland national ID
-
-### Format
-
-six digits plus a character indicating a century plus three digits plus a check digit
-
-### Pattern
-
-Pattern must include all of the following:
--- six digits in the format DDMMYY, which are a date of birth-- century marker (either '-', '+' or 'a')-- three-digit personal identification number-- a digit or letter (case insensitive) which is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- the function Func_finnish_national_id finds content that matches the pattern-- a keyword from Keyword_finnish_national_id is found-- the checksum passes-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- the function Func_finnish_national_id finds content that matches the pattern-- the checksum passes-
-```xml
- <!-- Finnish National ID-->
- <Entity id="338FD995-4CB5-4F87-AD35-79BD1DD926C1" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_finnish_national_id" />
- <Match idRef="Keyword_finnish_national_id" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_finnish_national_id" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
--- ainutlaatuinen henkilökohtainen tunnus-- henkilökohtainen tunnus-- henkilötunnus-- henkilötunnusnumero#-- henkilötunnusnumero-- hetu-- id no-- id number-- identification number-- identiteetti numero-- identity number-- idnumber-- kansallinen henkilötunnus-- kansallisen henkilökortin-- national id card-- national id no.-- personal id-- personal identity code-- personalidnumber#-- personbeteckning-- personnummer-- social security number-- sosiaaliturvatunnus-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- tunnistenumero-- tunnus numero-- tunnusluku-- tunnusnumero-- verokortti-- veronumero-- verotunniste-- verotunnus-
-## Finland passport number
-
-This entity is available in the EU Passport Number sensitive information type and is available as a stand-alone sensitive information type entity.
-
-### Format
-combination of nine letters and digits
-
-### Pattern
-
-combination of nine letters and digits:
--- two letters (not case-sensitive)-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_finland_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keyword_finland_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_finland_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keyword_finland_passport_number` is found.-
-```xml
- <!-- Finland Passport Number -->
- <Entity id="d1685ac3-1d3a-40f8-8198-32ef5669c7a5" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_finland_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keyword_finland_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_finland_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keyword_finland_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keyword_finland_passport_number
--- suomalainen passi-- passin numero-- passin numero.#-- passin numero#-- passin numero.-- passi#-- passi number-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Finland physical addresses
-
-This unbundled named entity detects patterns related to physical address from Finland. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## France driver's license number
-
-This entity is available in the EU Driver's License Number sensitive information type and is available as a stand-alone sensitive information type entity.
-
-### Format
-
-12 digits
-
-### Pattern
-
-12 digits with validation to discount similar patterns such as French telephone numbers
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- the function Func_french_drivers_license finds content that matches the pattern.-- a keyword from Keyword_french_drivers_license is found.-
-```xml
- <!-- France Driver's License Number -->
- <Entity id="18e55a36-a01b-4b0f-943d-dc10282a1824" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_french_drivers_license" />
- <Match idRef="Keyword_french_drivers_license" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_french_drivers_license
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-- permis de conduire-- licence number-- license number-- licence numbers-- license numbers-- numéros de licence-
-## France health insurance number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-21-digit number
-
-### Pattern
-
-21-digit number:
--- 10 digits-- an optional space-- 10 digits-- an optional space-- a digit-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- the regex Regex_France_Health_Insurance_Number finds content that matches the pattern.-- a keyword from Keyword_France_Health_Insurance_Number is found.-
-```xml
- <!-- France Health Insurance Number -->
- <Entity id="9bc2069e-76df-4ff9-ac02-2f519469e236" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_France_Health_Insurance_Number"/>
- <Match idRef="Keyword_France_Health_Insurance_Number"/>
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_France_health_insurance_number
--- insurance card-- carte vitale-- carte d'assuré social-
-## France national id card (CNI)
-
-### Format
-
-12 digits
-
-### Pattern
-
-12 digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_france_cni finds content that matches the pattern.-- A keyword from Keywords_france_eu_national_id_card is found.-
-```xml
- <!-- France CNI -->
- <Entity id="f741ac74-1bc0-4665-b69b-f0c7f927c0c4" patternsProximity="300" recommendedConfidence="65">
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_france_cni" />
- <Match idRef="Keywords_france_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_france_eu_national_id_card
--- card number-- carte nationale d'identité-- carte nationale d'idenite no-- cni#-- cni-- compte bancaire-- national identification number-- national identity-- nationalidno#-- numéro d'assurance maladie-- numéro de carte vitale-
-## France passport number
-
-This entity is available in the EU Passport Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
-
-### Format
-
-nine digits and letters
-
-### Pattern
-
-nine digits and letters:
--- two digits-- two letters (not case-sensitive)-- five digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_fr_passport` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_france_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_fr_passport` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_france_eu_passport_number` is found.-
-```xml
- <!-- France Passport Number -->
- <Entity id="3008b884-8c8c-4cd8-a289-99f34fc7ff5d" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_fr_passport" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_france_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date3" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_fr_passport" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_france_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_france_eu_passport_number
--- numéro de passeport-- passeport n °-- passeport non-- passeport #-- passeport#-- passeportnon-- passeportn °-- passeport français-- passeport livre-- passeport carte-- numéro passeport-- passeport n°-- n° du passeport-- n° passeport-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## France physical addresses
-
-This unbundled named entity detects patterns related to physical address from France. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## France social security number (INSEE)
-
-### Format
-
-15 digits
-
-### Pattern
-
-Must match one of two patterns:
--- 13 digits followed by a space followed by two digits-
- or
--- 15 consecutive digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_french_insee` finds content that matches the pattern.-- A keyword from Keyword_fr_insee is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_french_insee or Func_fr_insee finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- France INSEE -->
- <Entity id="71f62b97-efe0-4aa1-aa49-e14de253619d" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_french_insee" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keyword_fr_insee" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_french_insee" />
- <Match idRef="Keyword_fr_insee" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_fr_insee
--- code sécu-- d'identité nationale-- insee-- fssn#-- le numéro d'identification nationale-- le code de la sécurité sociale-- national id-- national identification-- no d'identité-- no. d'identité-- numéro d'assurance-- numéro d'identité-- numero d'identite-- numéro de sécu-- numéro de sécurité sociale-- no d'identite-- no. d'identite-- ssn-- ssn#-- sécurité sociale-- securité sociale-- securite sociale-- socialsecuritynumber-- social security number-- social security code-- social insurance number-
-## France tax identification number
-
-### Format
-
-13 digits
-
-### Pattern
-
-13 digits
--- One digit that must be 0, 1, 2, or 3-- One digit-- A space (optional)-- Two digits-- A space (optional)-- Three digits-- A space (optional)-- Three digits-- A space (optional)-- Three check digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_france_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_france_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_france_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- France Tax Identification Number (numéro SPI.) -->
- <Entity id="ed59e77e-171d-442c-9ec1-88e2ebcb5b0a" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_france_eu_tax_file_number" />
- <Match idRef="Keywords_france_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_france_eu_tax_file_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_france_eu_telephone_number" />
- <Match idRef="Keywords_france_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-
-```
-
-### Keywords
-
-#### Keywords_france_eu_tax_file_number
--- numéro d'identification fiscale-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## France value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13 character alphanumeric pattern
-
-### Pattern
-
-13 character alphanumeric pattern:
--- two letters - FR (case insensitive)-- an optional space or hyphen-- two letters or digits-- an optional space, dot, hyphen, or comma-- three digits-- an optional space, dot, hyphen, or comma-- three digits-- an optional space, dot, hyphen, or comma-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_france_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_france_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_france_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- France Value Added Tax Number -->
- <Entity id="949121e6-ad9f-4379-8731-710342baea78" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_france_value_added_tax_number" />
- <Match idRef="Keywords_france_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_france_value_added_tax_number" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_France_value_added_tax_number
--- vat number-- vat no-- vat#-- value added tax-- siren identification no numéro d'identification taxe sur valeur ajoutée-- taxe valeur ajoutée-- taxe sur la valeur ajoutée-- n° tva-- numéro de tva-- numéro d'identification siren-
-## Generic medication names
-
-This unbundled named entity detects names of generic medications, such as *acetaminophen*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Germany driver's license number
-
-This sensitive information type entity is included in the EU Driver's License Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
-
-### Format
-
-combination of 11 digits and letters
-
-### Pattern
-
-11 digits and letters (not case-sensitive):
--- a digit or letter-- two digits-- six digits or letters-- a digit-- a digit or letter-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_german_drivers_license finds content that matches the pattern.-- A keyword from Keyword_german_drivers_license_number is found.-- The checksum passes.-
-```xml
- <!-- German Driver's License Number -->
- <Entity id="91da9335-1edb-45b7-a95f-5fe41a16c63c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_german_drivers_license" />
- <Match idRef="Keyword_german_drivers_license" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_german_drivers_license_number
--- ausstellungsdatum-- ausstellungsort-- ausstellende beh├╢de-- ausstellende behorde-- ausstellende behoerde-- f├╝hrerschein-- fuhrerschein-- fuehrerschein-- f├╝hrerscheinnummer-- fuhrerscheinnummer-- fuehrerscheinnummer-- f├╝hrerschein--- fuhrerschein--- fuehrerschein--- f├╝hrerscheinnummernr-- fuhrerscheinnummernr-- fuehrerscheinnummernr-- f├╝hrerscheinnummerklasse-- fuhrerscheinnummerklasse-- fuehrerscheinnummerklasse-- nr-f├╝hrerschein-- nr-fuhrerschein-- nr-fuehrerschein-- no-f├╝hrerschein-- no-fuhrerschein-- no-fuehrerschein-- n-f├╝hrerschein-- n-fuhrerschein-- n-fuehrerschein-- permis de conduire-- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dlno-
-## Germany identity card number
-
-### Format
-
-since 1 November 2010: Nine to 11 letters and digits
-
-from 1 April 1987 until 31 October 2010: 10 digits
-
-### Pattern
-
-since 1 November 2010: 9 to 11 characters alphanumeric pattern
-- one L, M, N, P, R, T, V, W, X, Y (case insensitive)-- eight digits or letters in C, F, G, H, J, K, L, M, N, P, R, T, V, W, X, Y and Z (case insensitive)-- optional check digit-- Optional d/D-
-from 1 April 1987 until 31 October 2010:
--- 10 digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_german_id_card_with_check` finds content that matches the pattern.-- A keyword from `Keyword_germany_id_card` is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_germany_id_card` finds content that matches the pattern (9 characters without check digit issued pre-2010 or 10 digits pattern issued posy 2010).-- A keyword from Keyword_germany_id_card is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_german_id_card_with_check` finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- Germany Identity Card Number -->
- <Entity id="e577372f-c42e-47a0-9d85-bebed1c237d4" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_germany_id_card" />
- <Match idRef="Keyword_germany_id_card" />
- </Pattern>
- <Version minEngineVersion="15.20.4545.000">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_german_id_card_with_check" />
- <Match idRef="Keyword_germany_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_german_id_card_with_check" />
- </Pattern>
- </Version>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_germany_id_card
--- ausweis-- gpid-- identification-- identifikation-- identifizierungsnummer-- identity card-- identity number-- id-nummer-- personal id-- personalausweis-- persönliche id nummer-- persönliche identifikationsnummer-- persönliche-id-nummer-
-## Germany passport number
-
-### Format
-
-9 to 11 characters
-
-### Pattern
--- one letter in C, F, G, H, J, K (case insensitive)-- eight digits or letters in C, F, G, H, J, K, L, M, N, P, R, T, V, W, X, Y and Z (case insensitive)-- optional check digit-- Optional d/D-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_german_passport_checksum` finds content that matches the pattern.-- A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_german_passport` finds content that matches the nine characters pattern (without check digit and optional d/D).-- A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_german_passport_checksum` finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- German Passport Number -->
- <Entity id="2e3da144-d42b-47ed-b123-fbf78604e52c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_german_passport" />
- <Any minMatches="1">
- <Match idRef="Keyword_german_passport" />
- <Match idRef="Keywords_eu_passport_number_common" />
- </Any>
- </Pattern>
- <Version minEngineVersion="15.20.4570.0">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_german_passport_checksum" />
- <Any minMatches="1">
- <Match idRef="Keyword_german_passport" />
- <Match idRef="Keywords_eu_passport_number_common" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_german_passport_checksum" />
- </Pattern>
- </Version>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_german_passport
--- reisepasse-- reisepassnummer-- No-Reisepass-- Nr-Reisepass-- Reisepass-Nr-- Passnummer-- reisepässe-- passeport no.-- passeport no-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-## Germany physical addresses
-
-This unbundled named entity detects patterns related to physical address from Germany. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Germany tax identification number
-
-### Format
-
-11 digits without spaces and delimiters
-
-### Pattern
-
-11 digits
--- Two digits-- An optional space-- Three digits-- An optional space-- Three digits-- An optional space-- Two digits-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_germany_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Germany Tax Identification Number -->
- <Entity id="43316a89-9880-40cf-b980-04bc7eefcec5" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_germany_eu_tax_file_number" />
- <Match idRef="Keywords_germany_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_germany_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_germany_eu_tax_file_number
--- identifikationsnummer-- steuer id-- steueridentifikationsnummer-- steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- zinn#-- zinn-- zinnnummer-
-## Germany value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 character alphanumeric pattern
-
-### Pattern
-
-11-character alphanumeric pattern:
--- a letter D or d-- a letter E or e-- an optional space-- three digits-- an optional space or comma-- three digits-- an optional space or comma-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_germany_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_germany_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_germany_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- Germany Value Added Tax Number -->
- <Entity id="db177eb2-8811-4842-bffc-128c14aa219f" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_germany_value_added_tax_number" />
- <Match idRef="Keywords_germany_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_germany_value_added_tax_number" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_germany_value_added_tax_number
--- vat number-- vat no-- vat#-- vat# mehrwertsteuer-- mwst-- mehrwertsteuer identifikationsnummer-- mehrwertsteuer nummer-
-## Greece driver's license number
-
-This entity is included in the EU Driver's License Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_greece_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_greece_eu_driver's_license_number` is found.-
-```xml
- <!-- Greece Driver's License Number -->
- <Entity id="7a2200b5-aacf-4e3c-ab36-136d3e68b7da" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_greece_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_greece_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_greece_eu_driver's_license_number
--- δεια οδήγησης-- Adeia odigisis-- Άδεια οδήγησης-- Δίπλωμα οδήγησης-
-## Greece national ID card
-
-### Format
-
-Combination of 7-8 letters and numbers plus a dash
-
-### Pattern
-
-Seven letters and numbers (old format):
--- One letter (any letter of the Greek alphabet)-- A dash-- Six digits-
-Eight letters and numbers (new format):
--- Two letters whose uppercase character occurs in both the Greek and Latin alphabets (ABEZHIKMNOPTYX)-- A dash-- Six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_greece_id_card finds content that matches the pattern.-- A keyword from Keyword_greece_id_card is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_greece_id_card finds content that matches the pattern.-
-```xml
- <!-- Greece National ID Card -->
- <Entity id="82568215-1da1-46d3-874a-d2294d81b5ac" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_greece_id_card" />
- <Match idRef="Keyword_greece_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_greece_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_greece_id_card
--- greek id-- greek national id-- greek personal id card-- greek police id-- identity card-- tautotita-- ταυτότητα-- ταυτότητας-
-## Greece passport number
-
-### Format
-
-Two letters followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-Two letters followed by seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.-- The regular expression `Regex_greece_eu_passport_date` finds date in the format DD MMM YY (Example - 28 Aug 19) or a keyword from `Keywords_greece_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.-
-```xml
- <!-- Greece Passport Number -->
- <Entity id="7e65eb47-cdf9-4f52-8f90-2a27d5ee67e3" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_greece_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_greece_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_greece_eu_passport_date" />
- <Match idRef="Keywords_greece_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_greece_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_greece_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_greece_eu_passport_number
--- αριθμός διαβατηρίου-- αριθμούς διαβατηρίου-- αριθμός διαβατηριο-
-## Greece physical addresses
-
-This unbundled named entity detects patterns related to physical address from Greece. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Greece Social Security Number (AMKA)
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits without spaces and delimiters
-
-### Pattern
--- Six digits as date of birth YYMMDD-- Four digits-- a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_greece_eu_ssn` finds content that matches the pattern.-- A keyword from `Keywords_greece_eu_ssn_or_equivalent` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_greece_eu_ssn` finds content that matches the pattern.-
-```xml
- <!-- Greece Social Security Number (AMKA) -->
- <Entity id="e39b03f4-50ea-41ae-af7a-a4b9539596ad" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_greece_eu_ssn" />
- <Match idRef="Keywords_greece_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_greece_eu_ssn" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_greece_eu_ssn_or_equivalent
--- ssn-- ssn#-- social security no-- socialsecurityno#-- social security number-- amka-- a.m.k.a.-- Αριθμού Μητρώου Κοινωνικής Ασφάλισης-
-## Greece tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-Nine digits without spaces and delimiters
-
-### Pattern
-
-Nine digits
-
-### Checksum
-
-Not applicable
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_greece_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_greece_eu_tax_file_number` is found.-
-```xml
- <!-- Greek Tax Identification Number -->
- <Entity id="15a54a5a-53d4-4080-ad43-a2a4fe1d3bf7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_greece_eu_tax_file_number" />
- <Match idRef="Keywords_greece_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_greece_eu_tax_file_number
--- afm#-- afm-- aφμ|aφμ αριθμός-- aφμ-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- tax registry no-- tax registry number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- taxregistryno#-- tin id-- tin no-- tin#-- αριθμός φορολογικού μητρώου-- τον αριθμό φορολογικού μητρώου-- φορολογικού μητρώου νο-
-## Hong Kong identity card (HKID) number
-
-### Format
-
-Combination of 8-9 letters and numbers plus optional parentheses around the final character
-
-### Pattern
-
-Combination of 8-9 letters:
--- 1-2 letters (not case-sensitive)-- Six digits-- optional space-- a check character (any digit or the letter A) which is optionally enclosed in parentheses-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_hong_kong_id_card finds content that matches the pattern.-- A keyword from Keyword_hong_kong_id_card is found.-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_hong_kong_id_card finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Hong Kong Identity Card (HKID) number -->
-<Entity id="e63c28a7-ad29-4c17-a41a-3d2a0b70fd9c" recommendedConfidence="75" patternsProximity="300">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_hong_kong_id_card"/>
- <Match idRef="Keyword_hong_kong_id_card"/>
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_hong_kong_id_card"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_hong_kong_id_card
--- hkid-- hong kong identity card-- HKIDC-- id card-- identity card-- hk identity card-- hong kong id-- 香港身份證-- 香港永久性居民身份證-- 身份證-- 身份証-- 身分證-- 身分証-- 香港身份証-- 香港身分證-- 香港身分証-- 香港身份證-- 香港居民身份證-- 香港居民身份証-- 香港居民身分證-- 香港居民身分証-- 香港永久性居民身份証-- 香港永久性居民身分證-- 香港永久性居民身分証-- 香港永久性居民身份證-- 香港非永久性居民身份證-- 香港非永久性居民身份証-- 香港非永久性居民身分證-- 香港非永久性居民身分証-- 香港特別行政區永久性居民身份證-- 香港特別行政區永久性居民身份証-- 香港特別行政區永久性居民身分證-- 香港特別行政區永久性居民身分証-- 香港特別行政區非永久性居民身份證-- 香港特別行政區非永久性居民身份証-- 香港特別行政區非永久性居民身分證-- 香港特別行政區非永久性居民身分証-
-## Hungary driver's license number
-
-### Format
-
-Two letters followed by six digits
-
-### Pattern
-
-Two letters and six digits:
--- Two letters (not case-sensitive)-- Six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_hungary_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_hungary_eu_driver's_license_number` is found.-
-```xml
- <Entity id="9d31c46b-6e6b-444c-aeb1-6dd7e604bb24" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_hungary_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_hungary_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_hungary_eu_driver's_license_number
--- vezetoi engedely-- vezetői engedély-- vezetői engedélyek-
-## Hungary passport number
-
-### Format
-
-Two letters followed by six or seven digits with no spaces or delimiters
-
-### Pattern
-
-Two letters followed by six or seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.-- The regular expression `Regex_hungary_eu_passport_date` finds date in the format DD MMM/MMM YY (Example - 01 MÁR/MAR 12) or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.-
-```xml
- <!-- Hungary Passport Number -->
- <Entity id="5b483910-9aa7-4c99-9917-f4001464bda7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_hungary_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_hungary_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_hungary_eu_passport_date" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_hungary_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_hungary_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_hungary_eu_passport_number
--- útlevél száma-- Útlevelek száma-- útlevél szám-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Hungary personal identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits
-
-### Pattern
-
-11 digits:
--- One digit that corresponds to gender, 1 for male, 2 for female. Other numbers are also possible for citizens born before 1900 or citizens with double citizenship.-- Six digits that correspond to birth date (YYMMDD)-- Three digits that correspond to a serial number-- One check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_hungary_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Hungary Personal Identification Number -->
- <Entity id="7b5cc218-7046-47d9-80c9-f325b50896ca" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_hungary_eu_national_id_card" />
- <Match idRef="Keywords_hungary_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_hungary_eu_national_id_card" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_hungary_eu_telephone_number" />
- <Match idRef="Keywords_hungary_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_hungary_eu_national_id_card
--- id number-- identification number-- sz ig-- sz. ig.-- sz.ig.-- személyazonosító igazolvány-- személyi igazolvány-
-## Hungary physical addresses
-
-This unbundled named entity detects patterns related to physical address from Hungary. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Hungary social security number (TAJ)
-
-### Format
-
-Nine digits without spaces and delimiters
-
-### Pattern
-
-Nine digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.-- A keyword from `Keywords_hungary_eu_ssn_or_equivalent` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.-
-```xml
- <!-- Hungarian Social Security Number (TAJ) -->
- <Entity id="0de78315-9537-47f5-95ab-b3e77eba3993" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_hungary_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_hungary_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_hungary_eu_ssn_or_equivalent" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_hungary_eu_ssn_or_equivalent
--- hungarian social security number-- social security number-- socialsecuritynumber#-- hssn#-- socialsecuritynno-- hssn-- taj-- taj#-- ssn-- ssn#-- social security no-- áfa-- közösségi adószám-- általános forgalmi adó szám-- hozzáadottérték adó-- áfa szám-- magyar áfa szám-
-## Hungary tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10 digits with no spaces or delimiters
-
-### Pattern
-
-10 digits:
--- One digit that must be "8"-- Eight digits-- One check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_hungary_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Hungary Tax Identification Number -->
- <Entity id="ede42eb4-59d9-49eb-9603-d7853fbda91d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_hungary_eu_tax_file_number" />
- <Match idRef="Keywords_hungary_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_hungary_eu_tax_file_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_hungary_eu_telephone_number" />
- <Match idRef="Keywords_hungary_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_hungary_eu_tax_file_number
--- adóazonosító szám-- adóhatóság szám-- adószám-- hungarian tin-- hungatiantin#-- tax authority no-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- vat number-
-## Hungary value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10 character alphanumeric pattern
-
-### Pattern
-
-10 character alphanumeric pattern:
--- two letters - HU or hu-- optional space-- eight digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_hungarian_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_hungarian_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_hungarian_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- Hungarian Value Added Tax Number -->
- <Entity id="976349a0-683b-477a-90f8-ff0a220d5592" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_hungarian_value_added_tax_number" />
- <Match idRef="Keywords_hungarian_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_hungarian_value_added_tax_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_Hungary_value_added_tax_number
--- vat-- value added tax number-- vat#-- vatno#-- hungarianvatno#-- tax no.-- value added tax áfa-- közösségi adószám-- általános forgalmi adó szám-- hozzáadottérték adó-- áfa szám-
-## Iceland physical addresses
-
-This unbundled named entity detects patterns related to physical address from Iceland. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Impairments Listed In The U.S. Disability Evaluation Under Social Security
-
-This unbundled named entity detects names of impairments listed in the U.S. Disability Evaluation Under Social Security, such as *muscular dystrophy*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## India Driver's License Number
-
-### Format
-
-15 character alphanumeric pattern
-
-### Pattern
-
-15 letters or digits:
--- two letters indicating state code-- optional space or dash-- two digits indicating city code-- optional space or dash-- four digits indicating year of issue-- optional space or dash-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_india_driving_license` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number_common` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_india_driving_license` finds content that matches the pattern.-
-```xml
- <!-- India Driver's License Number -->
- <Entity id="680788a3-53b6-455a-b891-c38cd76dc917" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_india_driving_license" />
- <Match idRef="Keywords_eu_driver's_license_number_common" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_india_driving_license" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number_common
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-## India GST Number
-
-### Format
-
-15 character alphanumeric pattern
-
-### Pattern
-
-15 letters or digits:
--- two digits representing valid state code-- an optional space or dash-- ten characters representing Permanent Account Number (PAN)-- one letter or digit-- an optional space or dash-- one letter 'z' or 'Z'-- an optional space or dash-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_india_gst_number` finds content that matches the pattern.-- A keyword from `Keyword_india_gst_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_india_gst_number` finds content that matches the pattern.-
-```xml
- <!-- India GST number -->
- <Entity id="9f5a721c-2fd2-446a-a27e-0c02fbe4630c" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_india_gst_number" />
- <Match idRef="Keyword_india_gst_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_india_gst_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_india_gst_number
--- gst-- gstin-- goods and services tax-- goods and service tax-
-## India permanent account number (PAN)
-
-### Format
-
-10 letters or digits
-
-### Pattern
-
-10 letters or digits:
--- Three letters (not case-sensitive)-- A letter in C, P, H, F, A, T, B, L, J, G (not case-sensitive)-- A letter-- Four digits-- A letter that is an alphabetic check digit-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_india_permanent_account_number finds content that matches the pattern.-- A keyword from Keyword_india_permanent_account_number is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_india_permanent_account_number finds content that matches the pattern.-
-```xml
- <!-- India Permanent Account Number -->
- <Entity id="2602bfee-9bb0-47a5-a7a6-2bf3053e2804" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_india_permanent_account_number" />
- <Match idRef="Keyword_india_permanent_account_number" />
- </Pattern>
- <Version minEngineVersion="15.20.3520.000">
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_india_permanent_account_number" />
- </Pattern>
- </Version>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_india_permanent_account_number
--- Permanent Account Number-- PAN-
-## India unique identification (Aadhaar) number
-
-### Format
-
-12 digits containing optional spaces or dashes
-
-### Pattern
-
-12 digits:
--- A digit that isn't 0 or 1-- Three digits-- An optional space or dash-- Four digits-- An optional space or dash-- The final digit, which is the check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_india_aadhaar finds content that matches the pattern.-- A keyword from Keyword_india_aadhar is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_india_aadhaar finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- India Unique Identification (Aadhaar) number -->
-<Entity id="1ca46b29-76f5-4f46-9383-cfa15e91048f" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_india_aadhaar"/>
- <Match idRef="Keyword_india_aadhar"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_india_aadhaar"/>
- </Pattern>
-</Entity>
-```
-### Keywords
-
-#### Keyword_india_aadhar
-- aadhaar-- aadhar-- aadhar#-- uid-- आधार-- uidai-
-## India Voter Id Card
-
-### Format
-
-10 character alphanumeric pattern
-
-### Pattern
-
-10 letters or digits:
--- three letters-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_india_voter_id_card` finds content that matches the pattern.-- A keyword from `Keyword_india_voter_id_card` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_india_voter_id_card` finds content that matches the pattern.-
-```xml
- <!-- India Voter Id Card -->
- <Entity id="646d643f-5228-4408-acc8-f2e81a6df897" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_india_voter_id_card" />
- <Match idRef="Keyword_india_voter_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_india_voter_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_india_voter_id_card
--- voter-- voterid-- votercard-- voteridcard-- electoral photo identity card-- EPIC-- ECI-- election commmision-
-## Indonesia identity card (KTP) number
-
-### Format
-
-16 digits containing optional periods
-
-### Pattern
-
-16 digits:
--- Two-digit province code-- A period (optional)-- Two-digit regency or city code-- Two-digit subdistrict code-- A period (optional)-- Six digits in the format DDMMYY, which are the date of birth-- A period (optional)-- Four digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_indonesia_id_card finds content that matches the pattern.-- A keyword from Keyword_indonesia_id_card is found.-
-```xml
-<!-- Indonesia Identity Card (KTP) Number -->
-<Entity id="da68fdb0-f383-4981-8c86-82689d3b7d55" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_indonesia_id_card"/>
- <Match idRef="Keyword_indonesia_id_card"/>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_indonesia_id_card
--- KTP-- Kartu Tanda Penduduk-- Nomor Induk Kependudukan-
-## International banking account number (IBAN)
-
-### Format
-
-Country code (two letters) plus check digits (two digits) plus bban number (up to 30 characters)
-
-### Pattern
-
-Pattern must include all of the following:
--- Two-letter country code-- Two check digits (followed by an optional space)-- 1-7 groups of four letters or digits (can be separated by spaces)-- 1-3 letters or digits-
-The format for each country is slightly different. The IBAN sensitive information type covers these 60 countries:
--- ad-- ae-- al-- at-- az-- ba-- be-- bg-- bh-- ch-- cr-- cy-- cz-- de-- dk-- do-- ee-- es-- fi-- fo-- fr-- gb-- ge-- gi-- gl-- gr-- hr-- hu-- ie-- il-- is-- it-- kw-- kz-- lb-- li-- lt-- lu-- lv-- mc-- md-- me-- mk-- mr-- mt-- mu-- nl-- no-- pl-- pt-- ro-- rs-- sa-- se-- si-- sk-- sm-- tn-- tr-- vg-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_iban finds content that matches the pattern.-- The checksum passes.-
-```xml
-<Entity id="e7dc4711-11b7-4cb0-b88b-2c394a771f0e" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_iban" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-None
-
-## International classification of diseases (ICD-10-CM)
-
-### Format
-
-Dictionary
-
-### Pattern
-
-Keyword
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- A keyword from Dictionary_icd_10_updated is found.-- A keyword from Dictionary_icd_10_codes is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- A keyword from Dictionary_icd_10_ updated is found.-
-```xml
- <!-- ICD-10 CM -->
- <Entity id="3356946c-6bb7-449b-b253-6ffa419c0ce7" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Dictionary_icd_10_updated" />
- <Match idRef="Dictionary_icd_10_codes" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Dictionary_icd_10_updated" />
- </Pattern>
-
-```
-
-### Keywords
-
-Any term from the Dictionary_icd_10_updated keyword dictionary, which is based on the [International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM)](https://icd10cmtool.cdc.gov/). This type looks only for the term, not the insurance codes.
-
-Any term from the Dictionary_icd_10_codes keyword dictionary, which is based on the [International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM)](https://icd10cmtool.cdc.gov/). This type looks only for insurance codes, not the description.
-
-## International classification of diseases (ICD-9-CM)
-
-### Format
-
-Dictionary
-
-### Pattern
-
-Keyword
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- A keyword from Dictionary_icd_9_updated is found.-- A keyword from Dictionary_icd_9_codes is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- A keyword from Dictionary_icd_9_updated is found.-
-```xml
- <Entity id="fa3f9c74-ee07-4c52-b5f2-085d6b2c0ec4" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Dictionary_icd_9_updated" />
- <Match idRef="Dictionary_icd_9_codes" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Dictionary_icd_9_updated" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-Any term from the Dictionary_icd_9_updated keyword dictionary, which is based on the [International Classification of Diseases,Ninth Revision, Clinical Modification (ICD-9-CM)](https://go.microsoft.com/fwlink/?linkid=852605). This type looks only for the term, not the insurance codes.
-
-Any term from the Dictionary_icd_9_codes keyword dictionary, which is based on the [International Classification of Diseases,Ninth Revision, Clinical Modification (ICD-9-CM)](https://go.microsoft.com/fwlink/?linkid=852605). This type looks only for insurance codes, not the description.
-
-## IP address
-
-### Format
-
-#### IPv4:
-Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses
-
-#### IPv6:
-Complex pattern that accounts for formatted IPv6 numbers (which include colons)
-
-### Pattern
-
-### Checksum
-
-No
-
-### Definition
-
-For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_ipv6_address finds content that matches the pattern.-- No keyword from Keyword_ipaddress is found.-
-For IPv4, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_ipv4_address finds content that matches the pattern.-- A keyword from Keyword_ipaddress is found.-
-For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_ipv6_address finds content that matches the pattern.-- No keyword from Keyword_ipaddress is found.-
-```xml
- <!-- IP Address -->
- <Entity id="1daa4ad5-e2dd-4ca4-a788-54722c09efb2" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_ipv6_address" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keyword_ipaddress" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="95">
- <IdMatch idRef="Regex_ipv4_address" />
- <Any minMatches="1">
- <Match idRef="Keyword_ipaddress" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="95">
- <IdMatch idRef="Regex_ipv6_address" />
- <Any minMatches="1">
- <Match idRef="Keyword_ipaddress" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_ipaddress
--- IP (this keyword is case-sensitive)-- ip address-- ip addresses-- internet protocol-- IP-כתובת ה-
-## IP Address v4
-
-### Format
-
-Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses
-
-### Pattern
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ipv4_address` finds content that matches the pattern.-- A keyword from `Keyword_ipaddress` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ipv4_address` finds content that matches the pattern.-
-```xml
- <!-- IP Address v4-->
- <Entity id="a7dd5e5f-e7f9-4626-a2c6-86a8cb6830d2" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_ipv4_address" />
- <Match idRef="Keyword_ipaddress" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_ipv4_address" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_ipaddress
--- IP (case sensitive)-- ip address-- ip addresses-- internet protocol-- IP-כתובת ה-
-## IP Address v6
-
-### Format
-
-Complex pattern that accounts for formatted IPv6 numbers (which include colons)
-
-### Pattern
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ipv6_address` finds content that matches the pattern.-- A keyword from `Keyword_ipaddress` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ipv6_address` finds content that matches the pattern.-
-```xml
- <!-- IP Address v6-->
- <Entity id="3f691089-7413-4926-ab3b-3c5ea8a1c17e" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_ipv6_address" />
- <Match idRef="Keyword_ipaddress" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_ipv6_address" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_ipaddress
--- IP (case sensitive)-- ip address-- ip addresses-- internet protocol-- IP-כתובת ה-
-## Ireland driver's license number
-
-### Format
-
-Six digits followed by four letters
-
-### Pattern
-
-Six digits and four letters:
--- Six digits-- Four letters (not case-sensitive)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ireland_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_ireland_eu_driver's_license_number` is found.-
-```xml
- <!-- Ireland Driver's License Number -->
- <Entity id="e01bccd9-eb4d-414f-ace1-e9b6a4c4a2ca" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_ireland_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_ireland_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_ireland_eu_driver's_license_number
--- ceadúnas tiomána-- ceadúnais tiomána-
-## Ireland passport number
-
-### Format
-
-Two letters or digits followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-Two letters or digits followed by seven digits:
--- Two digits or letters (not case-sensitive)-- Seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.-- The regular expression `Regex_ireland_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 BEA/MAY 1988) or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.-
-```xml
- <!-- Ireland Passport Number -->
- <Entity id="a2130f27-9ee2-4103-84f9-a6b1ee7d0cbf" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_ireland_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_ireland_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_ireland_eu_passport_date" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_ireland_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_ireland_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_ireland_eu_passport_number
--- passeport numero-- uimhreacha pasanna-- uimhir pas-- uimhir phas-- uimhreacha pas-- uimhir cárta-- uimhir chárta-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Ireland personal public service (PPS) number
-
-### Format
-
-Old format (until 31 December 2012):
--- seven digits followed by 1-2 letters-
-New format (1 January 2013 and after):
--- seven digits followed by two letters-
-### Pattern
-
-Old format (until 31 December 2012):
--- seven digits-- one to two letters (not case-sensitive)-
-New format (1 January 2013 and after):
--- seven digits-- a letter (not case-sensitive) which is an alphabetic check digit-- An optional letter in the range A-I, or "W"-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_ireland_pps finds content that matches the pattern.-- A keyword from Keywords_ireland_eu_national_id_card is found.-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_ireland_pps finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- Ireland Personal Public Service (PPS) Number -->
- <Entity id="1cdb674d-c19a-4fcf-9f4b-7f56cc87345a" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_ireland_pps" />
- <Match idRef="Keywords_ireland_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_ireland_pps" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_ireland_eu_national_id_card
--- client identity service-- identification number-- personal id number-- personal public service number-- personal service no-- phearsanta seirbhíse poiblí-- pps no-- pps number-- pps num-- pps service no-- ppsn-- ppsno#-- ppsno-- psp-- public service no-- publicserviceno#-- publicserviceno-- revenue and social insurance number-- rsi no-- rsi number-- rsin-- seirbhís aitheantais cliant-- uimh-- uimhir aitheantais chánach-- uimhir aitheantais phearsanta-- uimhir phearsanta seirbhíse poiblí-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Ireland physical addresses
-
-This unbundled named entity detects patterns related to physical address from Ireland. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Israel bank account number
-
-### Format
-
-13 digits
-
-### Pattern
-
-Formatted:
--- two digits-- a dash-- three digits-- a dash-- eight digits-
-Unformatted:
--- 13 consecutive digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_israel_bank_account_number finds content that matches the pattern.-- A keyword from Keyword_israel_bank_account_number is found.-
-```xml
-<!-- Israel Bank Account Number -->
-<Entity id="7d08b2ff-a0b9-437f-957c-aeddbf9b2b25" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_israel_bank_account_number" />
- <Any minMatches="1">
- <Match idRef="Keyword_israel_bank_account_number" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_israel_bank_account_number
--- Bank Account Number-- Bank Account-- Account Number-- מספר חשבון בנק-
-## Israel national identification number
-
-### Format
-
-nine digits
-
-### Pattern
-
-nine consecutive digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_israeli_national_id_number finds content that matches the pattern.-- A keyword from Keyword_Israel_National_ID is found.-- The checksum passes.-
-```xml
-<!-- Israel National ID Number -->
-<Entity id="e05881f5-1db1-418c-89aa-a3ac5c5277ee" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_israeli_national_id_number" />
- <Any minMatches="1">
- <Match idRef="Keyword_Israel_National_ID" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_Israel_National_ID
--- מספר זהות-- מספר זיה וי-- מספר זיהוי ישר אלי-- זהותישר אלית-- هو ية اسرائيل ية عدد-- هوية إسرائ يلية-- رقم الهوية-- عدد هوية فريدة من نوعها-- idnumber#-- id number-- identity no-- identitynumber#-- identity number-- israeliidentitynumber-- personal id-- unique id-
-## Italy driver's license number
-
-This type entity is included in the EU Driver's License Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
-
-### Format
-
-a combination of 10 letters and digits
-
-### Pattern
-
-a combination of 10 letters and digits:
--- one letter (not case-sensitive)-- the letter "A" or "V" (not case-sensitive)-- seven digits-- one letter (not case-sensitive)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_italy_drivers_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keyword_italy_drivers_license_number` is found.-
-```xml
- <!-- Italy Driver's license Number -->
- <Entity id="97d6244f-9157-41bd-8e0c-9d669a5c4d71" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_italy_drivers_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keyword_italy_drivers_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keyword_italy_drivers_license_number
--- numero di patente-- patente di guida-- patente guida-- patenti di guida-- patenti guida-
-## Italy fiscal code
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-a 16-character combination of letters and digits in the specified pattern
-
-### Pattern
-
-A 16-character combination of letters and digits:
--- three letters that correspond to the first three consonants in the family name-- three letters that correspond to the first, third, and fourth consonants in the first name-- two digits that correspond to the last digits of the birth year-- one letter that corresponds to the letter for the month of birthΓÇöletters are used in alphabetical order, but only the letters A to E, H, L, M, P, R to T are used (so, January is A and October is R)-- two digits that correspond to the day of the month of birth in order to differentiate between genders, 40 is added to the day of birth for women-- four digits that correspond to the area code specific to the municipality where the person was born (country-wide codes are used for foreign countries)-- one parity digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_italy_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_italy_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_italy_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Italy Fiscal Code -->
- <Entity id="4cd79172-8da9-4ff5-9188-98b1e7e2eca6" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_italy_eu_national_id_card" />
- <Match idRef="Keywords_italy_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_italy_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_italy_eu_national_id_card
--- codice fiscal-- codice fiscale-- codice id personale-- codice personale-- fiscal code-- numero certificato personale-- numero di identificazione fiscale-- numero id personale-- numero personale-- personal certificate number-- personal code-- personal id code-- personal id number-- personalcodeno#-- tax code-- tax id-- tax identification no-- tax identification number-- tax identity number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Italy passport number
-
-### Format
-
-two letters or digits followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-two letters or digits followed by seven digits:
--- two digits or letters (not case-sensitive)-- seven digits-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.-- The regular expression `Regex_italy_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 GEN/JAN 1988) or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.-
-```xml
- <!-- Italy Passport Number -->
- <Entity id="39811019-4750-445f-b26d-4c0e6c431544" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_italy_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_italy_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_italy_eu_passport_date" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_italy_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_italy_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_italy_eu_passport_number
--- italiana passaporto-- passaporto italiana-- passaporto numero-- numéro passeport-- numero di passaporto-- numeri del passaporto-- passeport italien-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Italy physical addresses
-
-This unbundled named entity detects patterns related to physical address from Italy. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Italy value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13 character alphanumeric pattern with optional delimiters
-
-### Pattern
-
-13 character alphanumeric pattern with optional delimiters:
--- I or i-- T or t-- optional space, dot, hyphen, or comma-- 11 digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_italy_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_italy_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_italy_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- Italy Value Added Tax -->
- <Entity id="26a8cc07-2283-4a2a-ab1d-4ab643c4c67f" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_italy_value_added_tax_number" />
- <Match idRef="Keywords_italy_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_italy_value_added_tax_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_italy_value_added_tax_number
--- vat number-- vat no-- vat#-- iva-- iva#-
-## Japan bank account number
-
-### Format
-
-seven or eight digits
-
-### Pattern
-
-bank account number:
--- seven or eight digits-- bank account branch code:--- four digits-- a space or dash (optional)-- three digits-
-Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_bank_account finds content that matches the pattern.-- A keyword from Keyword_jp_bank_account is found.-- One of the following is true:--- The function Func_jp_bank_account_branch_code finds content that matches the pattern.-- A keyword from Keyword_jp_bank_branch_code is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_bank_account finds content that matches the pattern.-- A keyword from Keyword_jp_bank_account is found.-
-```xml
-<!-- Japan Bank Account Number -->
-<Entity id="d354f95b-96ee-4b80-80bc-4377312b55bc" patternsProximity="300" recommendedConfidence="75">
- <Version minEngineVersion="15.01.0131.000">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_jp_bank_account" />
- <Match idRef="Keyword_jp_bank_account" />
- <Any minMatches="1">
- <Match idRef="Func_jp_bank_account_branch_code" />
- <Match idRef="Keyword_jp_bank_branch_code" />
- </Any>
- </Pattern>
- </Version>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_jp_bank_account" />
- <Match idRef="Keyword_jp_bank_account" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_bank_account
--- Checking Account Number-- Checking Account-- Checking Account #-- Checking Acct Number-- Checking Acct #-- Checking Acct No.-- Checking Account No.-- Bank Account Number-- Bank Account-- Bank Account #-- Bank Acct Number-- Bank Acct #-- Bank Acct No.-- Bank Account No.-- Savings Account Number-- Savings Account-- Savings Account #-- Savings Acct Number-- Savings Acct #-- Savings Acct No.-- Savings Account No.-- Debit Account Number-- Debit Account-- Debit Account #-- Debit Acct Number-- Debit Acct #-- Debit Acct No.-- Debit Account No.-- 口座番号-- 銀行口座-- 銀行口座番号-- 総合口座-- 普通預金口座-- 普通口座-- 当座預金口座-- 当座口座-- 預金口座-- 振替口座-- 銀行-- バンク-
-#### Keyword_jp_bank_branch_code
--- 支店番号-- 支店コード-- 店番号-
-## Japan driver's license number
-
-### Format
-
-12 digits
-
-### Pattern
-
-12 consecutive digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_drivers_license_number finds content that matches the pattern.-- A keyword from Keyword_jp_drivers_license_number is found.-
-```xml
-<!-- Japan Driver's License Number -->
-<Entity id="c6011143-d087-451c-8313-7f6d4aed2270" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_jp_drivers_license_number" />
- <Match idRef ="Keyword_jp_drivers_license_number" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_drivers_license_number
--- driverlicense-- driverslicense-- driver'slicense-- driverslicenses-- driver'slicenses-- driverlicenses-- dl#-- dls#-- lic#-- lics#-- 運転免許証-- 運転免許-- 免許証-- 免許-- 運転免許証番号-- 運転免許番号-- 免許証番号-- 免許番号-- 運転免許証ナンバー-- 運転免許ナンバー-- 免許証ナンバー-- 運転免許証no-- 運転免許no-- 免許証no-- 免許no-- 運転経歴証明書番号-- 運転経歴証明書-- 運転免許証No.-- 運転免許No.-- 免許証No.-- 免許No.-- 運転免許証#-- 運転免許#-- 免許証#-- 免許#-
-## Japan My Number - Corporate
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13-digit number
-
-### Pattern
-
-13-digit number:
--- one digit from one to nine-- 12 digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_japanese_my_number_corporate finds content that matches the pattern.-- A keyword from Keywords_japanese_my_number_corporate is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_japanese_my_number_corporate finds content that matches the pattern.-
-```xml
- <!-- Japanese My Number ΓÇô Corporate -->
- <Entity id="9e0eaf79-ff20-4ffb-b3e4-e7368d5db6ff" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_japanese_my_number_corporate" />
- <Match idRef="Keywords_japanese_my_number_corporate" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_japanese_my_number_corporate" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_japan_my_number_corporate
--- corporate number-- マイナンバー-- 共通番号-- マイナンバーカード-- マイナンバーカード番号-- 個人番号カード-- 個人識別番号-- 個人識別ナンバー-- 法人番号-- 指定通知書-
-## Japan My Number - Personal
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-12-digit number
-
-### Pattern
-
-12-digit number:
--- four digits-- an optional space, dot, or hyphen-- four digits-- an optional space, dot, or hyphen-- four digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_japanese_my_number_personal finds content that matches the pattern.-- A keyword from Keywords_japanese_my_number_personal is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_japanese_my_number_personal finds content that matches the pattern.-
-```xml
- <!-- Japanese My Number ΓÇô Personal -->
- <Entity id="98da8e66-7299-4ebd-9f82-c871ab37d3ef" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_japanese_my_number_personal" />
- <Match idRef="Keywords_japanese_my_number_personal" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_japanese_my_number_personal" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_japan_my_number_personal
--- my number-- マイナンバー-- 個人番号-- 共通番号-- マイナンバーカード-- マイナンバーカード番号-- 個人番号カード-- 個人識別番号-- 個人識別ナンバー-- 通知カード-
-## Japan passport number
-
-### Format
-
-two letters followed by seven digits
-
-### Pattern
-
-two letters (not case-sensitive) followed by seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_passport finds content that matches the pattern.-- A keyword from Keyword_jp_passport is found.-
-```xml
-<!-- Japan Passport Number -->
-<Entity id="75177310-1a09-4613-bf6d-833aae3743f8" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_jp_passport" />
- <Match idRef="Keyword_jp_passport" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_passport
--- Passport-- Passport Number-- Passport No.-- Passport #-- パスポート-- パスポート番号-- パスポートナンバー-- パスポート#-- パスポート#-- パスポートNo.-- 旅券番号-- 旅券番号#-- 旅券番号♯-- 旅券ナンバー-
-## Japan residence card number
-
-### Format
-
-12 letters and digits
-
-### Pattern
-
-12 letters and digits:
--- two letters (not case-sensitive)-- eight digits-- two letters (not case-sensitive)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_jp_residence_card_number finds content that matches the pattern.-- A keyword from Keyword_jp_residence_card_number is found.-
-```xml
-<!--Japan Residence Card Number-->
--<Entity id="ac36fef2-a289-4e2c-bb48-b02366e89fc0" recommendedConfidence="75" patternsProximity="300">
- -<Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_jp_residence_card_number"/>
- <Match idRef="Keyword_jp_residence_card_number"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_residence_card_number
--- Residence card number-- Residence card no-- Residence card #-- 在留カード番号-- 在留カード-- 在留番号-
-## Japan resident registration number
-
-### Format
-
-11 digits
-
-### Pattern
-
-11 consecutive digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_resident_registration_number finds content that matches the pattern.-- A keyword from Keyword_jp_resident_registration_number is found.-
-```xml
-<!-- Japan Resident Registration Number -->
-<Entity id="01c1209b-6389-4faf-a5f8-3f7e13899652" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_jp_resident_registration_number" />
- <Match idRef ="Keyword_jp_resident_registration_number" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_resident_registration_number
--- Resident Registration Number-- Residents Basic Registry Number-- Resident Registration No.-- Resident Register No.-- Residents Basic Registry No.-- Basic Resident Register No.-- 外国人登録証明書番号-- 証明書番号-- 登録番号-- 外国人登録証-
-## Japan social insurance number (SIN)
-
-### Format
-
-7-12 digits
-
-### Pattern
-
-7-12 digits:
--- four digits-- a hyphen (optional)-- six digits
-OR
-- 7-12 consecutive digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_sin finds content that matches the pattern.-- A keyword from Keyword_jp_sin is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_sin_pre_1997 finds content that matches the pattern.-- A keyword from Keyword_jp_sin is found.-
-```xml
-<!-- Japan Social Insurance Number -->
-<Entity id="c840e719-0896-45bb-84fd-1ed5c95e45ff" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_jp_sin" />
- <Match idRef="Keyword_jp_sin" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_jp_sin_pre_1997" />
- <Match idRef="Keyword_jp_sin" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_sin
--- Social Insurance No.-- Social Insurance Num-- Social Insurance Number-- 健康保険被保険者番号-- 健保番号-- 基礎年金番号-- 雇用保険被保険者番号-- 雇用保険番号-- 保険証番号-- 社会保険番号-- 社会保険No.-- 社会保険-- 介護保険-- 介護保険被保険者番号-- 健康保険被保険者整理番号-- 雇用保険被保険者整理番号-- 厚生年金-- 厚生年金被保険者整理番号-
-## Lab test terms
-
-This unbundled named entity detects terms related to lab tests, such as *Insulin C-peptide*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Latvia driver's license number
-
-### Format
-
-three letters followed by six digits
-
-### Pattern
-
-three letters and six digits:
--- three letters (not case-sensitive)-- six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_latvia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_latvia_eu_driver's_license_number` is found.-
-```xml
- <!-- Latvia Driver's License Number -->
- <Entity id="ec996de0-30f2-46b1-b192-4d2ff8805fa7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_latvia_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_latvia_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_latvia_eu_driver's_license_number
--- autovad─½t─üja apliec─½ba-- autovad─½t─üja apliec─½bas-- vad─½t─üja apliec─½ba-
-## Latvia passport number
-
-### Format
-
-two letters or digits followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-two letters or digits followed by seven digits:
--- two digits or letters (not case-sensitive)-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.-
-```xml
- <!-- Latvia Passport Number -->
- <Entity id="23ae25ec-cc28-421b-b77a-3054eadf1ede" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_latvia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_latvia_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_latvia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_latvia_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_latvia_eu_passport_number
--- pase numurs-- pase numur-- pases numuri-- pases nr-- passeport no-- n┬░ du Passeport-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Latvia personal code
-
-### Format
-
-11 digits and an optional hyphen
-
-### Pattern
-
-Old format
-
-11 digits and a hyphen:
--- six digits that correspond to the birth date (DDMMYY)-- a hyphen-- one digit that corresponds to the century of birth ("0" for 19th century, "1" for 20th century, and "2" for 21st century)-- four digits, randomly generated-
-New format
-
-11 digits
--- Two digits "32"-- Nine digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern.-- A keyword from `Keywords_latvia_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern.-
-```xml
- <!-- Latvia Personal Code -->
- <Entity id="03fcf763-27c2-49ed-9422-2641c6c895c9" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_latvia_eu_national_id_card" />
- <Match idRef="Keywords_latvia_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_latvia_eu_national_id_card" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_latvia_eu_telephone_number" />
- <Match idRef="Keywords_latvia_eu_mobile_number" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_latvia_eu_national_id_card_new_format" />
- <Match idRef="Keywords_latvia_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_latvia_eu_national_id_card_new_format" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_latvia_eu_telephone_number" />
- <Match idRef="Keywords_latvia_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-
-```
-
-### Keywords
-
-#### Keywords_latvia_eu_national_id_card
--- administrative number-- alvas n─ô-- birth number-- citizen number-- civil number-- electronic census number-- electronic number-- fiscal code-- healthcare user number-- id#-- id-code-- identification number-- identifik─ücijas numurs-- id-number-- individual number-- latvija alva-- nacion─ülais id-- national id-- national identifying number-- national identity number-- national insurance number-- national register number-- nodok─╝a numurs-- nodok─╝u id-- nodok─╝u identifik─ücija numurs-- personal certificate number-- personal code-- personal id code-- personal id number-- personal identification code-- personal identifier-- personal identity number-- personal number-- personal numeric code-- personalcodeno#-- personas kods-- population identification code-- public service number-- registration number-- revenue number-- social insurance number-- social security number-- state tax code-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- voter's number-
-## Latvia physical addresses
-
-This unbundled named entity detects patterns related to physical address from Latvia. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Liechtenstein physical addresses
-
-This unbundled named entity detects patterns related to physical address from Liechtenstein. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Lifestyles that relate to medical conditions
-
-This unbundled named entity detects terms related to lifestyles that might result in a medical condition, such as *smoking*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Lithuania driver's license number
-
-### Format
-
-eight digits without spaces and delimiters
-
-### Pattern
-
-eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_lithuania_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_lithuania_eu_driver's_license_number` is found.-
-```xml
- <!-- Lithuania Driver's License Number -->
- <Entity id="86f7628b-e0f4-4dc3-9fbc-e4300e4c7d78" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_lithuania_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_lithuania_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_lithuania_eu_driver's_license_number
--- vairuotojo pa┼╛ym─ùjimas-- vairuotojo pa┼╛ym─ùjimo numeris-- vairuotojo pa┼╛ym─ùjimo numeriai-
-## Lithuania personal code
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits without spaces and delimiters
-
-### Pattern
-
-11 digits without spaces and delimiters:
--- one digit (1-6) that corresponds to the person's gender and century of birth-- six digits that correspond to birth date (YYMMDD)-- three digits that correspond to the serial number of the date of birth-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_lithuania_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Lithuania Personal Code -->
- <Entity id="cd6d3786-8ec3-4524-a2cf-1e0095379171" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_lithuania_eu_tax_file_number" />
- <Match idRef="Keywords_lithuania_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_lithuania_eu_tax_file_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_lithuania_eu_telephone_number" />
- <Match idRef="Keywords_lithuania_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_lithuania_eu_national_id_card
--- asmeninis skaitmeninis kodas-- asmens kodas-- citizen service number-- mokes─ìi┼│ id-- mokes─ìi┼│ identifikavimas numeris-- mokes─ìi┼│ identifikavimo numeris-- mokes─ìi┼│ numeris-- national identification number-- personal code-- personal numeric code-- pilie─ìio paslaugos numeris-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- unikalus identifikavimo kodas-- unikalus identifikavimo numeris-- unique identification number-- unique identity number-- uniqueidentityno#-
-## Lithuania physical addresses
-
-This unbundled named entity detects patterns related to physical address from Lithuania. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Lithuania passport number
-
-### Format
-
-eight digits or letters with no spaces or delimiters
-
-### Pattern
-
-eight digits or letters (not case-sensitive)
-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.-
-```xml
- <!-- Lithuania Passport Number -->
- <Entity id="1b79900f-047b-4c3f-846f-7d73b5534bce" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_lithuania_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_lithuania_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date3" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_lithuania_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_lithuania_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_lithuania_eu_passport_number
--- paso numeris-- paso numeriai-- paso nr-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Luxemburg driver's license number
-
-### Format
-
-six digits without spaces and delimiters
-
-### Pattern
-
-six digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_luxemburg_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_luxemburg_eu_driver's_license_number` is found.-
-```xml
- <!-- Luxemburg Driver's License Number -->
- <Entity id="89daf717-1544-4860-9a2e-fc9166dd8852" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_luxemburg_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_luxemburg_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_luxemburg_eu_driver's_license_number
--- fahrerlaubnis-- Führerschäin-
-## Luxemburg national identification number (natural persons)
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13 digits with no spaces or delimiters
-
-### Pattern
-
-13 digits:
--- 11 digits-- two check digits-
-### Checksum
-
-yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_luxemburg_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Luxemburg National Identification Number (Natural persons) -->
- <Entity id="aaf661ed-29ec-426d-8bf9-880cad298ebb" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_luxemburg_eu_tax_file_number" />
- <Match idRef="Keywords_luxemburg_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_luxemburg_eu_tax_file_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_luxemburg_eu_telephone_number" />
- <Match idRef="Keywords_luxemburg_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_luxemburg_eu_national_id_card
--- eindeutige id-- eindeutige id-nummer-- eindeutigeid#-- id personnelle-- idpersonnelle#-- idpersonnelle-- individual code-- individual id-- individual identification-- individual identity-- numéro d'identification personnel-- personal id-- personal identification-- personal identity-- personalidno#-- personalidnumber#-- persönliche identifikationsnummer-- unique id-- unique identity-- uniqueidkey#-
-## Luxemburg national identification number (non-natural persons)
-
-### Format
-
-11 digits
-
-### Pattern
-
-11 digits
--- two digits-- an optional space-- three digits-- an optional space-- three digits-- an optional space-- two digits-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern.-- A keyword from `Keywords_luxemburg_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern.-
-```xml
- <!-- Luxemburg National Identification Number (Non-natural persons) -->
- <Entity id="84bffa3a-d805-4788-a613-b1e4df3804cf" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_luxemburg_eu_tax_file_number_non_natural" />
- <Match idRef="Keywords_luxemburg_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_luxemburg_eu_tax_file_number_non_natural" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_luxemburg_eu_telephone_number" />
- <Match idRef="Keywords_luxemburg_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_luxemburg_eu_tax_file_number
--- carte de sécurité sociale-- étain non-- étain#-- identifiant d'impôt-- luxembourg tax identifikatiounsnummer-- numéro d'étain-- numéro d'identification fiscal luxembourgeois-- numéro d'identification fiscale-- social security-- sozialunterstützung-- sozialversécherung-- sozialversicherungsausweis-- steier id-- steier identifikatiounsnummer-- steier nummer-- steuer id-- steueridentifikationsnummer-- steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- zinn#-- zinn-- zinnzahl-
-## Luxemburg passport number
-
-### Format
-
-eight digits or letters with no spaces or delimiters
-
-### Pattern
-
-eight digits or letters (not case-sensitive)
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.-
-```xml
- <!-- Luxemburg Passport Number -->
- <Entity id="81d5c027-bed9-4421-91a0-3b2e55b3eb85" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_luxemburg_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_luxemburg_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date3" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_luxemburg_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_luxemburg_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_luxemburg_eu_passport_number
-- ausweisnummer-- luxembourg pass-- luxembourg passeport-- luxembourg passport-- no de passeport-- no-reisepass-- nr-reisepass-- numéro de passeport-- pass net-- pass nr-- passnummer-- passeport nombre-- reisepässe-- reisepass-nr-- reisepassnummer-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Luxemburg physical addresses
-
-This unbundled named entity detects patterns related to physical address from Luxemburg. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Malaysia identification card number
-
-### Format
-
-12 digits containing optional hyphens
-
-### Pattern
-
-12 digits:
--- six digits in the format YYMMDD, which are the date of birth-- a dash (optional)-- two-letter place-of-birth code-- a dash (optional)-- three random digits-- one-digit gender code-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_malaysia_id_card_number finds content that matches the pattern.-- A keyword from Keyword_malaysia_id_card_number is found.-
-```xml
-<!-- Malaysia ID Card Number -->
-</Entity>
- <Entity id="7f0e921c-9677-435b-aba2-bb8f1013c749" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_malaysia_id_card_number" />
- <Match idRef="Keyword_malaysia_id_card_number" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_malaysia_id_card_number
--- digital application card-- i/c-- i/c no-- ic-- ic no-- id card-- identification Card-- identity card-- k/p-- k/p no-- kad akuan diri-- kad aplikasi digital-- kad pengenalan malaysia-- kp-- kp no-- mykad-- mykas-- mykid-- mypr-- mytentera-- malaysia identity card-- malaysian identity card-- nric-- personal identification card-
-## Malta driver's license number
-
-### Format
-
-Combination of two characters and six digits in the specified pattern
-
-### Pattern
-
-combination of two characters and six digits:
--- two characters (digits or letters, not case-sensitive)-- a space (optional)-- three digits-- a space (optional)-- three digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_malta_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_malta_eu_driver's_license_number` is found.-
-```xml
- <!-- Malta Driver's License Number -->
- <Entity id="a3bdaa4a-8371-4735-8fa5-56ee0fb4afc4" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_malta_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_malta_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_malta_eu_driver's_license_number
--- li─ïenzja tas-sewqan-- li─ïenzji tas-sewwieq-
-## Malta identity card number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-seven digits followed by one letter
-
-### Pattern
-
-seven digits followed by one letter:
--- seven digits-- one letter in "M, G, A, P, L, H, B, Z" (case insensitive)-
-### Checksum
-
-Not applicable
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_malta_eu_national_id_card` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Malta Identity Card Number -->
- <Entity id="854b36b3-a388-4ac8-a4ec-677c2b5e4356" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_malta_eu_national_id_card" />
- <Match idRef="Keywords_malta_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_malta_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_malta_eu_national_id_card
--- citizen service number-- id tat-taxxa-- identifika numru tal-biljett-- kodiċi numerali personali-- numru ta 'identifikazzjoni personali-- numru ta 'identifikazzjoni tat-taxxa-- numru ta 'identifikazzjoni uniku-- numru ta' identità uniku-- numru tas-servizz taċ-ċittadin-- numru tat-taxxa-- personal numeric code-- unique identification number-- unique identity number-- uniqueidentityno#-
-## Malta passport number
-
-### Format
-
-seven digits without spaces or delimiters
-
-### Pattern
-
-seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.-- A keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.-
-```xml
- <!-- Malta Passport Number -->
- <Entity id="b2b21198-48f9-4d13-b2a5-03969bff0fb8" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_malta_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_malta_eu_passport_number" />
- </Any>
- <Match idRef="Keywords_eu_passport_date" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_malta_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_malta_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_malta_eu_passport_number
--- numru tal-passaport-- numri tal-passaport-- Nru tal-passaport-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Malta physical addresses
-
-This unbundled named entity detects patterns related to physical address from Malta. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Malta tax identification number
-
-### Format
-
-For Maltese nationals:
--- seven digits and one letter in the specified pattern-
-Non-Maltese nationals and Maltese entities:
--- nine digits-
-### Pattern
-
-Maltese nationals: seven digits and one letter
--- seven digits-- one letter (not case-sensitive)-
-Non-Maltese nationals and Maltese entities: nine digits
--- nine digits-
-### Checksum
-
-Not applicable
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern.-- A keyword from `Keywords_malta_eu_tax_file_number` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern.-
-```xml
- <!-- Malta Tax ID Number -->
- <Entity id="ec830c63-65f4-45d0-9d8c-910dc8334b20" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_malta_eu_tax_file_number" />
- <Match idRef="Keywords_malta_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_malta_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_malta_eu_tax_file_number_non_maltese_national" />
- <Match idRef="Keywords_malta_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_malta_eu_tax_file_number_non_maltese_national" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_malta_eu_tax_file_number
--- citizen service number-- id tat-taxxa-- identifika numru tal-biljett-- kodiċi numerali personali-- numru ta 'identifikazzjoni personali-- numru ta 'identifikazzjoni tat-taxxa-- numru ta 'identifikazzjoni uniku-- numru ta' identità uniku-- numru tas-servizz taċ-ċittadin-- numru tat-taxxa-- personal numeric code-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- unique identification number-- unique identity number-- uniqueidentityno#-
-## Medical specialities
-
-This unbundled named entity detects terms related to medical specialties, such as *dermatology*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Medicare Beneficiary Identifier (MBI) card
-
-### Format
-
-11 character alphanumeric pattern
-
-### Pattern
--- one digit between 1 to 9-- one letter excluding S, L, O, I, B, Z-- one digit or letter excluding S, L, O, I, B, Z-- one digit-- an optional Hyphen-- one letter excluding S, L, O, I, B, Z-- one digit or letter excluding S, L, O, I, B, Z-- one digit-- an optional Hyphen-- two letters excluding S, L, O, I, B, Z-- two digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_mbi_card` finds content that matches the pattern.-- A keyword from `Keyword_mbi_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_mbi_card` finds content that matches the pattern.-
-```xml
- <!-- Medicare Beneficiary Identifier (MBI) card -->
- <Entity id="f753a286-f5cc-47e6-a592-4be25fd02591" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_mbi_card" />
- <Match idRef="Keyword_mbi_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_mbi_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_mbi_card
--- mbi-- mbi#-- medicare beneficiary #-- medicare beneficiary identifier-- medicare beneficiary no-- medicare beneficiary number-- medicare beneficiary#-
-## Mexico Unique Population Registry Code (CURP)
-
-### Format
-
-18 character alphanumeric pattern
-
-### Pattern
--- four letters (case insensitive)-- six digits indicating a valid date-- a letter - H/h or M/m-- two letters indicating a valid Mexican state code-- three letters-- one letter or digit-- one digit-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_mexico_population_registry_code` finds content that matches the pattern.-- A keyword from `Keyword_mexico_population_registry_code` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_mexico_population_registry_code` finds content that matches the pattern.-
-```xml
- <!-- Mexico Unique Population Registry Code (CURP) -->
- <Entity id="e905ad4d-5a74-406d-bf36-b1efca798af4" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_mexico_population_registry_code" />
- <Match idRef="Keyword_mexico_population_registry_code" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_mexico_population_registry_code" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_mexico_population_registry_code
--- Clave Única de Registro de Población-- Clave Unica de Registro de Poblacion-- Unique Population Registry Code-- unique population code-- CURP-- Personal ID-- Unique ID-- personalid-- personalidnumber-- uniqueidkey-- uniqueidnumber-- clave única-- clave unica-- clave personal Identidad-- personal Identidad Clave-- ClaveÚnica-- claveunica-- clavepersonalIdentidad-
-## Netherlands citizen's service (BSN) number
-
-### Format
-
-eight or nine digits containing optional spaces
-
-### Pattern
-
-eight-nine digits:
--- three digits-- a space (optional)-- three digits-- a space (optional)-- two-three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_netherlands_bsn finds content that matches the pattern.-- A keyword from Keyword_netherlands_bsn is found.-- The checksum passes.-
-```xml
- <!-- Netherlands Citizen's Service (BSN) Number -->
- <Entity id="c5f54253-ef7e-44f6-a578-440ed67e946d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- &