Updates from: 08/02/2022 01:27:44
Category Microsoft Docs article Related commit history on GitHub Change details
includes Defender Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/includes/defender-content-updates.md
+<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
+++
+## Week of July 18, 2022
++
+| Published On |Topic title | Change |
+|||--|
+| 7/18/2022 | [Defender Threat Intelligence](/defender/threat-intelligence/index) | added |
++
+## Week of June 20, 2022
++
+| Published On |Topic title | Change |
+|||--|
+| 6/23/2022 | [Defender Threat Intelligence](/defender-threat-intelligence/index) | modified |
threat-intelligence Analyst Insights https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/analyst-insights.md
+
+ Title: 'Microsoft Defender Threat Intelligence (Defender TI) Analyst Insights'
+description: 'In this overview article, learn about the Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs analyst insights feature.'
++++ Last updated : 08/02/2022+++
+# Analyst insights
+
+In Microsoft Defender Threat Intelligence (Defender TI), the Analyst Insights section provides quick insights about the artifact that may help determine the next step in an investigation. This section will list any insights that apply to the artifact, as well as those that do not apply for additional visibility. In the below example, we can quickly determine that the IP Address is routable, hosts a web server, and had an open port within the past five days. Furthermore, the system displays rules that were not triggered, which can be equally helpful when kickstarting an investigation.
+
+![Analyst Insights Edge Screenshot](media/analystInsightsEdgeScreenshot.png)
+
+## Analyst insight types and questions they can address
+
+| Analyst insight types | Questions they can address |
+|--||
+| Blocklisted | Is/when was the domain, host, or IP address blocklisted? |
+| | How many times has Defender TI blocklisted the domain, host, or IP? |
+| Registered & Updated | How many days, months, years ago was the domain registered? |
+| | When was the domain WHOIS Record updated? |
+| Subdomain IP count | How many different IPs are associated with the subdomains of the domain? |
+| New subdomain observations | When was the last time Microsoft observed a new subdomain for the domain in question? |
+| Registered & Resolving | Does the domain queried exist? |
+| | Does the domain resolve to an IP address? |
+| Number of Domains sharing the WHOIS record | What other domains share the same WHOIS record? |
+| Number of domains sharing the Name Server | What other domains share the same name server record? |
+| Crawled by RiskIQ | When was this host or domain last crawled by Microsoft? |
+| International Domain | Is the domain queried for an international domain name (IDN)? |
+| Blocklisted by Third Party | Is this indicator blocklisted by a third-party? |
+| Tor Exit Node Status | Is the IP address in questions associated with The Onion Router Network (Tor)? |
+| Open Ports Detected | When did Microsoft last port scan this IP address? |
+| Proxy Status | What is the proxy status of this indicator? |
+| Host Last Observed | Is the IP address in question internet accessible? |
+| Hosts a Web Server | Does the IP address have a DNS server that uses its resources to resolve the name into it for the appropriate web server? |
+
+## Next steps
+
+For more information, see:
+
+- [Reputation scoring](reputation-scoring.md)
+- [Using tags](using-tags.md)
threat-intelligence Data Sets https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/data-sets.md
+
+ Title: 'Microsoft Defender Threat Intelligence (Defender TI) Data Sets'
+description: 'In this overview article, learn about Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs data sets feature.'
++++ Last updated : 08/02/2022+++
+# Data sets
+
+Microsoft centralizes numerous data sets into a single platform, Microsoft Defender Threat Intelligence (Defender TI), making it easier for MicrosoftΓÇÖs community and customers to conduct infrastructure analysis. MicrosoftΓÇÖs primary focus is to provide as much data as possible about Internet infrastructure to support a variety of security use cases.
+
+Microsoft collects, analyzes, and indexes internet data to assist users in detecting and responding to threats, prioritizing incidents, and proactively identifying adversariesΓÇÖ infrastructure associated with actor groups targeting their organization. Microsoft collects internet data via itsΓÇÖ PDNS sensor network, global proxy network of virtual users, port scans, and leverages third-party sources for malware and added Domain Name System (DNS) data.
+
+This internet data is categorized into two distinct groups: traditional and advanced. Traditional data sets include Resolutions, Whois, SSL Certificates, Subdomains, Hashes, DNS, Reverse DNS, and Services. Advanced data sets include Trackers, Components, Host Pairs, and Cookies. Trackers, Components, Host Pairs, and Cookies data sets are collected from observing the Document Object Model (DOM) of web pages crawled. Additionally, Components and Trackers are also observed from detection rules that are triggered based on the banner responses from port scans or SSL Certificate details.
+
+![Data Sets Edge Screenshot](media/dataSetsEdgeScreenshot.png)
+
+## Resolutions
+
+Passive DNS (PDNS) is a system of record that stores DNS resolution data for a given location, record, and timeframe. This historical resolution data set allows users to view which domains resolved to an IP address and vice versa. This data set allows for time-based correlation based on domain or IP overlap.
+PDNS may enable the identification of previously unknown or newly stood-up threat actor infrastructure. Proactive addition of indicators to blocklists can cut off communication paths before campaigns take place. Users will find A record resolution data within the Resolutions data set tab and will find more types of DNS records in the DNS data set tab.
+
+Our PDNS resolution data includes the following:
+
+- **Resolve:** the name of the resolving entity (either an IP Address or Domain)
+- **Location:** the location the IP address is hosted in.
+- **Network:** the netblock or subnet associated with the IP address.
+- **ASN:** the autonomous system number and organization name
+- **First Seen:** a timestamp that displays the date that we first observed this resolution.
+- **Last Seen:** a timestamp that displays the date that we last observed this resolution.
+- **Source:** the source that enabled the detection of the relationship.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Resolutions](media/dataTabResolutions.png)
+
+## Questions this data set may help answer:
+
+### Domains
+- When was the domain first observed resolving to an IP address by Defender TI?
+
+ ![Data Sets Domain First Seen](media/dataSetsDomainFirstSeen.png)
+
+- When was the last time it was seen actively resolving to an IP address by Defender TI?
+ ![Data Sets Domain Last Seen](media/dataSetsDomainLastSeen.png)
+
+- What IP address(s) does it currently resolve to?
+ ![Data Sets Domain Active Re solutions](media/dataSetsDomainActiveResolutions.png)
+
+### IP Addresses
+- Is the IP address routable?
+
+ ![Data Sets Routable IPs](media/dataSetsRoutableIPs.png)
+
+- What subnet is it part of?
+
+ ![Data Sets IP Subnet](media/dataSetsIPSubnet.png)
+
+- Is there an owner associated with the subnet?
+
+ ![Data Sets IP Owner](media/dataSetsIPOwner.png)
+
+- What AS is it part of?
+
+ ![Data Sets IPASN](media/dataSetsIPASN.png)
+
+- What geolocation is there?
+ ![Data Sets IP Geo location](media/dataSetsIPGeolocation.png)
+
+## Whois
+
+Thousands of times a day, domains are bought and/or transferred between individuals and organizations. The process to make all of this happen is easy and only takes a few minutes and roughly $7 depending on the registrar provider. Beyond payment details, you must supply additional information about yourself, some of which gets stored as part of a Whois record once the domain has been set up. This would be considered a public domain registration. However, there are private domain registration services, where you can hide your personal information from your domainΓÇÖs Whois record. In these situations, the domain ownerΓÇÖs information is safe and replaced by their registrarΓÇÖs information. More actor groups are performing private domain registrations to make it more difficult for analysts to find other domains that they own. Defender TI provides a variety of data sets to find actorsΓÇÖ shared infrastructure when Whois records donΓÇÖt provide leads.
+
+Whois is a protocol that lets anyone query information about a domain, IP address, or subnet. One of the most common functions for Whois in threat infrastructure research is to identify or connect disparate entities based on unique data shared within Whois records. If you were reading carefully or ever purchased a domain yourself, you may have noticed that the content requested from the registrars is never verified. In fact, you could have put anything in the record (and a lot of people do) which would then be displayed to the world.
+
+Each Whois record has several different sections, all of which could include different information. Commonly found sections include ΓÇ£registrarΓÇ¥, ΓÇ£registrantΓÇ¥, ΓÇ£administratorΓÇ¥, and ΓÇ£technicalΓÇ¥ with each potentially corresponding to a different contact for the record. A lot of the time this data is duplicated across sections, but in some cases, there may be slight discrepancies, especially if an actor made a mistake. When viewing Whois information within Defender TI, you will see a condensed record that de-duplicates any data and notates which part of the record it came from. We have found this process greatly speeds up the analyst workflow and avoids any overlooking of data. The Defender TI's Whois information is powered by the WhoisIQΓäó database.
+
+Our Whois data includes the following:
+- **Record Updated:** a timestamp that indicates the day a Whois record was last updated.
+- **Last Scanned:** the date that the Defender TI system last scanned the record.
+- **Expiration:** the expiration date of the registration, if available.
+- **Created:** the age of the current Whois record.
+- **Whois Server:** the server is set-up by an ICANN accredited registrar to acquire up-to-date information about domains that are registered within it.
+- **Registrar:** the registrar service used to register the artifact.
+- **Domain Status:** the current status of the domain. An ΓÇ¥active" domain is live on the internet.
+- **Email:** any email addresses found in the Whois record, and the type of contact each one is associated with (e.g. admin, tech).
+- **Name:** the name of any contacts within the record, and the type of contact each is associated with.
+- **Organization:** the name of any organizations within the record, and the type of contact each is associated with.
+- **Street:** any street addresses associated to the record, and the type of contact it is associated with.
+- **City:** any city listed in an address associated to the record, and the type of contact it is associated with.
+- **State:** any states listed in an address associated to the record, and the type of contact it is associated with.
+- **Postal Code:** any postal codes listed in an address associated to the record, and the type of contact it is associated with.
+- **Country:** any countries listed in an address associated to the record, and the type of contact it is associated with.
+- **Phone:** any phone numbers listed in the record, and the type of contact it is associated with.
+- **Name Servers:** any name servers associated to the registered entity.
+
+## Current Whois lookups
+
+![Data Tab WHOIS](media/dataTabWHOIS.png)
+
+Defender TIΓÇÖs current Whois repository highlights all domains in MicrosoftΓÇÖs Whois collection that are currently registered and associated with the Whois attribute of interest. This data highlights the domain's registration and expiration date, along with the email address used to register the domain. This data is displayed in the Whois Search tab of the platform.
+
+## Historical Whois lookups
+
+![Search Whois History](media/searchWhoisHistory.png)
+
+Defender TIΓÇÖs Whois History repository provides users with access to all known historical domain associations to Whois attributes based on the systemΓÇÖs observations. This data set highlights all domains associated with an attribute that a user pivots from displaying the first time and the last time we observed the association between the domain and attribute queried. This data is displayed in a separate tab next to the current Whois Search tab.
+
+**Questions this data set may help answer:**
+
+- How old is the domain?
+
+ ![Data Sets Whois Domain Age](media/dataSetsWhoisDomainAge.png)
+
+- Does the information appear to be privacy protected?
+
+ ![Data Sets Whois Privacy Protected](media/dataSetsWhoisPrivacyProtected.png)
+
+- Does any of the data appear to be unique?
+
+ ![Data Sets Whois Unique](media/dataSetsWhoisUnique.png)
+
+- What name servers are used?
+
+ ![Data Sets Whois Name Servers](media/dataSetsWhoisNameServers.png)
+
+- Is this a sinkhole domain?
+
+ ![Data Sets Whois Sinkhole](media/dataSetsWhoisSinkhole.png)
+
+- Is this a parked domain?
+
+ ![Data Sets Whois Parked Domain](media/dataSetsWhoisParkedDomain.png)
+
+- Is this a honeypot domain?
+
+ ![Data Sets Whois Honeypot Domain](media/dataSetsWhoisHoneypotDomain.png)
+
+- Is there any history?
+
+ ![Data Sets Whois History](media/dataSetsWhoisHistory.gif)
+
+- Are there any fake privacy protection emails?
+
+ ![Data Sets Whois Fake Privacy Emails](media/dataSetsWhoisFakePrivacyEmails.png)
+
+- Are there any fake names in the Whois record?
+
+- Did you identify additional related IOCs from searching against potentially shared Whois values across domains?
+
+ ![Data Sets Whois Shared Value Search](media/dataSetsWhoisSharedValueSearch.gif)
+
+## Certificates
+Beyond securing your data, SSL Certificates are a fantastic way for users to connect disparate network infrastructure. Modern scanning techniques allow us to perform data requests against every node on the Internet in a matter of hours, meaning we can easily associate a certificate to an IP address hosting it on a regular basis.
+
+Much like a Whois record, SSL certificates require information to be supplied by the user to generate the final product. Aside from the domain, the SSL certificate is being created for (unless self-signed), any of the additional information can be made up by the user. Where MicrosoftΓÇÖs users see the most value from SSL certificates is not necessarily the unique data someone may use when generating the certificate, but where it's hosted.
+
+To access an SSL certificate, it needs to be associated with a web server and exposed through a particular port (most often 443). Using mass Internet scans on a weekly basis, it's possible to scan all IP addresses and obtain any certificate being hosted to build a historic repository of certificate data. Having a database of IP addresses to SSL certificate mappings provides users with a way to identify overlaps in infrastructure.
+
+To further illustrate this concept, imagine an actor has set up a server with a self-signed SSL certificate. After several days, defenders become wise to their infrastructure and block the webserver hosting malicious content. Instead of destroying all their hard work, the actor merely copies all the contents (including the SSL certificate) and places them on a new server. As a user, a connection can now be made using the unique SHA-1 value of the certificate to say that both web servers (one blocked, one unknown) are connected in some way.
+
+What makes SSL certificates more valuable is that they are capable of making connections that passive DNS or Whois data may miss. This means more ways of correlating potential malicious infrastructure and identifying potential operational security failures of actors. Defender TI has collected over 30 million certificates from 2013 until the present day and provides users with the tools to make correlations on certificate content and history.
+
+SSL certificates are files that digitally bind a cryptographic key to a set of user-provided details. Using internet-scanning techniques, Defender TI collects SSL certificate associations from IP addresses on various ports. These certificates are stored inside of a local database and allow us to create a timeline for where a given SSL certificate appeared on the Internet.
+
+Our certificate data includes the following:
+
+- **Sha1:** The SHA1 algorithm hash for an SSL Cert asset.
+- **First Seen:** a timestamp that displays the date that we first observed this certificate on an artifact.
+- **Last Seen:** a timestamp that displays the date that we last observed this certificate on an artifact.
+- **Infrastructure:** any related infrastructure associated with the certificate.
+
+![Data Tab Certificates List](media/dataTabCertificatesList.png)
+
+When a user expands on a SHA1 hash, the user will be able to see details about the following, which includes:**
+- **Serial Number:** The serial number associated with an SSL certificate.
+- **Issued:** The date when a certificate was issued.
+- **Expires:** The date when a certificate will expire.
+- **Subject Common Name:** The Subject Common Name for any associated SSL Certs.
+- **Issuer Common Name:** The Issuer Common Name for any associated SSL Certs.
+- **Subject Alternative Name(s):** Any alternative common names for the SSL Cert.
+- **Issuer Alternative Name(s):** Any additional names of the issuer.
+- **Subject Organization Name:** The organization linked to the SSL certificate registration.
+- **Issuer Organization Name:** The name of the organization that orchestrated the issue of a certificate.
+- **SSL Version:** The version of SSL that the certificate was registered with.
+- **Subject Organization Unit:** Optional metadata that indicates the department within an organization that is responsible for the certificate.
+- **Issuer Organization Unit:** Additional information about the organization issuing the certificate.
+- **Subject Street Address:** The street address where the organization is located.
+- **Issuer Street Address:** The street address where the issuer organization is located.
+- **Subject Locality:** The city where the organization is located.
+- **Issuer Locality:** The city where the issuer organization is located.
+- **Subject State/Province:** The state or province where the organization is located.
+- **Issuer State/Province:** The state or province where the issuer organization is located.
+- **Subject Country:** The country where the organization is located.
+- **Issuer Country:** The country where the issuer organization is located.
+- **Related Infrastructure:** any related infrastructure associated with the certificate.
+
+![Data Tab Certificate Details](media/dataTabCertificateDetails.png)
+
+**Questions this data set may help answer:**
+
+- What other infrastructure has this certificate been observed associated with?
+
+ ![Data Sets Certificate Related Infrastructure](media/dataSetsCertificateRelatedInfrastructure.png)
+
+- Are there any unique data points in the certificate that would serve as good pivot points?
+
+ ![Data Sets Certificate Pivot Points](media/dataSetsCertificatePivotPoints.png)
+
+- Is the certificate self-signed?
+
+ ![Data Sets Certificate Self Signed](media/dataSetsCertificateSelfSigned.png)
+
+- Is the certificate from a free provider?
+
+ ![Data Sets CertificateFree Provider](media/dataSetsCertificateFreeProvider.png)
+
+- Over what timeframe has the certificate been observed in use?
+
+ ![Data Sets Certificates Observation Dates](media/dataSetsCertificatesObservationDates.png)
+
+## Subdomains
+
+A subdomain is an internet domain, which is part of a primary domain. Subdomains are also referred to as "hosts". As an example, "docs.microsoft.com" is a subdomain of "microsoft.com". For every subdomain, there could be a new set of IP addresses to which the domain resolves to and this can be a great data source for finding related infrastructure.
+
+Our subdomain data includes the following:
+
+- **Hostname:** the subdomain associated with the domain that was searched.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Sub domains](media/dataTabSubdomains.png)
+
+**Questions this data set may help answer:**
+
+- Are there more subdomains associated with the higher-level domain?
+
+ ![Data Sets Sub domains](media/dataSetsSubdomains.png)
+
+- Are any subdomains associated with malicious activity?
+
+ ![Data Sets Sub domains Malicious](media/dataSetsSubdomainsMalicious.png)
+
+- If this is your domain, do any subdomains look unfamiliar?
+
+- Is there any pattern to the subdomains that are listed associated with other malicious domains?
+
+- Does pivoting off each subdomain reveal new IP space not previously associated with the target?
+
+- What other unrelated infrastructure can you find that does not match the root domain?
+
+## Trackers
+
+Trackers are unique codes or values found within web pages and often used to track user interaction. These codes can be used to correlate a disparate group of websites to a central entity. Often, actors will copy the source code of a victimΓÇÖs website they are looking to impersonate for a phishing campaign. Seldomly will actors take the time to remove these IDs that allow users to identify these fraudulent sites using MicrosoftΓÇÖs Trackers data set. Actors may also deploy tracker IDs to see how successful their cyber-attack campaigns are. This is similar to marketers when they leverage SEO IDs, such as a Google Analytics Tracker ID, to track the success of their marketing campaign.
+
+MicrosoftΓÇÖs Tracker data set includes IDs from providers like Google, Yandex, Mixpanel, New Relic, Clicky, and is continuing to grow on a regular basis.
+
+Our tracker data includes the following:
+
+- **Hostname:** the hostname that hosts the infrastructure where the tracker was detected.
+- **First Seen:** a timestamp that displays the date that we first observed this tracker on the artifact.
+- **Last Seen:** a timestamp that displays the date that we last observed this tracker on the artifact.
+- **Type:** the type of tracker that was detected (e.g. GoogleAnalyticsID, JarmHash).
+- **Value:** the identification value for the tracker.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Trackers](media/dataTabTrackers.png)
+
+**Questions this data set may help answer:**
+
+- Are there other resources using the same analytics IDs?
+
+ ![Data Sets Trackers Pivot Analytics Account](media/dataSetsTrackersPivotAnalyticsAccount.gif)
+
+- Are these resources associated with the organization, or are they attempting to conduct an infringement attack?
+
+- Is there any overlap between trackersΓÇôare they shared with other websites?
+
+- What are the types of trackers found within the web page?
+
+ ![Data Sets Trackers Types](media/dataSetsTrackersTypes.png)
+
+- What is the length of time for trackers?
+
+ ![Data Sets Trackers LengthOf Time](media/dataSetsTrackersLengthOfTime.png)
+
+- What is the frequency of change for tracker valuesΓÇô do they come, go, or remain?
+
+- Are there any trackers linking to website cloning software (MarkOfTheWeb or HTTrack)?
+
+ ![Data Sets TrackersHt Track](media/dataSetsTrackersHtTrack.png)
+
+- Are there any trackers linking to malicious C2 server malware (JARM)?
+
+ ![Data Sets Trackers JARM](media/dataSetsTrackersJARM.png)
+
+## Components
+
+Web components are details describing a web page or server infrastructure gleaned from Microsoft performing a web crawl or scan. These components allow a user to understand the makeup of a webpage or the technology and services driving a specific piece of infrastructure.
+Pivoting on unique components can find actors' infrastructure or other sites that are compromised. Users can also understand if a website might be vulnerable to a specific attack or compromise based on the technologies that it is running.
+
+Our component data includes the following:
+
+- **Hostname:** the hostname that hosts the infrastructure where the component was detected.
+- **First Seen:** a timestamp of the date that we first observed this component on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this component on the artifact.
+- **Category:** the type of component that was detected (e.g. Operating System, Framework, Remote Access, Server).
+- **Name + Version:** the component name and the version running on the artifact (e.g. Microsoft IIS (v8.5).
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Components](media/dataTabComponents.png)
+
+**Questions this data set may help answer:**
+
+- What vulnerable infrastructure are you using?
+
+ ![Data Sets Components Vulnerable Components](media/dataSetsComponentsVulnerableComponents.png)
+
+ ![Data Sets Components Prototype Js Vulnerable Version](media/dataSetsComponentsPrototypeJsVulnerableVersion.png)
+
+ Magento v1.9 is so dated that Microsoft could not locate reliable documentation for that particular version.
+
+- What unique web components is the threat actor using that can track them to other domains?
+
+- Are any components marked as malicious?
+
+- What is the number of web components identified?
+
+ ![Data Sets Components Number Of Components](media/dataSetsComponentsNumberOfComponents.png)
+
+- Are there any unique or strange technologies not often seen?
+
+ ![Data Sets Components Unique Components](media/dataSetsComponentsUniqueComponents.png)
+
+- Are there any fake versions of specific technologies?
+
+- What is the frequency of changes in web componentsΓÇôoften or rarely done?
+
+- Are there any suspicious libraries known to be abused?
+
+- Are there any technologies with vulnerabilities associated with them?
+
+## Host pairs
+
+Host pairs are two pieces of infrastructure (a parent and a child) that share a connection observed from a virtual userΓÇÖs web crawl. The connection could range from a top-level redirect (HTTP 302) to something more complex like an iframe or script source reference.
+
+Our host pair data includes the following:
+
+- **Parent Hostname:** the host that is referencing an asset or ΓÇ£reaching outΓÇ¥ to the child host
+- **Child Hostname:** the host that is being called on by the parent host
+- **First Seen:** a timestamp of the date that we first observed a relationship with the host.
+- **Last Seen:** a timestamp of the date that we last observed a relationship with the host.
+- **Cause:** the type of connection between the parent and child hostname. Potential causes include script.src, link.href, redirect, img.src, unknown, xmlhttprequest, a.href, finalRedirect, css.import, or parentPage connections.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Host Pairs](media/dataTabHostPairs.png)
+
+**Questions this data set may help answer:**
+
+- Have any of the connected artifacts been blocklisted?
+- Have any of the connected artifacts been tagged (Phishing, APT, Malicious, Suspicious, Threat Actor Name)?
+- Is this host redirecting users to malicious content?
+
+ ![Data Sets Host Pairs Malicious Redirect](media/dataSetsHostPairsMaliciousRedirect.png)
+
+- Are resources pulling in CSS or images to set up infringement attacks?
+
+ ![Data Sets Host Pairs Infringement Attack](media/dataSetsHostPairsInfringementAttack.png)
+
+- Are resources pulling in a script or referencing a link.href to set up a Magecart or skimming attack?
+ ![Data Sets Host Pairs Skimmer Reference](media/dataSetsHostPairsSkimmerReference.png)
+
+- Where are users being redirected from/to?
+
+- What type of redirection is taking place?
+
+## Hashes
+
+Microsoft partners with Proofpoint to surface MD5 [malware](/microsoft-365/security/intelligence/malware-naming) hashes associated with the domain, host, or IP address a user search. Users are encouraged to purchase an Emerging Threats license by Proofpoint if they wish to analyze MD5 hash details. This data helps users understand actor capabilities, intent, and motives of an attacker while also aiding in connecting infrastructure together. Each result contains a unique hash.
+
+Our hash data includes the following:
+
+- **Source:** the source used to detect the hash.
+- **Sample:** the unique identification code for the detected hash.
+- **Collection Date:** the day that the hash sample was collected by the designated source.
+
+![Data Tab Hashes](media/dataTabHashes.png)
+
+**Questions this data set may help answer:**
+
+- Does the domain connect to malware
+
+ ![Data Sets Hashes](media/dataSetsHashes.png)
+
+- Does this IP address have malware associated with it?
+ ![Data Sets IP Hashes](media/dataSetsIPHashes.png)
+
+- Are the hashes collected associated with malware?
+
+- How recently was this suspicious activity observed?
+
+- Which vendors/ sources have observed malicious binaries?
+
+- Has the IP or domain queried served as a command-and-control server for malware?
+
+- Can evaluating the file associated with the hash for a given query lead me to other indicators for threat hunting purposes?
+
+## Cookies
+
+Cookies are small pieces of data sent from a server to a client as the user browses the internet. These values sometimes contain a state for the application or little bits of tracking data. Defender TI highlights and indexes cookie names observed when crawling a website and allows users to dig into everywhere we have observed specific cookie names across its crawling and data collection. Cookies are also used by malicious actors to keep track of infected victims or store data to be used later.
+
+Our cookie data includes the following:
+
+- **Hostname:** the host infrastructure that is associated with the cookie.
+- **First Seen:** a timestamp of the date that we first observed this cookie on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this cookie on the artifact.
+- **Name:** the name of the cookie (e.g. JSESSIONID, SEARCH_NAMESITE).
+- **Domain:** the domain associated with the cookie.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Cookies](media/dataTabCookies.png)
+
+**Questions this data set may help answer:**
+
+- What other websites are issuing the same cookies?
+
+ ![Data Sets Cookies Domains Issuing Same Cookie](media/dataSetsCookiesDomainsIssuingSameCookie.png)
+
+- What other websites are tracking the same cookies?
+ ![Data Sets Cookies Domains Tracking Same Cookie](media/dataSetsCookiesDomainsTrackingSameCookie.png)
+
+- Does the cookie domain match your query?
+
+- What is the number of cookies associated with the artifact?
+
+ ![Data Sets Cookies Number Associated with Artifact](media/dataSetsCookiesNumberAssociatedwithArtifact.png)
+
+- Are there unique cookie names or domains?
+
+- What are the time periods associated with cookies?
+
+- What is the frequency of newly observed cookies or changes associated with cookies?
+
+## Services
+
+Service names and port numbers are used to distinguish between different services that run over transport protocols such as TCP, UDP, DCCP, and SCTP. Port numbers can suggest what type of application is running on a particular port. But applications or services can be changed to use a different port to obfuscate or hide the service or application on an IP address. Knowing the port and header/banner information can identify the true application/service and the combination of ports being used. Defender TI surfaces 14 days of history within the Services tab, displaying the last banner response associated with a port observed.
+
+Our Services data includes the following:
+
+- Open ports observed
+- Port numbers
+- Components
+- Number of times the service was observed
+- When the port was last scanned
+- Protocol connection
+- Status of the port
+ - Open
+ - Filtered
+ - Closed
+- Banner response
+
+![Data Tab Services](media/dataTabServices.png)
+
+**Questions this data set may help answer:**
+
+- What applications are running on a particular port for a given IP address?
+
+ ![Data Sets Services Applications Running](media/dataSetsServicesApplicationsRunning.png)
+
+- What version of applications are in use?
+
+ ![Data Sets Services Version Running](media/dataSetsServicesVersionRunning.png)
+
+- Have there been recent changes in the open, filtered, or closed status for a given port?
+
+ ![Data Sets Services Port Statuses](media/dataSetsServicesPortStatuses.png)
+
+- Was a certificate associated with the connection?
+
+ ![Data Sets Services Certificate Associations](media/dataSetsServicesCertificateAssociations.png)
+
+- Are vulnerable or deprecated technologies in use on a given asset?
+
+ ![Data Sets Services Applications Running](media/dataSetsServicesApplicationsRunning.png)
+
+ ![Data Sets Services Vulnerable Service](media/dataSetsServicesVulnerableService.png)
+
+- Is information being exposed by a running service that could be used for nefarious purposes?
+
+- Are security best practices being followed?
+
+## DNS
+
+Microsoft has been collecting DNS records over the years, providing users insight into mail exchange (MX) records, nameserver (NS) records, text (TXT) records, start of authority (SOA) records, canonical name (CNAME) records, and pointer (PTR) records. Reviewing DNS records can be helpful to identify shared infrastructure used by actors across the domains they own. For example, actor groups tend to use the same nameservers to segment their infrastructure or the same mail exchange servers to administer their command and control.
+
+Our DNS data includes the following:
+
+- **Value:** the DNS record associated with the host.
+- **First Seen:** a timestamp that displays the date that we first observed this record on the artifact.
+- **Last Seen:** a timestamp that displays the date that we last observed this record on the artifact.
+- **Type:** the type of infrastructure associated with the record. Potential options include Mail Servers (MX), text files (TXT), name servers (NS), CNAMES, and Start of Authority (SOA) records.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab DNS](media/dataTabDNS.png)
+
+**Questions this data set may help answer:**
+
+- What other pieces of infrastructure are directly related to the indicator I am searching?
+- How has the infrastructure changed over time?
+- Is the domain owner employing the services of a content delivery network or brand protection service?
+- What other technologies might the associated organization be employing within their network?
+
+## Reverse DNS
+
+While a forward DNS lookup queries the IP address of a certain hostname, a reverse DNS lookup queries a specific hostname of an IP address. This dataset will show similar results as the DNS dataset. Reviewing DNS records can be helpful to identify shared infrastructure used by actors across the domains they own. For example, actor groups tend to use the same nameservers to segment their infrastructure or the same mail exchange servers to administer their command and control.
+
+Our Reverse DNS data includes the following:
+
+- **Value:** the value of the Reverse DNS record.
+- **First Seen:** a timestamp of the date that we first observed this record on the artifact.
+- **Last Seen:** a timestamp of the date that we first observed this record on the artifact.
+- **Type:** the type of infrastructure associated with the record. Potential options include Mail Servers (MX), text files (TXT), name servers (NS), CNAMES, and Start of Authority (SOA) records.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Reverse DNS](media/dataTabReverseDNS.png)
+
+**Questions This Data Set May Help Answer:**
+
+- What DNS records have observed this host?
+- How has the infrastructure that observed this host changed over time?
+
+## Next steps
+
+For more information, see:
+
+- [Searching and pivoting](searching-and-pivoting.md)
+- [Sorting, filtering, and downloading data](sorting-filtering-and-downloading-data.md)
+- [Infrastructure chaining](infrastructure-chaining.md)
+- [Tutorial: Gathering threat intelligence and infrastructure chaining](gathering-threat-intelligence-and-infrastructure-chaining.md)
threat-intelligence Gathering Threat Intelligence And Infrastructure Chaining https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/gathering-threat-intelligence-and-infrastructure-chaining.md
+
+ Title: 'Tutorial: Gathering Threat Intelligence and Infrastructure Chaining using Microsoft Defender Threat Intelligence (Defender TI)'
+description: 'In this tutorial, learn how to gather threat intelligence and infrastructure chain together indicators of compromise in Microsoft Defender Threat Intelligence (Defender TI). This article will cover a historical investigation of the MyPillow Magecart breach.'
++++ Last updated : 08/02/2022++++
+# Tutorial: Gathering threat intelligence and infrastructure chaining
+
+In this tutorial, you will learn how to:
+- Perform several types of indicator searches and gather threat and adversary intelligence
+
+ ![ti OverviewHome Page Chrome Screenshot](media/tiOverviewHomePageChromeScreenshot.png)
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+
+ > [!NOTE]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## Disclaimer
+
+Microsoft Defender Threat Intelligence (Defender TI) may include live, real-time observations and threat indicators, including malicious infrastructure and adversary-threat tooling. Any IP and domain searches within our Defender TI platform are safe to search.
+
+Microsoft will share online resources (e.g., IP addresses, domain names) that should be considered real threats posing a clear and present danger.
+
+We ask that users use their best judgment and minimize unnecessary risk while interacting with malicious systems when performing the tutorial below. Please note that Microsoft has worked to minimize risk by defanging malicious IP addresses, hosts, and domains.
+
+## Before You Begin
+As the disclaimer states above, suspicious, and malicious indicators have been defanged for your safety. Please remove any brackets from IPs, domains, and hosts when searching in Defender TI. Do not search these indicators directly in your browser.
+
+## Perform several types of indicator searches and gather threat and adversary intelligence
+
+In this tutorial, you will perform a series of steps to [infrastructure chain](infrastructure-chaining.md) together indicators of compromise (IOCs) related to a Magecart breach and gather threat and adversary intelligence along the way. Infrastructure chaining leverages the highly connected nature of the internet to expand one IOC into many based on overlapping details or shared characteristics. Building infrastructure chains enables threat hunters or incident responders to profile an adversary's digital presence, letting them quickly pivot across these data sets to create context around an incident or investigation, allowing for more effective triage of alerting and actioning of incidents within an organization.
+
+![Infrastructure Chaining](media/infrastructureChaining.png)
+
+**Relevant Personas:** Threat Intelligence Analyst, Threat Hunter, Incident Responder, Security Operations Analyst
+
+### Magecart Breach
+
+Microsoft has been profiling and following the activities of Magecart, a syndicate of criminal cybergroups behind hundreds of breaches of online retail platforms by placing digital skimmers on compromised e-commerce sites.
+
+They do this by injecting a script designed to steal sensitive data that consumers enter into online payment forms on e-commerce websites directly or through compromised third-party suppliers that websites might depend upon to make their sites function.
+
+Back in October 2018, they infiltrated MyPillowΓÇÖs online website, mypillow.com, to steal payment information by injecting a script into their web store that was hosted on a typo-squat domain containing the skimmer, mypiltow.com.
+
+The MyPillow breach was a two-stage attack, with the first skimmer only active for a brief time before being identified as illicit and removed, but the attackers still had access to MyPillowΓÇÖs network and on October 26, 2018, Microsoft observed that they registered a new domain, livechatinc[.]org
+
+Magecart actors will typically register a domain infringement to make it look as similar as possible to the legitimate domain, so that if youΓÇÖre looking at the JavaScript code, unless you look really carefully, you may not notice they injected their own script thatΓÇÖs capturing the credit card payment information and pushing it to their own infrastructure, as a way to hide essentially.
+But because our virtual users capture the DOM and find all the dynamic links and changes made by JavaScript from the crawls on the backend, we were able to detect that activity and pinpoint that fake domain that was hosting the injected script into the MyPillow webstore.
+
+1. Access the [Defender Threat Intelligence portal](https://ti.defender.microsoft.com/).
+2. Complete Microsoft authentication to access portal.
+3. Search ΓÇÿmypillow.comΓÇÖ in Defender TIΓÇÖs Threat Intelligence Home Page.
+ a. What articles are associated with this domain?
+ - Consumers May Lose Sleep Over These Two Magecart Breaches
+
+ ![Tutorial Infra Chain My Pillowcom Article](media/tutorialInfraChainMyPillowcomArticle.png)
+
+4. Select the ΓÇÿConsumers May Lose Sleep Over These Two Magecart BreachesΓÇÖ Article.
+ a. What information is available about this related campaign?
+ - This article was published on March 20, 2019, and provides insights as to how MyPillow was breached by the Magecart threat actor group in October of 2018. The article details how the attack was executed.
+5. Select the Public Indicators tab.
+ a. What IOCs are listed related to this campaign?
+ - amerisleep.github[.]io
+ - cmytuok[.]top
+ - livechatinc[.]org
+ - mypiltow[.]com
+6. Select All in the drop down of the search bar and query ΓÇÿmypillow.comΓÇÖ. Then, navigate to the Data tab.
+ a. What data set might be useful in finding evidence of a script injection?
+ - Host pairs reveal connections between websites traditional data sources wouldnΓÇÖt surface (pDNS, Whois) and enables you to see where your resources are being used and vice-versa.
+7. Select the Host Pairs Data blade, sort by First Seen, and filter by script.src as the Cause. Page over until you find host pair relationships that took place in October of 2018.
+ a. Do you notice any typosquat mypillow domains?
+ - Notice that mypillow[.]com is pulling content via a script from the typosquat, mypiltow.com (Oct 3-5) as evidence of the script injection breach
+
+ ![Tutorial Infra Chain My Pillowcom Host Pairs Live Chat Script Src](media/tutorialInfraChainMyPillowcomHostPairsLiveChatScriptSrc.gif)
+8. Pivot on ΓÇÿmypiltow[.]comΓÇÖ.
+ a. At first glance, what appears different about this domain compared to mypillow.comΓÇÖs domain?
+ - Reputation: Malicious, while mypillow.comΓÇÖs reputation is unknown
+
+ ![Tutorial InfraChain My Piltowcom Reputation](media/tutorialInfraChainMyPiltowcomReputation.png)
+
+ ![Tutorial Infra Chain My Pillowcom Reputation](media/tutorialInfraChainMyPillowcomReputation.png)
+9. Navigate to the Data tab and from the Resolutions results, pivot off the IP address that mypiltow[.]com resolved to during October of 2018. Repeat this step for mypillow.com as well.
+ a. What do you notice about the differences in IP addresses between mypillow.com and mypiltow[.]com during October of 2018?
+ - IP address, 195.161.41[.]65, mypiltow[.]com had resolved to, is hosted in Russia.
+ - Different ASN used.
+
+ ![Tutorial Infra Chain My Piltow Ip Summary](media/tutorialInfraChainMyPiltowIpSummary.png)
+
+ ![Tutorial Infra Chain My Pillow Ip Summary](media/tutorialInfraChainMyPillowIpSummary.png)
+10. Scroll to the Articles section.
+ a. What other Articles have been published that relate to mypiltow.com?
+ - RiskIQ: Magecart Injected URLs and C2 Domains, June 3-14, 2022
+ - RiskIQ: Magecart injected URLs and C2 Domains, May 20-27, 2022
+ - Commodity Skimming & Magecart Trends in First Quarter of 2022
+ - RiskIQ: Magecart Group 8 Activity in Early 2022
+ - Magecart Group 8 Real Estate: Hosting Patterns Associated with the Skimming Group
+ - Inter Skimming Kit Used in Homoglyph Attacks
+ - Magecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of Victims
+
+ ![Tutorial Infra Chain My Piltowcom Articles](media/tutorialInfraChainMyPiltowcomArticles.gif)
+11. Review each of the additional articles from Step 9.
+ a. What additional information can you find about the Magecart threat actor group? (targets, TTPs, additional IOCs, etc.)
+12. Navigate to the Data tab and select the Whois Data blade and compare the Whois information between ΓÇÿmypillow.comΓÇÖ and ΓÇÿmypiltow[.]comΓÇÖ
+ a. What Whois values differ?
+ - mypillow.com
+ 1. If you select the Whois record from October of 2011, you will find that the domain is clearly owned by My Pillow Inc.
+
+ ![Tutorial Infra Chain My Piltowcom 2 Whois](media/tutorialInfraChainMyPiltowcom2Whois.png)
+ 2. mypiltow[.]com
+ 3. If you select the Whois record from October of 2018, you will find that mypiltow[.]com was registered in Hong Kong, China and is privacy protected by Domain ID Shield Service CO.
+ 4. mypiltow[.]comΓÇÖs registrar is OnlineNIC, Inc.
+
+ ![Tutorial Infra Chain My Piltowcom 2 Whois](media/tutorialInfraChainMyPiltowcom2Whois.png)
+
+ b. What appears suspicious thus far about mypiltow[.]com given the A records and Whois details we have analyzed?
+ - When assessing if mypiltow[.]com may be legitimate company infrastructure, an analyst should find it odd that a Russian IP is primarily guarded by a Chinese privacy service for a US based company.
+13. Search ΓÇÿlivechatinc[.]orgΓÇÖ in Defender TIΓÇÖs Threat Intelligence Home Page.
+ a. What new articles are associated with this domain that we did not see when we searched mypillow.com in Part 1?
+ - Magecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of Victims
+14. Select the Magecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of Victims article.
+ a. What information is available about this related campaign?
+ - The ΓÇÿMagecart Group 8 Blends into NutriBullet.com Adding To Their Growing List of VictimsΓÇÖ article was published on March 18, 2020. In this article, we find out that Nutribullet, Amerisleep, ABS-CBN were also victims of the Magecart threat actor group.
+15. Select the Public Indicators tab.
+ a. What IOCs are listed related to this campaign?
+ - URLs
+ 1. hxxps://coffemokko[.]com/tr/, hxxps://freshdepor[.]com/tr/, hxxps://prodealscenter[.]com/tr/, hxxps://scriptoscript[.]com/tr/, hxxps://swappastore[.]com/tr/
+ 2. Domains
+ - 3lift[.]org, abtasty[.]net, adaptivecss[.]org, adorebeauty[.]org, all-about-sneakers[.]org, amerisleep.github[.]io, ar500arnor[.]com, authorizecdn[.]com, bannerbuzz[.]info, battery-force[.]org, batterynart[.]com, blackriverimaging[.]org, braincdn[.]org, btosports[.]net, cdnassels[.]com, cdnmage[.]com, chicksaddlery[.]net, childsplayclothing[.]org, christohperward[.]org, citywlnery[.]org, closetlondon[.]org, cmytuok[.]top, coffemokko[.]com, coffetea[.]org, configsysrc[.]info, dahlie[.]org, davidsfootwear[.]org, dobell[.]su, elegrina[.]com, energycoffe[.]org, energytea[.]org, etradesupply[.]org, exrpesso[.]org, foodandcot[.]com, freshchat[.]info, freshdepor[.]com, greatfurnituretradingco[.]org, info-js[.]link, jewsondirect[.]com, js-cloud[.]com, kandypens[.]net, kikvape[.]org, labbe[.]biz, lamoodbighats[.]net, link js[.]link, livechatinc[.]org, londontea[.]net, mage-checkout[.]org, magejavascripts[.]com, magescripts[.]pw, magesecuritys[.]com, majsurplus[.]com, map-js[.]link, mcloudjs[.]com, mechat[.]info, melbounestorm[.]com, misshaus[.]org, mylrendyphone[.]com, mypiltow[.]com, nililotan[.]org, oakandfort[.]org, ottocap[.]org, parks[.]su, paypaypay[.]org, pmtonline[.]su, prodealscenter[.]com, replacemyremote[.]org, sagecdn[.]org, scriptoscript[.]com, security-payment[.]su, shop-rnib[.]org, slickjs[.]org, slickmin[.]com, smart-js[.]link, swappastore[.]com, teacoffe[.]net, top5value[.]com, track-js[.]link, ukcoffe[.]com, verywellfitnesse[.]com, walletgear[.]org, webanalyzer[.]net, zapaljs[.]com, zoplm[.]com
+
+16. Search mypillow.com in Defender TIΓÇÖs Threat Intelligence Home Page and select the Data tab. Select the Host Pairs Data blade. Sort by First Seen and locate Host Pair relationships that occurred in October of 2018.
+
+ a. Do you notice a similar script relationship between mypillow.com and secure.livechatinc[.]org that mirrors the same relationship mypillow.com had with mypiltow[.]com?
+ - Notice how www.mypillow.com was first observed reaching out to secure.livechatinc[.]org on 10/26/2018, because a script GET request was observed from www.mypillow.com to secure.livechatinc[.]org. That relationship lasted until 11/19/2018.
+
+ ![Tutorial Infra Chain My Pillowcom Host Pairs Live Chat ScriptSrc](media/tutorialInfraChainMyPillowcomHostPairsLiveChatScriptSrc.gif)
+ ii. In addition, secure.livechatinc[.]org reached out to www.mypillow.com to access www.mypillow.comΓÇÖs server (xmlhttprequest).
+17. Review mypillow.comΓÇÖs Host Pair relationships further.
+ a. Does mypillow.com have any host pair relationships with a similar domain name to secure.livechatinc[.]org?
+ - Yes. There are multiple types of observed relationships mypillow.com hosts had with the following domains:
+ 1. cdn.livechatinc[.]com, secure.livechatinc[.]com, api.livechatinc[.]com
+ - The relationship causes include:
+ 1. script.src
+ 2. iframe.src
+ 3. unknown
+ 4. topLevelRedirect
+ 5. img.src
+ 6. xmlhttprequest
+ - Livechat is a live support chat service that online retailers can add to their websites, so itΓÇÖs a third-party resource and itΓÇÖs used by a lot of e-commerce platforms, including MyPillow. This fake domain is a little bit more interesting because their official site is actually livechatinc.com. Therefore, in this case, they used a top-level-domain typosquat to hide the fact they placed a second skimmer on the MyPillow website.
+18. Go back and find a host pair relationship with ΓÇÿsecure.livechatinc[.]orgΓÇÖ and pivot off that hostname.
+ a. What IP address did this host resolve to during October of 2018?
+ - 212.109.222[.]230
+
+ ![Tutorial Infra Chain Secure Live Chat Inc Org Resolutions](media/tutorialInfraChainSecureLiveChatIncOrgResolutions.png)
+ - Notice how this IP address is also hosted in Russia and the ASN Organization is JSC IOT.
+
+ ![Tutorial Infra Chain Secure Live Chat Inc Org Ip Summary](media/tutorialInfraChainSecureLiveChatIncOrgIpSummary.png)
+19. Search ΓÇÿsecure.livechatinc[.]orgΓÇÖ in Defender TIΓÇÖs Threat Intelligence Home Page, select the Data tab, and click on the Whois blade. Select the record from 12/25/2018.
+ a. What Registrar was used for this record?
+ - OnlineNIC Inc.
+ 1. This is the same Registrar that was used to register mypiltow[.]com during the same campaign.
+ 2. If you select the record from 12/25/2018, you will notice that the domain was also using the same Chinese privacy guarding service, Domain ID Shield Service, that mypiltow[.]com had also used.
+ b. What name servers were used for this record?
+ - ns1.jino.ru
+ - ns2.jino.ru
+ - ns3.jino.ru
+ - ns4.jino.ru
+ 1. These were the same nameservers used in the 10/01/2018 record for mypiltow[.]com. Adversaries will often use the same nameservers to segment their infrastructure.
+
+ ![Tutorial Infra Chain Secure Live Chat Inc Org Whois](media/tutorialInfraChainSecureLiveChatIncOrgWhois.png)
+
+ ![Tutorial Infra Chain My Piltowcom 2 Whois](media/tutorialInfraChainMyPiltowcom2Whois.png)
+20. Select the Host Pairs Data blade.
+ a. What host pair relationships do you see from October and November of 2018?
+ - secure.livechatinc[.]org redirected users to secure.livechatinc.com on 11/19/2022. This is more than likely an obfuscation technique to evade detection.
+ - www.mypillow.com was pulling a script hosted on secure.livechatinc[.]org (the fake LiveChat site) from 10/26/2018 through 11/19/2022. During this timeframe, www.mypillow.comΓÇÖs user purchases were potentially compromised.
+ - secure.livechatinc[.]org was requesting data from the server, www.mypillow.com, hosting the real MyPillow website (xmlhttprequest) between 10/27/2018 through 10/29/2018.
+
+ ![Tutorial Infra Chain Secure Live Chat Inc Org Host Pairs](media/tutorialInfraChainSecureLiveChatIncOrgHostPairs.png)
+ b. What do you believe these relationships mean?
+
+## Clean up resources
+There are no resources to clean up in this section.
+
+## Next Steps
+In this tutorial, you learned how to gather threat intelligence and infrastructure chain together indicators of compromise.
threat-intelligence Infrastructure Chaining https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/infrastructure-chaining.md
+
+ Title: 'Microsoft Defender Threat Intelligence (Defender TI): Infrastructure Chaining'
+description: 'In this concept article, learn about infrastructure chaining and how you can apply that process to perform threat infrastructure analysis using Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# Infrastructure Chaining
+
+Infrastructure chaining leverages the relationships between highly connected datasets to build out an investigation. This process is the core of threat infrastructure analysis and allows organizations to surface new connections, group similar attack activity and substantiate assumptions during incident response.
+
+![Infrastructure chaining](media/infrastructureChaining.png)
+
+## Prerequisites
+
+1. Review [Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs Data sets overview article](data-sets.md)
+2. Review [Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs Searching and pivoting how-to article](searching-and-pivoting.md)
+
+## All you need is a starting point...
+
+We see attack campaigns employ a wide array of obfuscation techniques such as simple geo filtering to complex tactics like passive OS fingerprinting. This can potentially stop a point in time investigation in its tracks. The screenshot above highlights the concept of infrastructure chaining. With our data enrichment capability, we could start with a piece of malware that attempts to connect to an IP address (possibly a C2). That IP address may have hosted an SSL cert that has a common name such as a domain name. That domain may be connected to a page that contains a unique tracker in the code, such as a NewRelicID or some other analytic ID we may have observed elsewhere. Or, perhaps the domain may have historically been connected to other infrastructure that may shed light on our investigation. The main takeaway is that one data point taken out of context may not be especially useful but when we observe the natural connection to all this other technical data, we can start to stitch together a story.
+
+## An adversaryΓÇÖs outside-In perspective
+
+An adversaryΓÇÖs outside-in perspective enables them to take advantage of your continually expanding web and mobile presence that operates outside of your firewall.
+
+Approaching and interacting with the web and mobile properties as a real user enables MicrosoftΓÇÖs crawling, scanning, and machine-learning technology to disarm adversariesΓÇÖ evasion techniques by collecting user session data, detecting phishing, malware, rogue apps, unwanted content, and domain infringement at scale. This helps deliver actionable, event-based threat alerts and workflows in the form of [threat intelligence](what-is-microsoft-defender-threat-intelligence-defender-tI.md), [system tags](using-tags.md), [analyst insights](analyst-insights.md), and [reputation scores](reputation-scoring.md) associated with adversariesΓÇÖ infrastructure.
+
+As more threat data becomes available, more tools, education, and effort are required for analysts to understand the data sets and their corresponding threats. Microsoft Defender Threat Intelligence (Defender TI) unifies these efforts by providing a single view into multiple data sources.
+
+## Next steps
+For more information, see [Tutorial: Gathering threat intelligence and infrastructure chaining](gathering-threat-intelligence-and-infrastructure-chaining.md).
threat-intelligence Learn How To Access Microsoft Defender Threat Intelligence And Make Customizations In Your Portal https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal.md
+
+ Title: 'Quickstart: Accessing the Microsoft Defender Threat Intelligence (Defender TI) Portal'
+description: 'In this quickstart, learn how to configure your profile and preferences and access Defender TIΓÇÖs help resources using Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# Quickstart: Learn how to access Microsoft Defender Threat Intelligence and make customizations in your portal
+
+Understanding how to adjust your theme in Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs Portal will make it easier on your eyes when using our platform. Additionally, this guide will walk you through how to enable sources for enrichment, so you can see more results when performing searches in our platform. You will also learn how to successfully login and logout of Defender TI.
+
+![Ti Overview HomePage Chrome Screenshot](media/tiOverviewHomePageChromeScreenshot.png)
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+
+ > [!NOTE]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## Open Defender TIΓÇÖs Threat Intelligence Home Page
+
+- Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/).
+- Complete Microsoft authentication to access portal.
+
+## Access Defender TIΓÇÖs ΓÇÿProfile and PreferencesΓÇÖ to adjust your theme
+
+1. Click on the ΓÇÿProfile and PreferencesΓÇÖ icon in the upper right-hand corner of the Defender Threat Intelligence Portal.
+
+ ![Accessing TI Portal User Profile and Preferences](media/accessingTiPortalUserProfileandPreferences.png)
+
+2. Select ΓÇÿDarkΓÇÖ theme. Notice how ΓÇÿLightΓÇÖ is your default theme.
+
+ ![Accessing TI Portal Dark Theme](media/accessingTiPortalDarkTheme.png)
+
+3. Repeat step 1 and select ΓÇÿHigh ContrastΓÇÖ theme.
+
+ ![Accessing TI Portal High Contrast Theme](media/accessingTiPortalHighContrastTheme.png)
+
+4. Repeat step 1 and select ΓÇÿLightΓÇÖ theme.
+
+ ![Accessing TI Portal Light Theme](media/accessingTiPortalLightTheme.png)
+
+## Access Defender TIΓÇÖs ΓÇÿHelpΓÇÖ icon to learn about your Defender TI Microsoft Support resources
+
+1. Click on the ΓÇÿHelpΓÇÖ icon in the upper right-hand corner to the left of the ΓÇÿProfile and PreferencesΓÇÖ icon.
+
+ ![Accessing TI Portal Help](media/accessingTiPortalHelp.png)
+
+2. Review your Defender TI Microsoft Support resources.
+
+ - Here you will find Defender TIΓÇÖs Support email address as well as a link to our Privacy Statement.
+
+## Access Defender TIΓÇÖs ΓÇÿProfile and PreferencesΓÇÖ to logout of the Defender Threat Intelligence Portal
+
+1. Click on the ΓÇÿProfile and PreferencesΓÇÖ icon in the upper right-hand corner of the Defender Threat Intelligence Portal.
+
+2. Select ΓÇÿLogoutΓÇÖ.
+
+ ![Accessing TI Portal Logout](media/accessingTiPortalLogout.png)
+
+## Clean up resources
+There are no resources to clean up in this section.
+
+## Next steps
+
+For more information, see:
+
+[ΓÇÿWhat is Microsoft Defender Threat Intelligence (Defender TI)?ΓÇÖ](what-is-microsoft-defender-threat-intelligence-defender-tI.md)
threat-intelligence Reputation Scoring https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/reputation-scoring.md
+
+ Title: 'Microsoft Defender Threat Intelligence (Defender TI) Reputation Scoring'
+description: 'In this overview article, learn about the Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs reputation scoring feature.'
++++ Last updated : 08/02/2022+++
+# Reputation scoring
+
+Microsoft Defender Threat Intelligence (Defender TI) provides proprietary reputation scores for any Host, Domain, or IP Address. Whether validating the reputation of a known or unknown entity, this score helps users quickly understand any detected ties to malicious or suspicious infrastructure. The platform provides quick information about the activity of these entities (e.g. First and Last Seen timestamps, ASN, country, associated infrastructure) and a list of rules that impact the reputation score when applicable.
+
+Reputation data is important to understanding the trustworthiness of your own attack surface and is also useful when assessing unknown hosts, domains or IP addresses that appear in investigations. These scores will uncover any prior malicious or suspicious activity that impacted the entity, or other known indicators of compromise that should be considered.
+
+![Reputation Edge Screenshot](media/reputationEdgeScreenshot.png)
+## Understanding reputation scores
+
+Reputation Scores are determined by a series of algorithms designed to quickly quantify the risk associated with an entity. We develop Reputation Scores based on our proprietary data by leveraging our crawling infrastructure, as well as IP information collected from external sources.
+
+![Reputation Summary Card](media/reputationSummaryCard.png)
+
+## Detection methods
+Reputation Scores are determined by a series of factors, including known associations to blocklisted entities and a series of machine learning rules used to assess risk.
+
+## Scoring brackets
+Reputation Scores are displayed as a numerical score with a range from 0 to 100. An entity with a score of ΓÇ£0ΓÇ¥ has no known associations to suspicious activity or known indicators of compromise; a score of ΓÇ£100ΓÇ¥ indicates that the entity is malicious. Hosts, Domains, and IP Addresses are grouped into the following categories depending on their numerical score:
+
+| Score | Category | Description |
+|--|||
+| 75+ | Malicious | The entity has confirmed associations to known malicious infrastructure that appears on our blocklist and matches machine learning rules that detect suspicious activity. |
+| 50 ΓÇô 74 | Suspicious | The entity is likely associated to suspicious infrastructure based on matches to three or more machine learning rules. |
+| 25 ΓÇô 49 | Neutral | The entity matches at least two machine learning rules. |
+| 0 ΓÇô 24 | Unknown (Green) | If the score is ΓÇ£UnknownΓÇ¥ and green, the entity has returned at least one matched rule. |
+| 0 ΓÇô 24 | Unknown (Grey) | If the score is ΓÇ£UnknownΓÇ¥ and grey, the entity has not returned any rule matches. |
+
+## Detection rules
+
+Reputation scores are based on many factors that an analyst may reference to determine the relative quality of a domain or address. These factors are reflected in the machine learning rules that comprise the reputation scores. For example, ΓÇ£.xyzΓÇ¥ or ΓÇ£.ccΓÇ¥ top-level domains (TLDs) are generally more suspicious than ".comΓÇ¥ or ΓÇ£.orgΓÇ¥ TLDs. An ASN (Autonomous System Number) hosted by a low-cost or free hosting provider is more likely to be associated with malicious activity, as would a self-signed SSL certificate. This reputation model was developed by looking at relative occurrences of these features among both malicious and benign indicators to score the overall reputation of an entity.
+
+Please refer to the list below for examples of rules used to determine the suspiciousness of a host, domain, or IP address. Please note that this list is not comprehensive and is constantly changing; our detection logic and consequent capabilities are dynamic as they reflect the evolving threat landscape. For this reason, we do not publish a comprehensive list of the machine learning rules used to assess an entityΓÇÖs reputation.
+
+See the example reputation scoring rules below:
+
+| Rule Name | Description |
+||--|
+| SSL-Certificate Self-Signed | Self-signed certificates may indicate malicious behavior |
+| Tagged as Malicious | Tagged as malicious by a member within your organization |
+| Country | Infrastructure hosted in this country is more likely to be malicious |
+| Web components observed | The number of web components observed may indicate maliciousness |
+| Name server | Domain is using a name server that is more likely to be used by malicious infrastructure |
+| Registrar | Domains registered with this registrar are more likely to be malicious |
+| Registrant email provider | Domain is registered with an email provider that is more likely to register malicious domains |
+
+It is important to remember that these factors must be assessed holistically to make an accurate assessment on the reputation of an entity. The specific combination of indicators, rather than any individual indicator, can predict whether an entity is likely to be malicious or suspicious.
+
+## Severity
+
+When creating rules for the machine learning detection system, a severity rating is applied to it. Each rule is assigned ΓÇ£HighΓÇ¥, ΓÇ£MediumΓÇ¥ or ΓÇ£LowΓÇ¥ severity based on the level of risk associated with the rule.
+
+## Use cases
+
+### Incident triage, response and threat hunting
+Defender TIΓÇÖs reputation score, classification, rules, and description of rules can be used to quickly assess if an IP address or domain indicator is good, suspicious, or malicious. Other times, we may not have observed enough infrastructure associated with an IP address or domain to infer if the indicator is good or bad. If an indicator has an unknown or neutral classification, users are encouraged to perform a deeper investigation by reviewing our data sets to infer if the indicator is good or bad. If an indicatorΓÇÖs reputation includes an article association, users are encouraged to review those listed article(s) to learn more about how the indicator is linked to a potential threat actorΓÇÖs campaign, what industries or nations they may be targeting, associated TTPs, and identify other related indicators of compromise to broaden the scope of the incidentΓÇÖs response and hunting efforts.
+
+### Intelligence gathering
+
+Any associated articles can be shared with the analystΓÇÖs cyber threat intelligence team, so they have a clearer understanding of who may be targeting their organization.
+
+## Next steps
+For more information, see [Analyst insights](analyst-insights.md).
threat-intelligence Searching And Pivoting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/searching-and-pivoting.md
+
+ Title: 'Searching &amp; pivoting with Microsoft Defender Threat Intelligence (Defender TI)'
+description: 'Learn how to search and pivot across internet data sets, threat articles, vulnerability articles, and projects using Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# Searching and pivoting
+
+Microsoft Defender Threat Intelligence (Defender TI) offers a robust and flexible search engine to streamline the investigation process. The platform is designed to allow users to pivot across a wide variety of indicators from different data sources, making it easier than ever to discover relationships between disparate infrastructure. This article will help users understand how to conduct a search and pivot across different data sets to discover relationships between different artifacts.
+
+![Search HomePage Chrome Screenshot](media/searchHomePageChromeScreenshot.png)
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+ > [!Note]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## Open Defender TIΓÇÖs Threat Intelligence Home Page
+
+1. Access the [Defender Threat Intelligence Portal](https://defender.microsoft.com/).
+2. Complete Microsoft authentication to access portal.
+
+## Performing threat intelligence searches and pivots
+
+Defender TIΓÇÖs Threat Intelligence search is both simple and powerful, designed to surface immediate key insights while also allowing users to directly interact with the datasets that comprise these insights. The search bar supports a wide variety of different inputs; users can search for specific artifacts as well as Article or Project names.
+
+### Search artifact types
+1. **IP address:** Search ΓÇÿ195.161.141[.]65ΓÇÖ in the Threat Intelligence Search bar. This action results in an IP Address search.
+
+ ![Search Ip Address](media/searchIpAddress.png)
+
+2. **Domain:** Search `fabrikam.com` in the Threat Intelligence Search bar. This action results in a Domain search.
+
+ ![Search Domain](media/searchDomain.png)
+
+3. **Host:** Search `canary.fabrikam.com` in the Threat Intelligence Search bar. This action results in a Host search.
+
+ ![Search Host](media/searchHost.png)
+
+4. **Keyword:** Search ΓÇÿapt29ΓÇÖ in the Threat Intelligence Search bar. This action results in a Keyword search. Keyword searches cover any type of keyword, which may include a term, email address, etc. Keyword searches result in associations with articles, projects, as well as data sets.
+
+ ![Search Keyword](media/searchKeyword.png)
+
+5. **CVE-ID:** Search ΓÇÿCVE-2021-40444ΓÇÖ in the Threat Intelligence Search bar. This action results in a CVE-ID Keyword search.
+
+6. **Article:** Search ΓÇÿCommodity Skimming & Magecart Trends in First Quarter of 2022ΓÇÖ in the Threat Intelligence Search bar. This action results in an Article search.
+
+ ![Search Ti Article](media/searchTiArticle.png)
+
+7. **Tag:** Select ΓÇÿTagΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿmagecartΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Tag search.
+
+ > [!NOTE]
+ > This does not return articles that share that tag value.
+
+ ![Search Tag](media/searchTag.png)
+
+8. **Component:** Select ΓÇÿComponentΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿcobalt strikeΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Component search.
+
+ ![Search Component](media/searchComponent.png)
+
+9. **Tracker:** Select ΓÇÿTrackersΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿ07d14d16d21d21d00042d41d00041d47e4e0ae17960b2a5b4fd6107fbb0926ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Tracker search. Note: In this example, this was a JarmHash Tracker type.
+
+ > [!NOTE]
+ > In this example, this was a JarmHash Tracker type.
+
+ ![Search Trackers](media/searchTrackers.png)
+
+10. **WHOIS Email:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿEmailΓÇÖ from the Threat Intelligence Search drop-down and type in domains@microsoft.com in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Email search.
+
+ ![Search Whois Email](media/searchWhoisEmail.png)
+
+11. **WHOIS Name:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿNameΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿMSN HostmasterΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Name search.
+
+ ![Search Whois Name](media/searchWhoisName.png)
+
+12. **WHOIS Organization:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿOrganizationΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿMicrosoft CorporationΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Organization search.
+
+ ![Search Whois Organization](media/searchWhoisOrganization.png)
+
+13. **WHOIS Address:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿAddressΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿOne Microsoft WayΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Address search.
+
+ ![Search Whois Address](media/searchWhoisAddress.png)
+
+14. **WHOIS City:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿCityΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿRedmondΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS City search.
+
+ ![Search Whois City](media/searchWhoisCity.png)
+
+15. **WHOIS State:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿStateΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿWAΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS State search.
+
+ ![Search Whois State](media/searchWhoisState.png)
+
+16. **WHOIS Postal Code:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿPostal CodeΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿ98052ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Postal Code search.
+
+ ![Search Whois Postal Code](media/searchWhoisPostalCode.png)
+
+17. **WHOIS Country:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿCountryΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿUSΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Country search.
+
+ ![Search Whois Country](media/searchWhoisCountry.png)
+
+18. **WHOIS Phone:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿPhoneΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿ+1.4258828080ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Phone search.
+
+ ![Search Whois Phone](media/searchWhoisPhone.png)
+
+19. **WHOIS Nameserver:** Select ΓÇÿWHOISΓÇÖ > ΓÇÿNameserverΓÇÖ from the Threat Intelligence Search drop-down and type in `ns1-03.azure-dns.com` in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a WHOIS Nameserver search.
+
+ ![Search Whois Name server](media/searchWhoisNameserver.png)
+
+20. **Certificate SHA-1:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿSHA-1ΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿ35cd04a03ef86664623581cbd56e45ed07729678ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate SHA-1 search.
+
+ ![Search Certificate Sha1](media/searchCertificateSha1.png)
+
+21. **Certificate Serial Number:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿSerial NumberΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿ1137354899731266880939192213383415094395905558ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate Serial Number search.
+
+ ![Search Certificate Serial Number](media/searchCertificateSerialNumber.png)
+
+22. **Certificate Issuer Common Name:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿIssuer Common NameΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿMicrosoft Azure TLS Issuing CA 05ΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate Issuer Common Name search.
+
+ ![Search Certificate Issuer CommonName](media/searchCertificateIssuerCommonName.png)
+
+23. **Certificate Issuer Alternative Name:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿIssuer Alternative NameΓÇÖ from the Threat Intelligence Search drop-down and type in a certificate issuer alternative name in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate Issuer Alternative Name search.
+
+24. **Certificate Subject Common Name:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿSubject Common NameΓÇÖ from the Threat Intelligence Search drop-down and type in `*.oneroute.microsoft.com` in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate Subject Common Name search.
+
+ ![Search Certificate Subject CommonName](media/searchCertificateSubjectCommonName.png)
+
+25. **Certificate Subject Alternative Name:** Select ΓÇÿCertificateΓÇÖ > ΓÇÿSubject Alternative NameΓÇÖ from the Threat Intelligence Search drop-down and type in `oneroute.microsoft.com` in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Certificate Subject Alternative Name search.
+
+ ![Search Certificate Subject Alternative Name](media/searchCertificateSubjectAlternativeName.png)
+
+26. **Cookie Name:** Select ΓÇÿCookieΓÇÖ > ΓÇÿNameΓÇÖ from the Threat Intelligence Search drop-down and type in ΓÇÿARRAffinityΓÇÖ in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Cookie Name search.
+
+ ![Search Cookie Name](media/searchCookieName.png)
+
+27. **Cookie Domain:** Select ΓÇÿCookieΓÇÖ > ΓÇÿDomainΓÇÖ from the Threat Intelligence Search drop-down and type in `portal.fabrikam.com` in the Threat Intelligence Search bar. Press Enter or select the right-hand arrow to perform the search. This action results in a Cookie Domain search.
+
+ ![Search Cookie Domain](media/searchCookieDomain.png)
+
+28. **Pivots:** For any of the searches performed in the steps above, there are artifacts with hyperlinks that you can pivot off to discover further enriched results associated with those indicators. Feel free to experiment with this on your own.
+
+## Search results
+
+### Key insights
+
+At the top of the page, the platform provides some basic information about the artifact. This information can include the following, depending on the artifact type:
+
+- **Country:** the flag next to the IP Address indicates the country of origin for the artifact, which can help determine its reputability or security posture. This IP Address is hosted on infrastructure within the United States.
+- **Reputation:** in this example, the IP Address is tagged with ΓÇ£MaliciousΓÇ¥ which indicates that the platform has detected connections between this artifact and known advisory infrastructure. Artifacts can also be tagged ΓÇ£SuspiciousΓÇ¥, ΓÇ£NeutralΓÇ¥ or ΓÇ£UnknownΓÇ¥.
+- **First Seen:** this timestamp indicates when the artifact was first observed by the platformΓÇÖs detection system. Understanding the lifespan of an artifact can help determine its reputability.
+- **Last Seen:** this timestamp indicates when the artifact was last observed by the platformΓÇÖs detection system. This helps determine whether the artifact is still actively used.
+- **IP Block:** the IP block that includes the queried IP address artifact.
+- **Registrar:** the registrar associated to the WHOIS record for the queried domain artifact.
+- **Registrant:** the name of the registrant within the WHOIS data for an artifact.
+- **ASN:** the ASN associated with the artifact.
+- **OS:** the operating system associated with the artifact.
+- **Host:** the hosting provider for the artifact. Some hosting providers are more reputable than others, so this value can help indicate the validity of an artifact.
+
+![Search IP Key Insights](media/searchIPKeyInsights.png)
+
+This section also shows any tags applied to the artifact or any projects that include it. Users can also add a tag or add the artifact to a project.
+
+## Summary tab
+
+### Overview
+
+The results of a Threat Intelligence search are grouped into two tabs: ΓÇ£SummaryΓÇ¥ and ΓÇ£Data.ΓÇ¥ The Summary tab provides key insights about an artifact that the platform has derived from our expansive datasets. This section is designed to surface key findings that can help kickstart an investigation.
+
+### Reputation
+
+Defender TI provides proprietary reputation scores for any Host, Domain, or IP Address. Whether validating the reputation of a known or unknown entity, this score helps users quickly understand any detected ties to malicious or suspicious infrastructure. Reputation Scores are displayed as a numerical score with a range from 0 to 100. An entity with a score of ΓÇ£0ΓÇ¥ has no known associations to suspicious activity or known indicators of compromise; a score of ΓÇ£100ΓÇ¥ indicates that the entity is malicious.
+The platform provides a list of rules with a description and severity rating. In the example below, we see four ΓÇ£high severityΓÇ¥ rules that are applicable to this domain.
+
+For more information, see [Reputation scoring](reputation-scoring.md).
+
+![Summary Tab Reputation](media/summaryTabReputation.png)
+
+### Analyst insights
+
+The Analyst Insights section provides quick insights about the artifact that may help determine the next step in an investigation. This section will list any insights that apply to the artifact and those that do not apply for additional visibility. In the below example, we can quickly determine that the IP Address is routable, hosts a web server, and had an open port within the past five days. Furthermore, the system displays rules that were not triggered, which can be equally helpful when kickstarting an investigation.
+
+For more information, see [Analyst insights](analyst-insights.md).
+
+![Summary Tab Analyst Insights](media/summaryTabAnalystInsights.png)
+
+### Articles
+
+The Articles section displays any articles that may provide insight on how to best investigate and ultimately disarm the impacted artifact. These articles are written by researchers who study the behavior of known threat actors and their infrastructure, surfacing key findings that can help others mitigate risk to their organization. In this example, the searched IP Address has been identified as an IOC that relates to the findings within the article.
+
+For more information, see [What is Microsoft Defender Threat Intelligence (Defender TI)?](what-is-microsoft-defender-threat-intelligence-defender-tI.md)
+
+![Summary Tab Articles](media/summaryTabArticles.png)
+
+### Services
+
+This section lists any detected services running on the IP address artifact. This is helpful when trying to understand the intended use of the entity. When investigating malicious infrastructure, this information can help determine the capabilities of an artifact, enabling users to proactively defend their organization based on this information
+
+![Summary Tab Services](media/summaryTabServices.png)
+
+### Resolutions
+
+Resolutions are individual DNS records captured using passive sensors distributed throughout the world. These values reveal a history of how a Domain or IP address changes infrastructure over time. They can be used to discover additional infrastructure and measure risk based on levels of connection. For each resolution, we provide ΓÇ£first seenΓÇ¥ and ΓÇ£last seenΓÇ¥ timestamps to showcase the lifecycle of the resolutions.
+
+![Summary Tab Re solutions](media/summaryTabResolutions.png)
+
+### Certificates
+
+Beyond securing your data, SSL Certificates are a fantastic way for users to connect disparate network infrastructure. SSL certificates can make connections that passive DNS or WHOIS data may miss. This means more ways of correlating potential malicious infrastructure and identifying potential operational security failures of actors. For each SSL certificate, we provide the certificate name, expiration date, subject common name, and subject organization name.
+
+![Summary Tab Certificates](media/summaryTabCertificates.png)
+
+### Projects
+
+The Defender TI platform allows users to create projects for organizing indicators of interest or compromise from an investigation. Projects are also created to monitor connecting artifacts for improved visibility. Projects contain a listing of all associated artifacts and a detailed history that retains the names, descriptions, collaborators, and monitoring profiles.
+
+When a user searches an IP address, domain, or host, if that indicator is listed within a project the user has access to, the user can select the Projects tab and navigate to the details of the project for more context about the indicator before reviewing the other data sets for more information.
+
+For more information, see [Using projects](using-projects.md).
+
+![Summary Tab Projects](media/summaryTabProjects.png)
+
+### Hashes
+
+Microsoft partners with several commercial and open-source repositories of malware data to pair it with queried infrastructure to populate the Hash data set. Malware repositories today include ProofpointΓÇÖs Emerging Threats, Hybrid Analysis, and VirusTotal. This data helps users understand actor capabilities, intent, and motives of an attacker while also aiding in connecting infrastructure together. Each result contains a unique hash. Our hash data includes the detection source, sample, and collection date.
+
+![Summary Tab Hashes](media/summaryTabHashes.png)
+
+## Data tab
+
+### Overview
+
+The Data tab helps users deep-dive into the tangible connections observed by the Defender TI platform. While the Summary tab surfaces key findings to provide immediate context about an artifact, the Data tab enables analysts to study these connections much more granularly. Users can click on any returned value to pivot across any related metadata.
+
+![Data Sets Edge Screenshot](media/dataSetsEdgeScreenshot.png)
+
+### Data types
+
+The following datasets are available in Defender TI:
+
+- Resolutions
+- WHOIS
+- Certificates
+- Trackers
+- Subdomains
+- Components
+- Host Pairs
+- Hashes
+- Cookies
+- Services
+- DNS
+- Reverse DNS
+
+These separate datasets will appear in separate tabs after submitting a search. The results are clickable, enabling a user to quickly pivot across related infrastructure to unveil insights that may have been missed with traditional investigative methods.
+
+### Resolutions
+
+Passive DNS is a system of record that stores DNS resolution data for a given location, record, and timeframe. This historical resolution data set allows users to view which domains resolved to an IP address and vice versa. This data set allows for time-based correlation based on domain or IP overlap.
+
+PDNS may enable the identification of previously unknown or newly stood-up threat actor infrastructure. Proactive addition of indicators to blocklists can cut off communication paths before campaigns take place. Users will find A record resolution data within the Resolutions data set tab and will find more types of DNS records in the DNS data set tab.
+
+Our PDNS resolution data includes the following:
+- **Resolve:** the name of the resolving entity (either an IP Address or Domain)
+- **Location:** the location the IP address is hosted in.
+- **Network:** the netblock or subnet associated with the IP address.
+- **ASN:** the autonomous system number and organization name
+- **First Seen:** a timestamp that displays the date that we first observed this resolution.
+- **Last Seen:** a timestamp that displays the date that we last observed this resolution.
+- **Source:** the source that enabled the detection of the relationship.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Re solutions](media/dataTabResolutions.png)
+
+### WHOIS
+
+WHOIS is a protocol that lets anyone query information about the ownership of a domain, IP address, or subnet. One of the most common functions for WHOIS in threat infrastructure research is to identify or connect disparate entities based on unique data shared within WHOIS records.
+
+Each WHOIS record has several different sections, all of which could include different information. Commonly found sections include ΓÇ£registrarΓÇ¥, ΓÇ£registrantΓÇ¥, ΓÇ£administratorΓÇ¥, and ΓÇ£technicalΓÇ¥ with each potentially corresponding to a different contact for the record. A lot of the time this data is duplicated across sections, but in some cases, there may be slight discrepancies, especially if an actor made a mistake. When viewing WHOIS information within Defender TI, you will see a condensed record that de-duplicates any data and notates which part of the record it came from.
+
+Users can also view historic WHOIS records to understand how the registration data has changed over time.
+
+Our WHOIS data includes the following:
+
+- **Record Updated:** a timestamp that indicates the day a WHOIS record was last updated.
+- **Last Scanned:** the date that the Defender TI system last scanned the record.
+- **Expiration:** the expiration date of the registration, if available.
+- **Created:** the age of the current WHOIS record.
+- **WHOIS Server:** the server is set up by an ICANN accredited registrar to acquire up-to-date information about domains that are registered within it.
+- **Registrar:** the registrar service used to register the artifact.
+- **Domain Status:** the current status of the domain. An ΓÇ¥active" domain is live on the internet.
+- **Email:** any email addresses found in the WHOIS record, and the type of contact each one is associated with (e.g. admin, tech).
+- **Name:** the name of any contacts within the record, and the type of contact each is associated with.
+- **Organization:** the name of any organizations within the record, and the type of contact each is associated with.
+- **Street:** any street addresses associated to the record, and the type of contact it is associated with.
+- **City:** any city listed in an address associated to the record, and the type of contact it is associated with.
+- **State:** any states listed in an address associated to the record, and the type of contact it is associated with.
+- **Postal Code:** any postal codes listed in an address associated with the record, and the type of contact it is associated with.
+- **Country:** any countries listed in an address associated to the record, and the type of contact it is associated with.
+- **Phone:** any phone numbers listed in the record, and the type of contact it is associated with.
+- **Name Servers:** any name servers associated with the registered entity.
+
+![Data Tab WHOIS](media/dataTabWHOIS.png)
+
+### Certificates
+
+Beyond securing your data, SSL Certificates are a fantastic way for users to connect disparate network infrastructure. Modern scanning techniques allow us to perform data requests against every node on the Internet in a matter of hours, meaning we can easily associate a certificate to an IP address hosting it on a regular basis.
+
+Much like a WHOIS record, SSL certificates require information to be supplied by the user to generate the final product. Aside from the domain, the SSL certificate is being created for (unless self-signed), any of the additional information can be made up by the user. Where our users see the most value from SSL certificates is not necessarily the unique data someone may use when generating the certificate, but where it's hosted.
+
+What makes SSL certificates more valuable is that they can make connections that passive DNS or WHOIS data may miss. This means more ways of correlating potential malicious infrastructure and identifying potential operational security failures of actors. Microsoft has collected over 30 million certificates from 2013 until the present day and provides users with the tools to make correlations on certificate content and history.
+
+Our certificate data includes the following:
+
+- **Sha1:** The SHA1 algorithm hash for an SSL Cert asset.
+- **First Seen:** a timestamp that displays the date that we first observed this certificate on an artifact.
+- **Last Seen:** a timestamp that displays the date that we last observed this certificate on an artifact.
+- **Infrastructure:** any related infrastructure associated with the certificate.
+
+![Data Tab Certificates List](media/dataTabCertificatesList.png)
+
+When a user clicks on a Sha1 hash, the user will be able to see details about the certificate in the right-hand pane, which includes:
+
+- **Serial Number:** The serial number associated with an SSL certificate.
+- **Issued:** The date when a certificate was issued.
+- **Expires:** The date when a certificate will expire.
+- **Subject Common Name:** The Subject Common Name for any associated SSL Certs.
+- **Issuer Common Name:** The Issuer Common Name for any associated SSL Certs.
+- **Subject Alternative Name(s):** Any alternative common names for the SSL Cert.
+- **Issuer Alternative Name(s):** Any additional names of the issuer.
+- **Subject Organization Name:** The organization linked to the SSL certificate registration.
+- **Issuer Organization Name:** The name of the organization that orchestrated the issue of a certificate.
+- **SSL Version:** The version of SSL that the certificate was registered with.
+- **Subject Organization Unit:** Optional metadata that indicates the department within an organization that is responsible for the certificate.
+- **Issuer Organization Unit:** Additional information about the organization issuing the certificate.
+- **Subject Street Address:** The street address where the organization is located.
+- **Issuer Street Address:** The street address where the issuer organization is located.
+- **Subject Locality:** The city where the organization is located.
+- **Issuer Locality:** The city where the issuer organization is located.
+- **Subject State/Province:** The state or province where the organization is located.
+- **Issuer State/Province:** The state or province where the issuer organization is located.
+- **Subject Country:** The country where the organization is located.
+- **Issuer Country:** The country where the issuer organization is located.
+- **Related Infrastructure:** any related infrastructure associated with the certificate.
+
+![Data Tab Certificate Details](media/dataTabCertificateDetails.png)
+
+### Subdomains
+
+A subdomain is an internet domain, which is part of a primary domain. Subdomains are also referred to as "hosts". As an example, `docs.microsoft.com` is a subdomain of `microsoft.com`. For every subdomain, there could be a new set of IP addresses to which the domain resolves to and this can be a great data source for finding related infrastructure.
+
+Our subdomain data includes the following:
+
+- **Hostname:** the subdomain associated with the domain that was searched.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Sub domains](media/dataTabSubdomains.png)
+
+### Trackers
+
+Trackers are unique codes or values found within web pages and often used to track user interaction. These codes can be used to correlate a disparate group of websites to a central entity. Often, actors will copy the source code of a victimΓÇÖs website they are looking to impersonate for a phishing campaign. Seldomly will actors take the time to remove these IDs that allow users to identify these fraudulent sites using our Trackers data sets.
+
+MicrosoftΓÇÖs Tracker data set includes IDs from providers like Google, Yandex, Mixpanel, New Relic, Clicky, and is continuing to grow on a regular basis.
+
+Our tracker data includes the following:
+
+- **Hostname:** the hostname that hosts the infrastructure where the tracker was detected.
+- **First Seen:** a timestamp that displays the date that we first observed this tracker on the artifact.
+- **Last Seen:** a timestamp that displays the date that we last observed this tracker on the artifact.
+- **Type:** the type of tracker that was detected (e.g. GoogleAnalyticsID, JarmHash).
+- **Value:** the identification value for the tracker.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Trackers](media/dataTabTrackers.png)
+
+### Components
+
+Web components are details describing a web page or server infrastructure gleaned from Microsoft performing a web crawl or scan. These components allow a user to understand the makeup of a webpage or the technology and services driving a specific piece of infrastructure.
+
+Pivoting on unique components can find actors' infrastructure or other sites that are compromised. Users can also understand if a website might be vulnerable to a specific attack or compromise based on the technologies that it is running.
+
+Our component data includes the following:
+
+- **Hostname:** the hostname that hosts the infrastructure where the component was detected.
+- **First Seen:** a timestamp of the date that we first observed this component on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this component on the artifact.
+- **Category:** the type of component that was detected (e.g. Operating System, Framework, Remote Access, Server).
+- **Name + Version:** the component name and the version running on the artifact (e.g. Microsoft IIS (v8.5).
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Components](media/dataTabComponents.png)
+
+### Host pairs
+
+Host pairs are two pieces of infrastructure (a parent and a child) that share a connection observed from a MicrosoftΓÇÖs virtual userΓÇÖs web crawl. The connection could range from a top-level redirect (HTTP 302) to something more complex like an iframe or script source reference.
+
+Our host pair data includes the following:
+
+- **Parent Hostname:** the hostname that redirects or otherwise connects to any child hostnames.
+- **Child Hostname:** the hostname that connects to the parent hostname. This value is the result of a redirect or other more complex connection.
+- **First Seen:** the date that we first observed this host pair relationship on the artifact.
+- **Last Seen:** the date that we last observed this host pair relationship on the artifact.
+- **Cause:** the type of connection between the parent and child hostname. Potential causes include redirects, img.src, css.import or script.src connections.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Host Pairs](media/dataTabHostPairs.png)
+
+### Hashes
+
+Microsoft partners with several commercial and open-source repositories of malware data to pair it with queried infrastructure to populate the Hash data set. Malware repositories today include ProofpointΓÇÖs Emerging Threats, Hybrid Analysis, and VirusTotal. This data helps users understand actor capabilities, intent, and motives of an attacker while also aiding in connecting infrastructure together. Each result contains a unique hash.
+
+Our hash data includes the following:
+
+1. **Source:** the source used to detect the hash.
+2. **Sample:** the unique identification code for the detected hash.
+3. **Collection Date:** the day that the hash sample was collected by the designated source.
+
+![Data Tab Hashes](media/dataTabHashes.png)
+
+### Cookies
+
+Cookies are small pieces of data sent from a server to a client as the user browses the internet. These values sometimes contain a state for the application or little bits of tracking data. We highlight and index cookie names observed when crawling a website and allow users to dig into everywhere the system has observed specific cookie names across its crawling and data collection.
+
+Our cookie data includes the following:
+
+- **Hostname:** the host infrastructure that is associated with the cookie.
+- **First Seen:** a timestamp of the date that we first observed this cookie on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this cookie on the artifact.
+- **Name:** the name of the cookie (e.g. JSESSIONID, SEARCH_NAMESITE).
+- **Domain:** the domain associated with the cookie.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Cookies](media/dataTabCookies.png)
+
+### Services
+Service names and port numbers are used to distinguish between different services that run over transport protocols such as TCP, UDP, DCCP, and SCTP. Port numbers can suggest what type of application is running on a particular port. But applications or services can be changed to use a different port to obfuscate or hide the service or application on an IP address. Knowing the port and header/banner information can identify the true application/service and the combination of ports being used. Defender TI surfaces 14 days of history within the Services tab, displaying the last banner response associated with a port observed.
+
+Our Services data includes the following:
+
+- Open ports observed
+- Port numbers
+- Components
+- Number of times the service was observed
+- When the port was last scanned
+- Protocol connection
+- Status of the port
+ - Open
+ - Filtered
+ - Closed
+- Banner response
+
+![Data Tab Services](media/dataTabServices.png)
+
+### DNS
+
+Microsoft has been collecting DNS records over the years, providing users insight into mail exchange (MX) records, nameserver (NS) records, text (TXT) records, start of authority (SOA) records, canonical name (CNAME) records, and pointer (PTR) records. Reviewing DNS records can be helpful to identify shared infrastructure used by actors across the domains they own. For example, actor groups tend to use the same nameservers to segment their infrastructure or the same mail exchange servers to administer their command and control.
+
+Our DNS data includes the following:
+
+- **Value:** the value of the DNS record.
+- **First Seen:** a timestamp of the date that we first observed this record on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this record on the artifact.
+- **Type:** the type of infrastructure associated with the record. Potential options include Mail Servers (MX), text files (TXT), name servers (NS), CNAMES, and Start of Authority (SOA) records.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab DNS](media/dataTabDNS.png)
+
+### Reverse DNS
+
+While a forward DNS lookup queries the IP address of a certain hostname, a reverse DNS lookup queries a specific hostname of an IP address. This dataset will show comparable results as the DNS dataset. Reviewing DNS records can be helpful to identify shared infrastructure used by actors across the domains they own. For example, actor groups tend to use the same nameservers to segment their infrastructure or the same mail exchange servers to administer their command and control.
+
+Our reverse DNS data includes the following:
+
+- **Value:** the value of the Reverse DNS record.
+- **First Seen:** a timestamp of the date that we first observed this record on the artifact.
+- **Last Seen:** a timestamp of the date that we last observed this record on the artifact.
+- **Type:** the type of infrastructure associated with the record. Potential options include Mail Servers (MX), text files (TXT), name servers (NS), CNAMES, and Start of Authority (SOA) records.
+- **Tags:** any tags applied to this artifact in the Defender TI system.
+
+![Data Tab Reverse DNS](media/dataTabReverseDNS.png)
+
+### Intelligence
+
+The intelligence section highlights any curated insights in the Defender TI platform, whether derived from our Research Team via Articles or your own team via Projects. The Intelligence section helps users understand key additional context behind a queried artifact; analysts can learn from the investigation efforts of the larger security community to jumpstart their own.
+
+![Data Tab Intelligence](media/dataTabIntelligence.png)
+
+### Articles
+
+The Articles section displays any articles that may provide insight on how to best investigate and ultimately disarm the impacted artifact. These articles are written by researchers who study the behavior of known threat actors and their infrastructure, surfacing key findings that can help others mitigate risk to their organization. In this example, the searched IP Address has been identified as an IOC that relates to the findings within the article.
+
+For more information, see [What is Microsoft Defender Threat Intelligence (Defender TI)?](what-is-microsoft-defender-threat-intelligence-defender-tI.md)
+
+![Data Tab Intelligence Articles](media/dataTabIntelligenceArticles.png)
+
+### Projects
+
+One of the primary byproducts from infrastructure analysis is almost always a set of indicators that tie back to a threat actor or group of actors. These indicators serve as a way of identifying threat actors when they initiate an attack campaign. Developing insight into adversaryΓÇÖs tactics, techniques, and procedures (TTPs) of how the threat actors operate. Projects provide a method to identify adversaries by their TTPs and to track how the adversaryΓÇÖs infrastructure is changing over time.
+
+When a user searches an IP address, domain, or host in Defender TI, if that indicator is listed within a project the user has access to, the user can select the Projects blade within the Intelligence section and navigate to the details of the project for more context about the indicator before reviewing the other data sets for more information.
+
+Visiting a project's details shows a listing of all associated artifacts and a detailed history that retains all the context described above. Users within the same organization no longer need to spend time communicating back and forth. Threat actor profiles can be built within Defender TI and serve as a "living" set of indicators. As new information is discovered or found, it can be added to that project.
+
+The Defender TI platform allows users to develop multiple project types for organizing indicators of interest and indicators of compromise from an investigation.
+
+For more information, see [Using projects](using-projects.md).
+
+![Data Tab Intelligence Projects](media/dataTabIntelligenceProjects.png)
+
+## Next steps
+
+For more information, see:
+
+- [Sorting, filtering, and downloading data](sorting-filtering-and-downloading-data.md)
+- [Data sets](data-sets.md)
+- [Reputation scoring](reputation-scoring.md)
+- [Analyst insights](analyst-insights.md)
+- [What is Microsoft Defender Threat Intelligence (Defender TI)?](what-is-microsoft-defender-threat-intelligence-defender-tI.md)
+- [Using projects](using-projects.md)
threat-intelligence Sorting Filtering And Downloading Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/sorting-filtering-and-downloading-data.md
+
+ Title: 'Sorting, filtering, and downloading data using Microsoft Defender Threat Intelligence (Defender TI)'
+description: 'Learn how to sort, filter and download data using Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# Sorting, filtering, and downloading data
+The Microsoft Defender Threat Intelligence (Defender TI) platform enables analysts to access our vast collection of crawling data in an indexed and pivot table format. These data sets can be very large, returning expansive amounts of historic and recent data. Thus, allowing analysts to appropriately sort and filter the data provides the ability easily to surface the connections of interest.
+
+![Sorting DataSets Chrome Screenshot](media/sortingDataSetsChromeScreenshot.png)
+
+In this how-to article, youΓÇÖll learn how to sort and filter data for the following data sets:
+
+- Resolutions
+- WHOIS
+- Certificates
+- Subdomains
+- Trackers
+- Components
+- Host Pairs
+- Hashes
+- Cookies
+- Services
+- DNS
+- Reverse DNS
+
+For more information, see [Data sets](data-sets.md).
+
+In this how-to article, youΓÇÖll also learn how to download indicators/artifacts from the following features:
+
+- Projects
+- Articles
+- Data Sets
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+ > [!NOTE]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## Open Defender TIΓÇÖs Threat Intelligence Home Page
+
+1. Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/).
+2. Complete Microsoft authentication to access portal.
+
+## Sorting data
+
+The sorting function on the Data tab enables users to quickly sort our datasets by the column values. By default, most results are sorted by ΓÇ£Last SeenΓÇ¥ (descending) so that the most recently observed results appear at the top of the list; this surfaces the most recent data to immediately provide insight on the current infrastructure of an artifact. Currently, all data sets are sortable by the following ΓÇ£First SeenΓÇ¥ and ΓÇ£Last SeenΓÇ¥ values:
+
+- Last Seen Descending (Default)
+- Last Seen Ascending
+- First Seen Ascending
+- First Seen Descending
+
+Data can be sorted across each data set blade within the Data tab for each IP, domain, or host entity that is searched or pivoted on.
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Apply sorting preferences to the First Seen and Last Seen columns within the Resolutions Data blade.
+
+![Sorting Resolutions](media/sortingResolutions.gif)
+
+## Filtering data
+
+Data filtering allows analysts to access a select group of data based on a particular metadata value. For instance, an analyst can select to only view IP resolutions discovered from a select source, or components of a particular type (e.g. servers, frameworks). This enables users to narrow the query results to items of particular interest. Since the Threat Intelligence platform provides specific metadata that coincides with particular data types, the filter options will be different for each data set.
+
+## Resolution filters
+
+The following filters apply to resolution data:
+
+- **System Tag**: these tags are created by the Threat Intelligence system based on insights discovered by our research team.
+- **Tag**: tags that have been applied by Threat Intelligence users.
+- **ASN**: results that relate to a designated Autonomous System Number (ASN).
+- **Network**: results that relate to designated network.
+- **Source**: the data source that produced the result (e.g. riskiq, emerging_threats).
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Apply filters to each of the types of filter options noted above within the Resolutions Data blade.
+
+![Filters Resolutions](media/filtersResolutions.gif)
+
+## Tracker filters
+
+The following filters apply to tracker data:
+
+- **Type**: the identified tracker type for each artifact (e.g. JarmFuzzyHash, GoogleAnalyticsID).
+- **Address**: the IP address that directly observed the tracker or has a resolving host that observed the tracker. (Appears when searching an IP address)
+- **Hostname**: the host that observed this tracker value. (Appears when searching a domain or host)
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Navigate to the Trackers Data blade.
+3. Apply filters to each of the types of filter options noted above within the Trackers Data blade.
+
+![Filters Trackers](media/filtersTrackers.gif)
+
+## Component filters
+
+The following filters apply to component data:
+
+- **Ipaddressraw:** the IP address that coincides with the returned hostname.
+- **Type:** the designated component type (e.g. remote access, operating system).
+- **Name:** the name of the detected component (e.g. Cobalt Strike, PHP).
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Navigate to the Components Data blade.
+3. Apply filters to each of the types of filter options noted above within the Components Data blade.
+
+![Filters Components](media/filtersComponents.gif)
+
+## Host pair filters
+
+The following filters apply to host pair data:
+
+- **Direction:** the direction of the observed connection. This indicates whether the parent redirects to the child or vice versa.
+- **Parent Hostname:** the hostname of the parent artifact.
+- **Cause:** the detected cause of the host parent / child relationship (e.g. redirect, iframe.src).
+- **Child Hostname:** the hostname of the child artifact.
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Navigate to the Host Pairs Data blade.
+3. Apply filters to each of the types of filter options noted above within the Host Pairs Data blade.
+
+![Filters Host Pairs](media/filtersHostPairs.gif)
+
+## DNS & Reverse DNS filters
+
+The following filters apply to DNS and Reverse DNS data:
+
+- **Record Type:** the type of record detected in the DNS record (e.g. NS, CNAME).
+- **Value:** the designated value of the record (e.g. nameserver.host.com).
+
+1. Search a domain, IP address, or host in the Defender TI Threat Intelligence search bar and navigate to the Data tab.
+2. Navigate to the DNS and later, Reverse DNS Data blades.
+3. Apply filters to each of the types of filter options noted above within the DNS and Reverse DNS Data blades.
+
+![Filters DNS](media/filtersDNS.gif)
+
+## Downloading data
+
+In Defender TI, there are various sections that a user can download data as a csv export. Users need to look out for the download icon to export data as a csv.
+
+![Download Icon](media/downloadIcon.png)
+
+Data can be downloaded within the following sections:
+
+- Most Data Set blades
+- Project
+- Threat Intelligence Article
+
+The following headers are exported as a result of downloading Resolutions, DNS, and reverse DNS data:
+
+| | |
+|-|-|
+| **Resolve** | A record associated with the domain searched (resolving IP Address) or domain that has resolved to an IP address when an IP address is searched |
+| **Location** | Country the IP address is hosted in |
+| **Network** | Netblock or subnet |
+| **autonomousSystemNumber** | Autonomous System Number |
+| **firstSeen** | Date / Time when Microsoft first observed the resolution (format: mm/dd/yyyy hh:mm) |
+| **lastSeen** | Date / Time when Microsoft last observed the resolution (format: mm/dd/yyyy hh:mm) |
+| **Source** | Source that observed this resolution |
+| **Tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading Subdomains data:
+
+| | |
+|-|-|
+| **hostname** | Subdomain of the domain searched |
+| **tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading Trackers data:
+
+| | |
+|-|-|
+| **hostname** | Hostname that observed or is currently observing the tracker |
+| **firstSeen** | Date / Time when Microsoft first observed the hostname was using the tracker (format: mm/dd/yyyy hh:mm) |
+| **lastSeen** | Date / Time when Microsoft first observed the hostname was using the tracker (format: mm/dd/yyyy hh:mm) |
+| **attributeType** | Type of tracker |
+| **attributeValue** | Tracker value |
+| **Tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading Components data:
+
+| | |
+|-|-|
+| **hostname** | Hostname that observed or is currently observing the component |
+| **firstSeen** | Date / Time when Microsoft first observed the hostname was using the tracker (format: mm/dd/yyyy hh:mm |
+| **lastSeen** | Date / Time when Microsoft last observed the hostname was using the component (format: mm/dd/yyyy hh:mm |
+| **category** | Type of component |
+| **name** | Name of the component |
+| **version** | Version of the component |
+| **Tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading Host Pairs data:
+
+| | |
+|-|-|
+| **parentHostname** | The hostname that is reaching out to the child hostname |
+| **childHostname** | The hostname that is feeding assets they host to the parent hostname. |
+| **firstSeen** | Date / Time when Microsoft first observed the relationship between the parent and child hostname (format: mm/dd/yyyy hh:mm) |
+| **lastSeen** | Date / Time when Microsoft last observed the relationship between the parent and child hostname (format: mm/dd/yyyy hh:mm) |
+| **attributeCause** | The cause of the relationship between the parent and child hostname |
+| **Tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading Hashes data:
+
+| | |
+|--|-|
+| **source** | The source who observed the MD5 hash sample |
+| **sample** | The MD5 hash |
+| **collection date** | The collection date captured by the source |
+
+The following headers are exported as a result of downloading Cookies data:
+
+| | |
+|-|-|
+| **hostname** | Hostname that observed the Cookie name |
+| **firstSeen** | When the Cookie name was first observed to the hostname originating from the Cookie Domain (format: mm/dd/yyyy hh:mm) |
+| **lastSeen** | Date / time when the Cookie name was last observed to the hostname originating from the Cookie Domain (format: mm/dd/yyyy hh:mm) |
+| **cookieName** | Name of the cookie |
+| **cookieDomain** | The domain nameΓÇÖs server the cookie name originated from |
+| **Tags** | Custom or system tags associated with the artifact |
+
+The following headers are exported as a result of downloading projects lists for my, team, and shared projects:
+
+| | |
+|-|-|
+| **name** | Name of project |
+| **artifacts (count)** | Count of artifacts within the project |
+| **created by (user)** | User who created the project |
+| **created on** | When the project was created |
+| **tags** | Custom or system tags associated with the artifact |
+| **collaborators** | Who has been added as collaborator(s) to the project. This is only visible for projects that have been downloaded from the My Projects and Shared Projects pages. |
+
+The following headers are exported as a result of downloading project details (artifacts) from a project:
+
+| | |
+|-|-|
+| **artifact** | Artifact value (e.g. IP address, domain, host, WHOIS value, certificate SHA-1, etc.) |
+| **type** | Type of artifact (e.g. IP, domain, host, WHOIS Organization, WHOIS Phone, Certificate SHA-1, etc.) |
+| **created** | Date / Time when the artifact was added to the project (format: mm/dd/yyyy hh:mm) |
+| **creator** | Email address of user who added the artifact |
+| **context** | How the artifact was added to the project |
+| **tags** | Custom or system tags associated with the artifact |
+| **collaborators** | Who has been added as collaborator(s) to the project. This is only visible for projects that have been downloaded from the My Projects and Shared Projects pages. |
+
+The following headers are exported as a result of downloading threat intelligence public or riskiq indicators:
+
+| | |
+|-|-|
+| **type** | Type of indicator (e.g. ip, certificate, domain, hash_sha256) |
+| **value** | Value of the indicator (e.g. IP address, domain, hostname) |
+| **source** | Source of indicator (RiskIQ or OSINT) |
+
+## Next steps
+
+For more information, see [Data sets](data-sets.md).
threat-intelligence Using Projects https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/using-projects.md
+
+ Title: 'Using Projects with Microsoft Defender Threat Intelligence (MDTI)'
+description: 'Learn how to manage projects using Microsoft Defender Threat Intelligence (MDTI).'
++++ Last updated : 08/02/2022+++
+# Using projects
+
+The Microsoft Defender Threat Intelligence (Defender TI) platform allows users to develop private personal or team project types for organizing indicators of interest and indicators of compromise from an investigation. Projects contain a listing of all associated artifacts and a detailed history that retains the names, descriptions, collaborators, and monitoring profiles.
+
+When a user searches an IP address, domain, or host in Defender TI, if that indicator is listed within a project the user has access to, the user can select the Projects blade within the Intelligence section and navigate to the details of the project for more context about the indicator before reviewing the other data sets for more information. Alternatively, users can view their private team projects by selecting the Projects icon on the left-hand menu pane.
+
+Visiting a project's details shows a listing of all associated artifacts and a detailed history that retains all the context described above. Users within the same organization no longer need to spend time communicating back and forth. Threat actor profiles can be built within Defender TI and serve as a "living" set of indicators. As new information is discovered or found, it can be added to that project.
+
+The Defender TI platform allows users to develop multiple project types for organizing indicators of interest and indicators of compromise from an investigation.
+
+The owner of a project can add collaborators (users listed in their Azure tenant with a Defender TI Premium license). This grants the collaborator(s)ΓÇÖ permissions to make any changes to the project as if they were the owner of the project. The exception being that collaborators cannot delete projects. Collaborators will view projects that have been shared with them in the Shared Projects section of the Projects Home Page.
+
+Users can also download artifacts within a project by selecting the download icon. This is a great way for threat hunting teams to use their findings from an investigation to block indicators of compromise or build additional detection rules within their SIEM.
+
+**Questions Projects May Help Answer:**
+
+- Has one of my fellow team members created a Team project that includes this indicator?
+
+ - If so, what other related indicators of compromise has this team member captured and what description as well as tags did they include to describe the type of investigation?
+
+- When did this team member last edit the project?
+
+ ![Projects Detailed Project Chrome Screenshot](media/projectsDetailedProjectChromeScreenshot.png)
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+ > [!NOTE]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## Open Defender TIΓÇÖs Threat Intelligence Home Page
+
+1. Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/).
+2. Complete Microsoft authentication to access portal.
+
+## Creating a Project
+
+Users can create a project in two different ways, through the Projects Home Page or while investigating results.
+
+When logging into the Defender TI Projects Home Page, users are presented with a dashboard showing projects they own or that have been shared with other Defender TI users in their tenant. Directly from this view, users can decide to create a new project, simply by selecting the "+" icon or visit the project page using the left-hand drawer menu.
+
+1. To create a project from the Project Home Page, navigate to the ΓÇÿProjectsΓÇÖ icon and select the ΓÇÿAdd New ProjectΓÇÖ icon within the Projects Home Page.
+
+ ![Add to Project](media/projectsAddProject.png)
+
+ When conducting searches within Defender TI, users can select ΓÇÿAdd to ProjectΓÇÖ to add the artifact (indicator of compromise) to an existing project or create a new project to add the artifact to.
+
+2. To create a project through an investigation, perform an indicator search from the Threat Intelligence search bar and click on the ΓÇÿAdd to ProjectΓÇÖ icon.
+
+3. If creating a new project, select the ΓÇÿAdd New ProjectΓÇÖ link, fill in the required fields and ΓÇÿSaveΓÇÖ your new project. If you already have an existing project you would like to add the artifact to, please select or scroll down and select the project you want.
+
+ ![Add New Project](media/projectsAddNewProjectDetails.png)
+
+## Managing Projects
+
+Once a user has created projects, they can manage them inside of the Projects portion of the platform. The initial Project Home page highlights all the projects the user can see and provides filtering methods based on project properties. The Project Home page defaults to the Team projects associated with Defender TI users in their tenant. They have the option to select any personal projects they have created as well as projects that have been shared with them to contribute to.
+
+![Managing Projects](media/projectsHomePage.png)
+
+1. Users can view the details of a project simply by clicking on the project name.
+2. Depending on the level of access, users can then make changes to the project directly by clicking the edit button in the top right corner.
+3. Users may also delete a project if they are the owner of the project. They can also choose to manually add artifacts using the "Add Artifacts" button in the top right corner.
+
+## Best Practices
+
+When it comes to using Defender TI to investigate potential threats, we recommend executing the following workflows as these steps will enable you to gather strategic and operational intelligence before diving into tactical intelligence.
+
+Users can perform various types of searches within Defender TI. As such, itΓÇÖs important to approach your intelligence gathering method in a way that presents you with broad results before diving into investigating specific indicators. For example, if you search an IP address against the Defender TI Home Page, what articles have an association with that IP address? What information do these articles present about the IP address that you wouldnΓÇÖt otherwise find navigating directly to the IP addressΓÇÖ Data tab for dataset enrichment. For example, has this IP address been identified as a possible C2, who is the threat actor, what other related indicators of compromise is listed in the article, what TTPs is the threat actor using and who are they targeting?
+
+In addition to performing various types of searches with Defender TI, users can collaborate on investigations together. That said, users are encouraged to create projects, add indicators related to an investigation to a project and add collaborators to a project if more than one person is working on the same investigation. This helps reduce time spent analyzing the same IOCs and should result in a quicker workflow observed.
threat-intelligence Using Tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/using-tags.md
+
+ Title: 'Using Tags in Microsoft Defender Threat Intelligence (Defender TI)'
+Description: 'In this how-to article, learn about the tag types and how to add, modify, delete and search custom tags in Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# Using tags
+Microsoft Defender Threat Intelligence (Defender TI) tags are used to provide quick insight about an artifact, whether derived by the system or generated by other users. Tags aid analysts in connecting the dots between current incidents and investigations and their historical context for improved analysis.
+
+The Defender TI platform offers two types of tags: system and custom tags.
+
+![Using Tags Chrome HomePage](media/UsingTagsChromeHomePage.png)
+
+## Prerequisites
+
+- An Azure Active Directory or personal Microsoft account. [Login or create an account](https://signup.microsoft.com/)
+- A Microsoft Defender Threat Intelligence (Defender TI) Premium license.
+ > [!NOTE]
+ > Users without a Defender TI Premium license will still be able to log into the Defender Threat Intelligence Portal and access our free Defender TI offering.
+
+## System tags
+
+These tags are automatically generated by the platform for users to guide their analysis and require no input or effort on the user's part.
+
+System tags can include:
+
+- **Routable:** indicates that the artifact is accessible.
+- **ASN:** pulls an abbreviated portion of an IP address ASN description into a tag to provide analysts context into who the IP address belongs to.
+- **Dynamic:** indicates if a domain is owned by a dynamic DNS service such as No-IP or Change IP.
+- **Sinkhole:** indicates that an IP address is a research sinkhole used by security organizations to investigate attack campaigns and therefore the domains associated will not be directly connected to each other.
+
+![Tags System](media/tagsSystem.png)
+
+## Custom tags
+
+Custom Tags inside of Defender TI to bring context to indicators of compromise (IOCs) and make analysis even simpler by identifying those domains that are known bad from public reporting or that have been categorized by your company's analysts. These tags are created manually by users based on their own investigations. These tags enable users to share key insights about an artifact with other Defender TI Premium license users within their tenant.
+
+![Tags Custom](media/tagsCustom.png)
+
+## Adding, Modifying, and Removing Tags
+
+Users have the ability to add their custom own tags to the tag cluster by entering them into the tag bar. These tags are viewable to the individual user and the user's team members if their organization is a Defender TI customer. Tags entered into the system are private and not shared with the larger community.
+
+Just as users can add tags, they can also modify or remove them. Once a tag is added by a user, it can be modified or removed by that same user or by another paid licensed user within their Enterprise organization. This allows for easy collaboration amongst the Security team.
+
+1. Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/) .
+2. Complete Microsoft authentication to access portal.
+3. Search an indicator in the Threat Intelligence search bar that you would like to add tag(s) for.
+
+ ![Tags Search](media/tagsSearch.png)
+
+4. Select the ΓÇÿEdit TagsΓÇÖ drop-down in the upper left-hand corner of the Defender TI portal.
+
+ ![Tags Search Edit Tags](media/tagsSearchEditTags.png)
+
+5. Add any tags you would like to associate with this indicator.
+
+ > [!Note]
+ > Press the Tab key to add a new indicator.
+
+ ![Tags Search Add Tags](media/tagsSearchAddTags.png)
+
+6. Once all your tags have been added, save your changes by selecting the Save button.
+
+ ![Tags Search Save Tags](media/tagsSearchSaveTags.png)
+
+7. To edit tags, repeat step 3. Remove any tags by selecting the ΓÇÿXΓÇÖ at the end of the tag name or add new tags as you did in step 4.
+
+8. Save your changes.
+
+ ![Tags Search Tags](media/tagsSearchTags.png)
+
+## Viewing and Searching Tags
+
+Users can view tags that were added by themselves or others within their tenant after searching an IP, domain, or host artifact.
+
+![Tags Custom](media/tagsCustom.png)
+
+1. Access the [Defender Threat Intelligence Portal](https://ti.defender.microsoft.com/).
+2. Complete Microsoft authentication to access portal.
+3. Users can search against custom tags via Defender TIΓÇÖs Threat Intelligence Search by selecting the Tag search type in the Threat Intelligence search bar drop-down and searching against the tag value to identify all other indicators that share that same tag value.
+
+ ![Search Tag](media/searchTag.png)
+
+Common Tag Use Case Workflow
+LetΓÇÖs say a triage analyst investigates an incident and finds that it is related to phishing. That analyst can add ΓÇ£phishΓÇ¥ as a tag to the indicators of compromise related to that incident. Later, the incident response and threat hunting team can further analyze these indicators of compromise and work with their cyber threat intelligence counterparts to identify which actor group was responsible for their phishing incident. They can then add another ΓÇ£[actor name]ΓÇ¥ tag to those indicators of compromise or what infrastructure was used that connected them to other related indicators of compromise, such as a ΓÇ£[SHA-1 hash]ΓÇ¥ custom tag.
+
+## Next steps
+
+For more information, see:
+
+- [What is Microsoft Defender Threat Intelligence (Defender TI)?](what-is-microsoft-defender-threat-intelligence-defender-tI.md)
+- [Data sets](data-sets.md)
+- [Sorting, filtering, and downloading data](sorting-filtering-and-downloading-data.md)
+- [Reputation scoring](reputation-scoring.md)
+- [Analyst insights](analyst-insights.md)
+- [Using projects](using-projects.md)
threat-intelligence What Is Microsoft Defender Threat Intelligence Defender Ti https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-tI.md
+
+ Title: 'What is Microsoft Defender Threat Intelligence (Defender TI)?'
+description: 'In this overview article, learn about the main features that come with Microsoft Defender Threat Intelligence (Defender TI).'
++++ Last updated : 08/02/2022+++
+# What is Microsoft Defender Threat Intelligence (Defender TI)?
+
+Microsoft Defender Threat Intelligence (Defender TI) is a platform that streamlines triage, incident response, threat hunting, vulnerability management, and cyber threat intelligence analyst workflows when conducting threat infrastructure analysis and gathering threat intelligence. Analysts spend a significant amount of time on data discovery, collection, and parsing, instead of focusing on what actually helps their organization defend themselves--deriving insights about the actors through analysis and correlation.?
+
+Often, analysts must go to multiple repositories to obtain the critical data sets they need to assess a suspicious domain, host, or IP address. DNS data, WHOIS information, malware, and SSL certificates provide important context to indicators of compromise (IOCs), but these repositories are widely distributed and donΓÇÖt always share a common data structure, making it difficult to ensure analysts have all relevant data needed to make a proper and timely assessment of suspicious infrastructure.
+
+Interacting with these data sets can be cumbersome and pivoting between these repositories is time-consuming, draining the resources of security operations groups that constantly need to re-prioritize their response efforts.
+
+Cyber Threat Intelligence Analysts struggle with balancing a breadth of threat intelligence ingestion with the analysis of which threat intelligence poses the biggest threats to their organization and/or industry.
+
+In the same breadth, Vulnerability Intelligence Analysts battle correlating their asset inventory with CVE information to prioritize the investigation and remediation of the most critical vulnerabilities associated with their organization.
+
+MicrosoftΓÇÖs goal is to re-imagine the analyst workflow by developing a platform, Defender TI, that aggregates and enriches critical data sources and displays data in an innovative, easy to use interface to correlate when indicators are linked to articles and vulnerabilities, infrastructure chain together indicators of compromise (IOCs), and collaborate on investigations with fellow Defender TI licensed users within their tenant. With security organizations actioning an ever-increasing amount of intelligence and alerts within their environment, having a Threat Analysis & Intelligence Platform that allows for accurate and timely assessments of alerting is important.
+
+Below is a screenshot of Defender TIΓÇÖs Threat Intelligence Home Page. Analysts can quickly scan new featured articles as well as begin their intelligence gathering, triage, incident response, and hunting efforts by performing a keyword, artifact or CVE-ID search.
+
+![TI Overview Edge Screenshot](media/tiOverviewEdgeScreenshot.png)
+
+## Defender TI articles
+Articles are narratives by Microsoft that provide insight into threat actors, tooling, attacks, and vulnerabilities. Defender TI featured and articles are not blog posts about threat intelligence; while they summarize different threats, they also link to actionable content and key indicators of compromise to help users take action. By including this technical information in the threat summaries, we enable users to continually track threat actors, tooling, attacks, and vulnerabilities as they change.
+
+## Featured articles
+
+The featured article section of the Defender TI Threat Intelligence Home Page (right below the search bar) shows you the featured Microsoft content:
+
+![TI Overview Featured Articles](media/tiOverviewFeaturedArticles.png)
+
+Clicking the article takes you to the underlying article content. The article synopsis gives the user a quick understanding of the article. The Indicators call-out shows how many Public and Defender TI indicators are associated with the article.
+
+![TI Overview Featured Article](media/tiOverviewFeaturedArticle.png)
+
+## Articles
+
+All articles (including featured articles) are listed under the Microsoft Defender TI Threat Intelligence Home Page articles section, ordered by their creation date (descending):
+
+![TI Overview Articles](media/tiOverviewArticles.png)
+
+## Article descriptions
+
+The description section of the article detail screen contains information about the attack or attacker profiled. The content can range from very short (in the case of OSINT bulletins) or quite long (for long-form reporting ΓÇô especially when Microsoft has augmented the report with content). The longer descriptions may contain images, links to the underlying content, links to searches within Defender TI, attacker code snippets, and firewall rules to block the attack:
+
+![TI Overview Article Description](media/tiOverviewArticleDescription.png)
+
+## Public indicators
+
+The public indicators section of the screen shows the previously published indicators related to the article. The links in the public indicators take one to the underlying Defender TI data or relevant external sources (e.g., VirusTotal for hashes).
+
+![TI Overview Article Public Indicators](media/tiOverviewArticlePublicIndicators.png)
+
+## Defender TI indicators
+
+The Defender TI indicators section covers the indicators that Defender TIΓÇÖs research team has found and added to the articles.
+
+These links also pivot into the relevant Defender TI data or the corresponding external source.
+
+![TI Overview Article Defender TI Indicators](media/tiOverviewArticleDefenderTiIndicators.png)
+
+## Vulnerability articles
+
+Defender TI offers CVE-ID searches to help users identify critical information about the CVE. CVE-ID searches result in Vulnerability Articles.
+
+Vulnerability Articles provide key context behind CVEs of interest. Each article contains a description of the CVE, a list of affected components, tailored mitigation procedures and strategies, related intelligence articles, references in Deep & Dark Web chatter, and other key observations. These articles provide deeper context and actionable insights behind each CVE, enabling users to more quickly understand these vulnerabilities and quickly mitigate them.
+
+Vulnerability Articles also include a Defender TI Priority Score and severity indicator. The Defender TI Priority Score is a unique algorithm which reflects the priority of a CVE based on the CVSS score, exploits, chatter, and linkage to malware. Furthermore, the Defender TI Priority Score evaluates the recency of these components so users can understand which CVEs should be remediated first.
+
+## Reputation scoring
+
+Defender TI provides proprietary reputation scores for any Host, Domain, or IP Address. Whether validating the reputation of a known or unknown entity, this score helps users quickly understand any detected ties to malicious or suspicious infrastructure. The platform provides quick information about the activity of these entities, such as First and Last Seen timestamps, ASN, country, associated infrastructure, and a list of rules that impact the reputation score when applicable.
+
+![Reputation Summary Card](media/reputationSummaryCard.png)
+
+IP reputation data is important to understanding the trustworthiness of your own attack surface and is also useful when assessing unknown hosts, domains or IP addresses that appear in investigations. These scores will uncover any prior malicious or suspicious activity that impacted the entity, or other known indicators of compromise that should be considered.
+
+For more information, see [Reputation scoring](reputation-scoring.md).
+
+## Analyst insights
+
+Analyst insights distill MicrosoftΓÇÖs vast data set into a handful of observations that simplify the investigation and make it more approachable to analysts of all levels.
+
+Insights are meant to be small facts or observations about a domain or IP address and provide Defender TI users with the ability to make an assessment about the artifact queried and improve a user's ability to determine if an indicator being investigated is malicious, suspicious, or benign.
+
+For more information, see [Analyst insights](analyst-insights.md).
+
+![Summary Tab Analyst Insights](media/summaryTabAnalystInsights.png)
+
+## Data sets
+Microsoft centralizes numerous data sets into a single platform, Defender TI, making it easier for MicrosoftΓÇÖs community and customers to conduct infrastructure analysis. MicrosoftΓÇÖs primary focus is to provide as much data as possible about Internet infrastructure to support a variety of security use cases.
+
+Microsoft collects, analyzes, and indexes internet data to assist users in detecting and responding to threats, prioritizing incidents, and proactively identifying adversariesΓÇÖ infrastructure associated with actor groups targeting their organization. Microsoft collects internet data via itsΓÇÖ PDNS sensor network, global proxy network of virtual users, port scans, and leverages third-party sources for malware and added Domain Name System (DNS) data.
+
+This internet data is categorized into two distinct groups: traditional and advanced. Traditional data sets include Resolutions, WHOIS, SSL Certificates, Subdomains, Hashes, DNS, Reverse DNS, and Services. Advanced data sets include Trackers, Components, Host Pairs, and Cookies. Trackers, Components, Host Pairs, and Cookies data sets are collected from observing the Document Object Model (DOM) of web pages crawled. Additionally, Components and Trackers are also observed from detection rules that are triggered based on the banner responses from port scans or SSL Certificate details. Many of these data sets have various methods to sort, filter, and download data, making it easier to access information that may be associated with a specific artifact type or time in history.
+
+For more information, see:
+
+- [Sorting, filtering, and downloading data](sorting-filtering-and-downloading-data.md)
+- [Data sets](data-sets.md)
+
+![ti Overview Data Sets](media/tiOverviewDataSets.png)
+
+## Tags
+
+Defender TI tags are used to provide quick insight about an artifact, whether derived by the system or generated by other users. Tags aid analysts in connecting the dots between current incidents and investigations and their historical context for improved analysis.
+
+The Defender TI platform offers two types of tags: system tags and custom tags.
+
+For more information, see [Using tags](using-tags.md).
+
+![Tags Custom](media/tagsCustom.png)
+
+## Projects
+
+MicrosoftΓÇÖs Defender TI platform allows users to develop multiple project types for organizing indicators of interest and indicators of compromise from an investigation. Projects contain a listing of all associated artifacts and a detailed history that retains the names, descriptions, and collaborators.
+
+When a user searches an IP address, domain, or host in Defender TI, if that indicator is listed within a project the user has access to, the user can see a link to the project from the Projects sections in the Summary tab as well as Data tab. From here, the user can navigate to the details of the project for more context about the indicator before reviewing the other data sets for more information. This helps analysts to avoid reinventing the wheel of an investigation one of their Defender TI tenant users may have already started or add onto that investigation by adding new artifacts (indicators of compromise) related to that project (if they have been added as a collaborator to the project).
+
+For more information, see [Using projects](using-projects.md).
+
+![Defender TI Overview Projects](media/defenderTIOverviewProjects.png)
+
+## Data residency, availability, and privacy
+
+Microsoft Defender Threat Intelligence contains both global data and customer-specific data. The underlying internet data is global Microsoft data; labels applied by customers are considered customer data. All customer data is stored in the region of the customerΓÇÖs choosing.
+
+For security purposes, Microsoft collects users' IP addresses when they log in. This data is stored for up to 30 days but may be stored longer if needed to investigate potential fraudulent or malicious use of the product.
+
+In the case of a region down scenario, customers should see no downtime as Defender TI uses technologies that replicate data to a backup regions.
+
+Defender TI processes customer data. By default, customer data is replicated to the paired region.
+
+## Next steps
+
+For more information, see:
+
+- [Quickstart: Learn how to access Microsoft Defender Threat Intelligence and make customizations in your portal](learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal.md)
+- [Data sets](data-sets.md)
+- [Searching and pivoting](searching-and-pivoting.md)
+- [Sorting, filtering, and downloading data](sorting-filtering-and-downloading-data.md)
+- [Infrastructure chaining](infrastructure-chaining.md)
+- [Reputation scoring](reputation-scoring.md)
+- [Analyst insights](analyst-insights.md)
+- [Using projects](using-projects.md)
+- [Using tags](using-tags.md)
admin Mailbox Usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/mailbox-usage.md
description: "Learn how to get the Mailbox usage report to find out about activi
# Microsoft 365 Reports in the admin center - Mailbox usage
-The **Mailbox usage report** provides information about users with a user mailbox and the level of activity by each based on the email send, read, create appointment, send meeting, accept meeting, decline meeting and cancel meeting activity. It also provides information about how much storage has been consumed by each user mailbox, and how many of them are approaching storage quotas.
+The **Mailbox usage report** provides information about users with a user mailbox and the level of activity by each based on the email send, read, create appointment, send meeting, accept meeting, decline meeting and cancel meeting activity. It also provides information about how much storage has been consumed by each user mailbox, and how many of them are approaching storage quotas. The mailbox usage report also contains information on mailboxes shared amongst users, providing storage and quota data on shared mailboxes.
## How to get to the mailbox usage report
The **Mailbox usage report** provides information about users with a user mailbo
2. Select **View More** under **Email activity**. 3. From the **Email activity** drop-down list, select **Exchange** \> **Mailbox usage**.
-## Interpret the mailbox usage report
+## Interpret the Mailbox usage report
-You can get a view into your organization's **Mailbox usage** by looking at the **Mailbox**, **Storage** and **Quota** charts.
+You can get a view into your organization's mailbox usage by looking at the **Mailbox**, **Storage** and **Quota** charts.
+
+To access shared mailbox information, change the drop-down selection at the top right of the charts to **Shared**. If your tenant does not have shared mailboxes, you will not be able to view any shared mailbox information. Also note that if youΓÇÖve opted to view shared charts, currently you will not be able to export the chart information. This is a known issue and will be corrected in a future iteration.
:::image type="content" alt-text="Mailbox usage report." source="../../media/9f610e91-cbc1-4e59-b824-7b1ddd84b738.png" lightbox="../../media/9f610e91-cbc1-4e59-b824-7b1ddd84b738.png"::: The **Mailbox usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. However, if you select a particular day in the report, the table will show data for up to 28 days from the current date (not the date the report was generated). The data in each report usually covers up to the last 24 to 48 hours.
-The **Mailbox** chart shows you the total number of user mailbox in your organization, and the total number that are active on any given day of the reporting period. A user mailbox is considered active if it had an email send, read, create appointment, send meeting, accept meeting, decline meeting and cancel meeting activity.
+### The Mailbox chart
+
+The **Mailbox** chart shows you the total number of user or shared mailboxes in your organization, and the total number that are active on any given day of the reporting period. A user or shared mailbox is considered active if it had an email send, read, create appointment, send meeting, accept meeting, decline meeting and cancel meeting activity.
-The **Storage** chart shows you amount of storage used in your organization. Storage Chart doesn't include archive mailboxes. For more information about auto-expanding archiving, see [Overview of auto-expanding archiving in Microsoft 365](../../compliance/autoexpanding-archiving.md).
+On the Mailbox chart:
+- The Y axis is the number of user or shared mailboxes.
+- The X axis is the selected date range for this specific report.
-The **Quota** chart shows you the number of user mailboxes in each quota category. There are four quota categories:
-- Good: The number of users whose storage used is below the "issue warning" quota.-- Warning: The number of users whose storage used is at or above the "issue warning" quota, but below the "prohibit send" quota.-- Can't send: The number of users whose storage used is at or above the prohibit send quota, but below the prohibit send/receive quota.-- Can't send/receive: The number of users whose storage used is at or above the "prohibit send/receive" quota.
+### The Storage chart
-On the Mailbox chart, the Y axis is the count of user mailboxes.
+The **Storage** chart shows you amount of storage used in your organization by mailbox type. Storage Chart doesn't include archive mailboxes. For more information about auto-expanding archiving, see [Overview of auto-expanding archiving in Microsoft 365](../../compliance/autoexpanding-archiving.md).
-On the Storage chart, the Y axis is the amount of storage being used by user mailboxes in your organization.
+On the Storage chart:
+- The Y axis is the amount of storage being used by user or shared mailboxes in your organization.
+- The X axis is the selected date range for this specific report.
-The X axis on the Mailbox and Storage charts is the selected date range for this specific report.
+### The Quota chart
-On the Quota chart, the Y axis is the number of user mailboxes in each storage quota. And the X axis is the quota category.
+The **Quota** chart shows you the number of user or shared mailboxes in each quota category. There are four quota categories:
+- Good: The number of users or shared mailboxes whose storage used is below the "issue warning" quota.
+- Warning: The number of users or shared mailboxes whose storage used is at or above the "issue warning" quota, but below the "prohibit send" quota.
+- Can't send: The number of users or shared mailboxes whose storage used is at or above the prohibit send quota, but below the prohibit send/receive quota.
+- Can't send/receive: The number of users or shared mailboxes whose storage used is at or above the "prohibit send/receive" quota.
+
+On the Quota chart:
+- The Y axis is the number of user or shared mailboxes in each storage quota.
+- The X axis is the quota category.
You can filter charts you see by selecting an item in the legend.
-The table shows you a breakdown of mailbox usage at the per-user level. You can add additional columns to the table.
+## Mailbox usage per mailbox table
+
+This table shows you a breakdown of mailbox usage at the per mailbox level. You can add additional columns to the table.
|Item|Description| |:--|:--|
+|Recipient type |Either Shared or User. |
|User name |The email address of the user. | |Display Name |The full name of the user. | |Deleted |The mailbox whose current state is deleted, but was active during some part of the reporting period of the report.|
The table shows you a breakdown of mailbox usage at the per-user level. You can
|Has Archive|Shows if the mailbox has an online archive enabled. |
-If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **Hide user details in the reports** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md.
+If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **Hide user details in the reports** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md).
Select **Choose columns** to add or remove columns from the report. <br/> :::image type="content" alt-text="Mailbox usage report - choose columns." source="../../media/ea3d0b18-6ac6-41b0-9bb9-4844f040ea75.png":::
admin About Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-admin-roles.md
search.appverid:
- MET150 - MOE150 ms.assetid: da585eea-f576-4f55-a1e0-87090b6aaa9d
-description: "Learn about admin roles, such as the Service admin role, which map to specific business functions and give permissions to do specific tasks in the admin center."
+description: "Learn about admin roles, such as the global admin role, or the service admin role. Roles map to specific business functions and give permissions to do specific tasks in the Microsoft 365 admin center."
# About admin roles in the Microsoft 365 admin center
You'll probably only need to assign the following roles in your organization. By
|Groups admin | Assign the groups admin role to users who need to manage all groups settings across admin centers, including the Microsoft 365 admin center and Azure Active Directory portal. <br><br> Groups admins can:<br> - Create, edit, delete, and restore Microsoft 365 groups <br> - Create and update group creation, expiration, and naming policies <br> - Create, edit, delete, and restore Azure Active Directory security groups| |Helpdesk admin | Assign the Helpdesk admin role to users who need to do the following:<br> - Reset passwords <br> - Force users to sign out <br> - Manage service requests <br> - Monitor service health <br> <br> **Note**: The Helpdesk admin can only help non-admin users and users assigned these roles: Directory reader, Guest inviter, Helpdesk admin, Message center reader, and Reports reader. | |License admin | Assign the License admin role to users who need to assign and remove licenses from users and edit their usage location. <br/><br/> License admins also can: <br> - Reprocess license assignments for group-based licensing <br> - Assign product licenses to groups for group-based licensing |
+|Message center privacy reader | Assign the Message center privacy reader role to users who need to read privacy and security messages and updates in the Microsoft 365 Message center. Message center privacy readers may get email notifications related to data privacy, depending on their preferences, and they can unsubscribe using Message center preferences. Only global administrators and Message center privacy readers can read data privacy messages. This role has no permission to view, create, or manage service requests. <br><br>Message center privacy readers can also: <br> - Monitor all notifications in the Message Center, including data privacy messages <br> - View groups, domains, and subscriptions |
+|Message center reader | Assign the Message center reader role to users who need to do the following: <br> - Monitor message center notifications <br> - Get weekly email digests of message center posts and updates <br> - Share message center posts <br> - Have read-only access to Azure AD services, such as users and groups|
|Office Apps admin | Assign the Office Apps admin role to users who need to do the following: <br> - Use the Office cloud policy service to create and manage cloud-based policies for Office <br> - Create and manage service requests <br> - Manage the What's New content that users see in their Office apps <br> - Monitor service health | |Password admin | Assign the Password admin role to a user who needs to reset passwords for non-administrators and Password Administrators. |
-|Message center reader | Assign the Message center reader role to users who need to do the following: <br> - Monitor message center notifications <br> - Get weekly email digests of message center posts and updates <br> - Share message center posts <br> - Have read-only access to Azure AD services, such as users and groups|
|Power Platform admin | Assign the Power Platform admin role to users who need to do the following: <br> - Manage all admin features for Power Apps, Power Automate, and Microsoft Purview Data Loss Prevention <br> - Create and manage service requests <br> - Monitor service health | |Reports reader | Assign the Reports reader role to users who need to do the following: <br> - View usage data and the activity reports in the Microsoft 365 admin center <br> - Get access to the Power BI adoption content pack <br> - Get access to sign-in reports and activity in Azure AD <br> - View data returned by Microsoft Graph reporting API| |Service Support admin | Assign the Service Support admin role as an additional role to admins or users who need to do the following in addition to their usual admin role: <br> - Open and manage service requests <br> - View and share message center posts <br> - Monitor service health |
admin Add Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-users.md
- Adm_O365_Setup - Adm_TOC
+- VSBFY23
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
admin Let Users Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/let-users-reset-passwords.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- MSStore_Link - TRN_M365B - OKR_SMB_Videos
admin Resend User Password https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/resend-user-password.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- VSBFY23
search.appverid: - BCS160 - MET150
admin Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/reset-passwords.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- TopSMBIssues - MSStore_Link - TRN_M365B
admin Set Password To Never Expire https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/set-password-to-never-expire.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- MSStore_Link - AdminSurgePortfolio - AdminTemplateSet
admin Admin Center Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-center-overview.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - adminvideo - admindeeplinkMAC
admin Admin Mobile App https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-mobile-app.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
admin Sign Up For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/sign-up-for-office-365.md
- Adm_TOC - commerce_signup
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - okr_SMB
admin What Is Microsoft 365 For Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-is-microsoft-365-for-business.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo - intro-overview
admin What Subscription Do I Have https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-subscription-do-i-have.md
- Adm_TOC - commerce_subscriptions
+- VSBFY23
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
admin Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/overview.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet search.appverid:
admin Set Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/set-up.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet search.appverid:
admin Add Or Remove Members From Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/add-or-remove-members-from-groups.md
f1.keywords: NOCSH -+ audience: Admin
admin Compare Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/compare-groups.md
f1.keywords: CSH -+ audience: Admin
admin Create Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/create-groups.md
f1.keywords: CSH -+ audience: Admin
admin Manage Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-groups.md
f1.keywords: NOCSH -+ audience: Admin
admin Manage Guest Access In Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-guest-access-in-groups.md
f1.keywords: NOCSH -+ audience: Admin
admin Office 365 Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md
f1.keywords: NOCSH -+ audience: Admin
admin Restore Deleted Group https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/restore-deleted-group.md
f1.keywords: CSH -+ audience: Admin
admin Update Dns Records To Retain Current Hosting Provider https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/dns/update-dns-records-to-retain-current-hosting-provider.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - BCS160 - MET150
admin Add User Or Contact To Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-user-or-contact-to-distribution-list.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet search.appverid:
admin Email Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/email-collaboration.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365--+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - BCS160 - MET150
admin Get Help Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-support.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - adminvideo - AdminTemplateSet
admin Buy A Domain Name https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/buy-a-domain-name.md
- Adm_TOC - Adm_O365_Setup
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet search.appverid:
admin Change Nameservers At Any Domain Registrar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/change-nameservers-at-any-domain-registrar.md
- Adm_TOC - Adm_O365_Setup
+- VSBFY23
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
admin Create Dns Records At Any Dns Hosting Provider https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md
search.appverid:
- MET150 description: "Connect a domain at any DNS hosting provider to Microsoft 365 by verifying your domain and updating the DNS records in your registrarΓÇÖs account."
+- VSBFY23
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
admin Dns Basics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/dns-basics.md
ms.localizationpriority: high
- M365-subscription-management - Adm_O365-
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Find And Fix Issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/find-and-fix-issues.md
- Adm_TOC - Adm_O365_Setup
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Find Your Domain Registrar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/find-your-domain-registrar.md
ms.localizationpriority: high
- M365-subscription-management - Adm_O365- - Adm_O365_Setup-+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - BCS160 - MET150
admin Information For Dns Records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/information-for-dns-records.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- - Adm_O365_Setup
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet - admindeeplinkMAC
admin What Is A Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/what-is-a-domain.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- search.appverid: - BCS160 - MET150 - MOE150 ms.assetid: c33d1ba6-077c-4cea-be04-cfffbe3f3ed8 description: "Learn what a domain is and how you can buy a domain or use the default domain of your business to get started with OneDrive and Microsoft apps."-+
+- VSBFY23
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
admin Assign Licenses To Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/assign-licenses-to-users.md
- Adm_TOC - commerce_licensing
+- VSBFY23
- AdminSurgePortfolio - TopSMBIssues - SaRA
admin Centralized Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/centralized-deployment-of-add-ins.md
Should your Microsoft 365 reports show anonymous user names instead of actual us
## User and group assignments
-The Centralized Deployment feature currently supports the majority of groups supported by Azure Active Directory, including Microsoft 365 groups, distribution lists, and security groups.
+The Centralized Deployment feature currently supports the majority of groups supported by Azure Active Directory, including Microsoft 365 groups, distribution lists, dynamic groups, and security groups.
> [!NOTE] > Non-mail enabled security groups are not currently supported.
admin Find Your Partner Or Reseller https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/find-your-partner-or-reseller.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- MSStore_Link - AdminSurgePortfolio - admindeeplinkMAC
admin Idle Session Timeout Web Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/idle-session-timeout-web-apps.md
description: "Set how long user's session will last in Microsoft 365 before they
<!-- Add metadata: localization, AdminSurgePortfolio, admindeeplinkMAC. remove robots nofollow --> > [!IMPORTANT]
-> Idle session timeout isn't available for Microsoft 365 operated by 21Vianet, or Microsoft 365 Germany.
+> Idle session timeout isn't available for Microsoft 365 operated by 21Vianet or Microsoft 365 Germany.
Use idle session timeout to configure a policy on how long users are inactive in your organization before they are signed out of Microsoft 365 web apps. This helps protect sensitive company data and adds another layer of security for end users who work on non-company or shared devices.
admin Message Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/message-center.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- - AdminSurgePortfolio - okr_smb
admin Send Email As Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/send-email-as-distribution-list.md
ms.localizationpriority: medium - Adm_O365- - MSStore_Link - AdminSurgePortfolio
admin Set Password Expiration Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Test And Deploy Microsoft 365 Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps.md
For additional information about purchasing and licensing Microsoft 365 apps fro
For more info on how partners create these apps, see [How to plan a SaaS offer for the commercial marketplace](https://go.microsoft.com/fwlink/?linkid=2158277)
-The Integrated apps portal is only accessible to global admins and available to world-wide customers only. This feature is not available in sovereign and government clouds.
+The Integrated apps portal is available to world-wide customers only and can be accessed by global admins, global readers, and Exchange admins. This feature is not available in sovereign and government clouds.
The Integrated apps portal displays a list of apps, which includes single apps and Microsoft 365 apps from partners which are deployed your organization. Only web apps, SPFx apps, Office Add-ins, and Teams apps are listed. For web apps, you can see two kinds of apps.
Post deployment, admins can also manage user access to add-ins.
9. If the app has a status of **Update pending**, you can click on the app to open the **Manage** pane and update the app. 10. To just update users, select the **Users** tab and make the appropriate change. Select **Update** after making your changes.
+> [!NOTE]
+> Only the admin who deployed the add-in or a global admin can manage that add-in.
+ ## Delete an add-in You can also delete an add-in that was deployed.
You can also delete an add-in that was deployed.
## Scenarios where Exchange admin cannot deploy an add-in There are two cases in which an Exchange Admin won't be able to deploy an add-in:+ - If an add-in needs permission to MS Graph APIs and needs consent from a global admin. - If an add-in is linked to two or more add-ins and webapps, and at least one of these add-ins is deployed by another admin (exchange/global) and the user assignment is not uniform. We only allow deployment of add-ins when the user assignment is the same for all the already deployed apps.
There are two cases in which an Exchange Admin won't be able to deploy an add-in
### Which administrator role do I need to access Integrated apps?
-Only global administrators can access Integrated Apps. Integrated apps won't show up in the left nav for other administrators.
+Only global admins and Exchange admins can access Integrated Apps. Integrated apps won't show up in the left nav for other administrators.
### Why do I see Add-in in the left nav under Setting but not Integrated apps?
Integrated apps allow deployment of Web Apps, Teams app, Excel, PowerPoint, Word
### Can administrators delete or remove apps?
-Yes. Global administrators can delete or remove apps.
+Only the admin who deployed the app or add-in or a global admin can delete or remove it.
- Select an app from the list view. On the **Configuration** tab, select which apps to remove.
admin Upgrade Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/upgrade-distribution-lists.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- - AdminSurgePortfolio - AdminTemplateSet
admin Move Email And Data To Office 365 Business Premium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/move-email-and-data-to-office-365-business-premium.md
- Adm_O365 - Adm_NonTOC - SPO_Content-+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - BCS160 - MET150
admin Password Policy Recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/password-policy-recommendations.md
- Adm_O365 - Adm_NonTOC
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Set Up Dns Records Vsb https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/set-up-dns-records-vsb.md
ms.localizationpriority: high
- M365-subscription-management - Adm_O365- - Adm_O365_Setup search.appverid: - MET150 description: "Learn to verify your domain and create DNS records with Microsoft 365."
+- VSBFY23
- AdminSurgePortfolio
admin Set Up Outlook To Read Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/set-up-outlook-to-read-email.md
ms.localizationpriority: medium
+- VSBFY23
- Core_O365Admin_Migration - GSTips - MiniMaven
admin Sign Up With A Personal Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/sign-up-with-a-personal-email-address.md
ms.localizationpriority: medium
- Adm_O365 - Adm_NonTOC-+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - MET150 - MOE150
admin Add Google Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/add-google-domain.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo - admindeeplinkMAC
admin Cancel Google https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/cancel-google.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365-+
+- VSBFY23
- AdminSurgePortfolio - adminvideo monikerRange: 'o365-worldwide'
admin Connect Domain Tom365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/connect-domain-tom365.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo - admindeeplinkMAC
admin Migrate Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/migrate-email.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo - admindeeplinkMAC
admin Migrate Files Migration Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/migrate-files-migration-manager.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo monikerRange: 'o365-worldwide'
admin Move From Google Workspace Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/moveto-microsoft-365/move-from-google-workspace-overview.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo monikerRange: 'o365-worldwide'
admin Gdpr Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/gdpr-compliance.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- VSBFY23
+- AdminSurgePortfolio
search.appverid: - BCS160 - MET150
admin Increase Threat Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/increase-threat-protection.md
- M365-identity-device-management - Adm_TOC
+- VSBFY23
- MiniMaven - MSB365 - OKR_SMB_M365
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
f1.keywords:
- CSH -+ audience: Admin
- Adm_O365 - Adm_TOC
+- VSBFY23
- MSStore_Link - AdminSurgePortfolio - okr_smb
admin Set Up Multi Factor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet - admindeeplinkMAC
admin Add Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/add-domain.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- adminvideo - TopSMBIssues - SaRA
admin Add Or Replace Your Onmicrosoftcom Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/add-or-replace-your-onmicrosoftcom-domain.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- TopSMBIssues - SaRA - MSStore_Link
admin Create Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-distribution-lists.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- search.appverid: - BCS160 - MET150 - MOE150 ms.assetid: b1ffe755-59e5-4369-826d-825f145a8400
+- VSBFY23
- seo-marvel-may2020 - AdminSurgePortfolio - okr_smb
admin Create Signatures And Disclaimers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-signatures-and-disclaimers.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - seo-marvel-may2020
admin Customize Sign In Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-sign-in-page.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Customize Your Organization Theme https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/customize-your-organization-theme.md
- Adm_O365 - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
admin Employee Quick Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/employee-quick-setup.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo monikerRange: 'o365-worldwide'
admin Files To Onedrive https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/files-to-onedrive.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo search.appverid:
admin Files To Sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/files-to-sharepoint.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo search.appverid:
admin Install Applications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/install-applications.md
search.appverid:
- MOE150 ms.assetid: d0653266-31db-4f6a-a804-d34b667c16bf
+- VSBFY23
- seo-marvel-may2020 - AdminSurgePortfolio - okr_smb
admin Migrate Email And Contacts Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/migrate-email-and-contacts-admin.md
- Adm_TOC - Adm_O365_Setup
+- VSBFY23
- TopSMBIssues - okr_smb - seo-marvel-may2020
admin Plan Your Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/plan-your-setup.md
- Adm_O365_Setup - Adm_TOC
+- VSBFY23
- AdminSurgePortfolio - okr_smb - adminvideo
admin Set Up File Storage And Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-file-storage-and-sharing.md
ms.localizationpriority: medium
- M365-subscription-management - Adm_O365- - Adm_O365_Setup - SPO_Content
+- VSBFY23
- IT_Networking - TRN_M365B - OKR_SMB_Videos
admin Set Up Mobile Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-mobile-devices.md
- M365-identity-device-management - Adm_TOC
+- VSBFY23
- Core_O365Admin_Migration - MiniMaven - MSB365
admin Setup Apps For Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-apps-for-business.md
- Adm_O365_Setup - TRN_SMB
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
admin Setup Business Basic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-basic.md
- Adm_O365_Setup - TRN_SMB
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
admin Setup Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-standard.md
- Adm_O365_Setup - TRN_SMB
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
admin Setup Outlook https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-outlook.md
- M365-subscription-management - Adm_O365
+- VSBFY23
- AdminSurgePortfolio - adminvideo search.appverid:
admin Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup.md
ms.localizationpriority: high
- M365-subscription-management - Adm_O365- - Adm_O365_Setup - TRN_SMB
+- VSBFY23
- TRN_M365B - OKR_SMB_Videos - AdminSurgePortfolio
admin Signup Apps Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/signup--apps-business.md
ms.localizationpriority: medium
- Adm_TOC
+- VSBFY23
- AdminSurgePortfolio description: "Sign up for Microsoft 365 Apps for business."
admin Migrate Data Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/migrate-data-business-standard.md
ms.localizationpriority: medium
- Adm_TOC
+- VSBFY23
- AdminSurgePortfolio description: "Migrate your Outlook, OneDrive and Teams data to Microsoft 365 Business Standard"
admin Signup Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/signup-business-standard.md
- Adm_TOC - AdminSurgePortfolio
+- VSBFY23
description: "Purchase Microsoft 365 Business Standard and set up your organization."
admin Signup Teams Business Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/signup-teams-business-subscription.md
ms.localizationpriority: medium
- Adm_TOC
+- VSBFY23
- AdminSurgePortfolio description: "Follow the steps in this article to sign up for Microsoft Teams as part of a business subscription."
admin User Invite Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/user-invite-business-standard.md
ms.localizationpriority: medium
- Adm_TOC
+- VSBFY23
- AdminSurgePortfolio description: "Accept invite to join a Microsoft 365 Business Standard organization"
bookings Bookings Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-overview.md
ms.localizationpriority: medium ms.assetid: 47403d64-a067-4754-9ae9-00157244c27d+ description: "An overview of the Microsoft Bookings app, which includes a web-based booking calendar and integrates with Outlook to optimize your staffΓÇÖs calendar and give your customers flexibility to book appointments."
business-premium Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/index.md
ms.audience: Admin
ms.localizationpriority: high Previously updated : 07/19/2022 Last updated : 08/01/2022 - M365-Campaigns - m365solution-overview
search.appverid:
description: "Learn how to implement cybersecurity for small or medium sized businesses with Microsoft 365 Business Premium. The cybersecurity capabilities and features are optimized to prevent cyberattacks and security breaches, and help safeguard data, devices and information with high-grade cyber defenses."
-# Microsoft 365 Business Premium ΓÇô cybersecurity for small business
+# Microsoft 365 Business Premium ΓÇô productivity and cybersecurity for small business
Let us begin by saying that you made a wise choice in adopting Microsoft 365 Business Premium and its world class productivity tools. Designed with cybersecurity in mind, Microsoft 365 Business Premium safeguards your data, devices and information. You are your organization's first and best defense against hackers and cyberattackers, including random individuals, organized crime, or highly-sophisticated nation states.
-The task before you is thisΓÇölet Microsoft 365 Business Premium help secure your organizationΓÇÖs future! Approach this task by taking on the following missions which will help you fortify your environment, train your team, and safeguard managed devices. The missions are organized as follows:
+The task before you is this: let Microsoft 365 Business Premium help secure your organizationΓÇÖs future! Approach this task by taking on the following missions which will help you fortify your environment, train your team, and safeguard managed devices. The missions are organized as follows:
- **[Fortify your environment](m365bp-setup-overview.md)** (tasks your admin does); - **[Train your team](m365bp-devices-overview.md)** (tasks that all staff members do); and
Microsoft 365 Business Premium is a comprehensive security and collaboration sol
Now, let's [fortify your environment against cyberattackers](m365bp-setup-overview.md)! > [!NOTE]
-> When a term or directive is unclear, you can find definitions in the [glossary of terms](m365bp-glossary.yml).
+> If a term or directive is unclear, see the [glossary of terms](m365bp-glossary.yml).
business-premium M365bp Secure Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-secure-users.md
Title: "How Microsoft 365 Business Premium helps your business"
+ Title: "Microsoft 365 Business Premium - Productivity and security"
f1.keywords: - NOCSH
audience: Admin
ms.localizationpriority: high Previously updated : 07/19/2022 Last updated : 07/26/2022 - M365-Campaigns - m365solution-smb
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Learn how Microsoft 365 Business Premium helps your business with productivity and security."
+description: "Learn how Microsoft 365 Business Premium helps you run your business more securely with productivity and security."
-# How Microsoft 365 Business Premium helps your business
+# Productivity and security for small- and medium-sized businesses
-Microsoft 365 Business Premium is a cost-effective solution that empowers small and medium-sized businesses to work more efficiently and more securely than before. This article describes how Microsoft 365 Business Premium can help your business or campaign. This article includes the following sections:
+Microsoft 365 Business Premium is a comprehensive cloud productivity and security solution that was designed and built for small and medium-sized businesses (1-300 employees). With Microsoft 365 Business Premium, you can:
+
+- Enable your employees to be connected and productive, whether they're working on site or remotely, with best-in-class collaboration tools like Microsoft Teams.
+- Provide your employees with secure access to their business data and apps, and help ensure that only authorized personnel can access confidential work data.
+- Defend against sophisticated cyberthreats and safeguard your business data with protection against phishing, ransomware, and data loss.
+- Manage and secure the devices (Windows, Mac, iOS, and Android) that connect to your data, and help keep those devices up to date.
+
+Microsoft 365 Business Premium offers you one comprehensive solution for productivity and security. As an admin or IT Pro, you have everything you need in one place for administration, billing, and 24x7 support, while reducing cost and complexity for your business. This article describes how Microsoft 365 Business Premium can help your business or campaign, and includes the following sections:
- [Video: Top 5 benefits of Microsoft 365 Business Premium](#video-top-5-benefits-of-microsoft-365-business-premium)-- [Productivity and advanced security capabilities](#productivity-and-security) that enable you to run your business more securely, across devices, and from just about anywhere
+- [Productivity and advanced security capabilities](#productivity-and-security) that enable you to run your business more securely, across devices, and from almost anywhere
- [Resources to train your team and all staff](#resources-to-train-your-users) on how to work productively while maintaining a more secure environment - A [downloadable digital threats guide](#download-the-digital-threats-guide) that describes different kinds of threats and how to protect against them in your day-to-day work - [Next steps](#next-steps)
Watch the following video to see how Microsoft 365 Business Premium helps your b
## Productivity and security
-Microsoft 365 Business Premium includes your favorite Office productivity apps, collaboration tools like Microsoft Teams, and enterprise-grade security, identity, and device management solutions. With Microsoft 365 Business Premium, you can run your business more securely, across devices, and from just about anywhere. Microsoft 365 Business Premium includes:
+Microsoft 365 Business Premium includes your favorite Office productivity apps, collaboration tools like Microsoft Teams, and enterprise-grade security, identity, and device management solutions. With Microsoft 365 Business Premium, you can run your business more securely, across devices, and from almost anywhere. Microsoft 365 Business Premium includes:
- **Windows 10 and 11 Pro** upgrades for your company's Windows devices - **Office apps**, such as Word, Excel, and PowerPoint, that you can install on your computers (Windows and Mac), and on your mobile devices (Windows, iOS, and Android). You also get Publisher and Access for your Windows devices.
business-premium M365bp Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-setup.md
audience: Admin
ms.localizationpriority: high Previously updated : 07/20/2022 Last updated : 08/01/2022 f1.keywords: NOCSH -- SMB - M365-security-compliance
Microsoft 365 Business Premium includes a guided process. The following video sh
> [!TIP] > - After you have added users, give them a link to the [Employee quick setup guide](../admin/setup/employee-quick-setup.md). The guide walks them through signing in, getting Office apps, and saving, copying, and sharing files.
-> - Proceed to [Bump up security](m365bp-security-overview.md).
+> - Make sure to proceed to [Bump up security](m365bp-security-overview.md).
## Work with a Microsoft partner If you'd prefer to have a Microsoft partner help you get and set up Microsoft 365, follow these steps:
-1. Go to the [Browse Partners](https://appsource.microsoft.com/marketplace/partner-dir).
+1. Go to the [Browse Partners](https://appsource.microsoft.com/marketplace/partner-dir) page.
2. In the **Filters** pane, specify search criteria, such as:
If you'd prefer to have a Microsoft partner help you get and set up Microsoft 36
### Next objective
-Once you've achieved these objectives, go [increase security protections](m365bp-security-overview.md).
+Once you've achieved these objectives, proceed to [Bump up security](m365bp-security-overview.md).
commerce Future Start Date https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/future-start-date.md
description: "Learn what it means when your invoice has a subscription with a future start date." - commerce_billing
+- empty
Last updated 04/08/2022 # Understand invoicing for future start dates
-Sales proposals might include subscriptions that start on a future date. A future start date aligns the start date of a new subscription with the end date of a previous subscription. If your proposal contains subscriptions that start on a future date, you receive an invoice for those subscriptions only when the future start date arrives. Using a future start date ensures that you arenΓÇÖt billed for items that you don't own yet. New subscriptions start on the future start date specified in the proposal. On the start date of the new subscription, we send you an email to let you know that your new subscription is now active and your billing for this subscription will begin immediately. Your next invoice reflects the new charges plus applicable taxes for the new subscription.
+Sales proposals might include subscriptions that start on a future date. A future start date aligns the start date of a new subscription with the end date of a previous subscription. If your proposal contains subscriptions that start on a future date, you receive an invoice for those subscriptions only when the future start date arrives. Using a future start date ensures that you aren't billed for items that you don't own yet. New subscriptions start on the future start date specified in the proposal. On the start date of the new subscription, we send you an email to let you know that your new subscription is now active and your billing for this subscription will begin immediately. Your next invoice reflects the new charges plus applicable taxes for the new subscription.
commerce Pay For Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription.md
search.appverid: MET150
description: "Use a credit or debit card or bank account to pay for your Microsoft 365 for business subscription, or in some cases, you can pay by invoice." - commerce_billing
+- VSBFY23
- okr_SMB - fwlink 808700 for SEPA UI glink 906 for older uI - AdminSurgePortfolio
Last updated 05/26/2022
# How to pay for your subscription > [!IMPORTANT]
-> As of January 26, 2021, new bank accounts are no longer supported for customers in Belgium, France, Italy, Luxembourg, Portugal, Spain, and the United States. If youΓÇÖre an existing customer in one of those countries, you can continue paying for your subscription with an existing bank account that is in good standing. However, you can't add new subscriptions to the bank account.
+> As of January 26, 2021, new bank accounts are no longer supported for customers in Belgium, France, Italy, Luxembourg, Portugal, Spain, and the United States. If you're an existing customer in one of those countries, you can continue paying for your subscription with an existing bank account that is in good standing. However, you can't add new subscriptions to the bank account.
-You can use a credit or debit card, or bank account to pay for your subscription. In some cases, you can pay by invoice, using check or electronic funds transfer (EFT). If you have a billing profile, your options are slightly different. For more information, see [How to pay for your subscription with a billing profile](pay-for-subscription-billing-profile.md). If youΓÇÖre not sure if your account has a billing profile, see [Understand billing profiles](manage-billing-profiles.md).
+You can use a credit or debit card, or bank account to pay for your subscription. In some cases, you can pay by invoice, using check or electronic funds transfer (EFT). If you have a billing profile, your options are slightly different. For more information, see [How to pay for your subscription with a billing profile](pay-for-subscription-billing-profile.md). If you're not sure if your account has a billing profile, see [Understand billing profiles](manage-billing-profiles.md).
**Just want to find out where to send your invoice payment?** If you pay your invoice by check or electronic funds transfer (EFT), see [Where do I send my check or EFT payment?](#where-do-i-send-my-check-or-eft-payment)
In some cases, you can pay for your subscription by invoice with a check or EFT.
- Have a subscription cost that exceeds a certain amount (this amount varies by service location) - Pass a credit check
-If a credit check is required, youΓÇÖre notified when you buy your subscription. If you agree to be contacted, you get an email that includes more information about applying for credit approval. Credit checks are usually completed within two business days.
+If a credit check is required, you're notified when you buy your subscription. If you agree to be contacted, you get an email that includes more information about applying for credit approval. Credit checks are usually completed within two business days.
> [!NOTE] > Customers who live in Brazil can pay for a subscription with a Boleto Bancario. If you have selected this option, the billet for payment is sent to the email provided during subscription purchase within 10 working days after the order date. The due date is 30 days after the order date. If you don't receive your Boleto by email, check your spam folder or contact support. > > If you prefer, you can pay by electronic transfer between accounts. The Agency and account number are at the bottom of your invoice. You must enter your invoice number in the Transfer identification field.
-If you pay by invoice for your subscription, you get an email when your billing statement is ready to view. This email doesnΓÇÖt contain a copy of your billing statement. However, you can choose to [receive your organization's invoices as email attachments](manage-billing-notifications.md#receive-your-organizations-invoices-as-email-attachments). Your billing statement includes details about your options for making a payment, and where to send it. If you enter a purchase order (PO) number when you buy a subscription, the number appears on your billing statement. For information about accessing billing statements, see [View your bill or invoice](view-your-bill-or-invoice.md).
+If you pay by invoice for your subscription, you get an email when your billing statement is ready to view. This email doesn't contain a copy of your billing statement. However, you can choose to [receive your organization's invoices as email attachments](manage-billing-notifications.md#receive-your-organizations-invoices-as-email-attachments). Your billing statement includes details about your options for making a payment, and where to send it. If you enter a purchase order (PO) number when you buy a subscription, the number appears on your billing statement. For information about accessing billing statements, see [View your bill or invoice](view-your-bill-or-invoice.md).
## What if I have an outstanding balance?
-If weΓÇÖre unable to charge the payment method on file, we send an email that lets you know thereΓÇÖs a problem. The email briefly states what the problem is and includes a link where you can check the outstanding balance. We continue to retry the transaction every few days for 30 days, during which time the subscription is in a grace period. Every time a transaction fails, you receive an email alert about the failure.
+If we're unable to charge the payment method on file, we send an email that lets you know there's a problem. The email briefly states what the problem is and includes a link where you can check the outstanding balance. We continue to retry the transaction every few days for 30 days, during which time the subscription is in a grace period. Every time a transaction fails, you receive an email alert about the failure.
If you personally added the payment method that has a past due amount, you can use **Settle balance** to make a payment. The payment method that you use to pay the overdue amount becomes the new payment method for all subscriptions that used the declined payment method.
If you personally added the payment method that has a past due amount, you can u
1. In the right pane, choose a different payment method, or select **Add a new payment method**. 1. After you've updated the payment method information, select **Save**.
-If you didnΓÇÖt add the payment method used to pay for the subscription, you must replace the payment method with one you previously added, or with a new one.
+If you didn't add the payment method used to pay for the subscription, you must replace the payment method with one you previously added, or with a new one.
## Where do I send my check or EFT payment?
If you didnΓÇÖt add the payment method used to pay for the subscription, you mus
## Can I pay my invoice online?
-You canΓÇÖt pay your invoice online. You must remit payment via either check or EFT.
+You can't pay your invoice online. You must remit payment via either check or EFT.
## Can I change from my current payment method to paying by invoice?
You can only change to paying by invoice if your subscription costs above a cert
## Can I change from paying by invoice to using a different payment method?
-You canΓÇÖt automatically change from paying by invoice to paying with a different payment method. Instead, you must [buy a different subscription](../try-or-buy-microsoft-365.md#buy-a-different-subscription) paid for with a credit or debit card or bank account, [move all users to the new subscription](../subscriptions/move-users-different-subscription.md), and then [cancel the old subscription](../subscriptions/cancel-your-subscription.md).
+You can't automatically change from paying by invoice to paying with a different payment method. Instead, you must [buy a different subscription](../try-or-buy-microsoft-365.md#buy-a-different-subscription) paid for with a credit or debit card or bank account, [move all users to the new subscription](../subscriptions/move-users-different-subscription.md), and then [cancel the old subscription](../subscriptions/cancel-your-subscription.md).
## Related content
commerce Understand Your Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice.md
- Adm_O365 - commerce_billing
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet search.appverid: MET150
commerce Understand Your Invoice2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice2.md
- Adm_O365 - commerce_billing
+- VSBFY23
- TopSMBIssues - okr_smb - AdminSurgePortfolio
To update the **Sold-To** address, see [Change your organization's address, tech
#### Order Details
-On page one of your invoice, the **Product** is "Online Services,ΓÇ¥ the generic term we use to describe your subscription. Page two lists the individual products in your order.
+On page one of your invoice, the **Product** is "Online Services," the generic term we use to describe your subscription. Page two lists the individual products in your order.
-**Customer PO Number** is the purchase order (PO) number that you specify. You can't add a PO number to an existing invoice. If you update the PO number, itΓÇÖs included in future invoices. To change the PO number, see [Change your purchase order number](#change-your-purchase-order-number).
+**Customer PO Number** is the purchase order (PO) number that you specify. You can't add a PO number to an existing invoice. If you update the PO number, it's included in future invoices. To change the PO number, see [Change your purchase order number](#change-your-purchase-order-number).
**Order Number** is the globally unique identifier (GUID) that identifies your order. Every time you buy a new subscription, a new order with a new order number is created. You receive an invoice for each order every billing period.
If you pay by credit card, you see "Please DO NOT PAY. You will be charged the a
### Electronic Fund Transfer (EFT) and check
-If you chose ΓÇ£invoiceΓÇ¥ as your subscription payment method, page one contains the **Electronic Funds Transfer** section that shows the Microsoft bank account information for electronic payments (wire, ACH, SEPA, and so on). Usually, your bank has a reference field you complete when you send a payment. Make sure you reference the invoice number in that field.
+If you chose "invoice" as your subscription payment method, page one contains the **Electronic Funds Transfer** section that shows the Microsoft bank account information for electronic payments (wire, ACH, SEPA, and so on). Usually, your bank has a reference field you complete when you send a payment. Make sure you reference the invoice number in that field.
If we accept payments by check for your country or region, you also see a **Check** section that contains the payee name and mailing address. Make sure you reference your invoice number on the check.
commerce View Your Bill Or Invoice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md
- Adm_O365 - commerce_billing
+- VSBFY23
- TopSMBIssues - okr_smb - TRN_M365B
commerce Enter Your Product Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/enter-your-product-key.md
search.appverid: MET150
- commerce_purchase
+- VSBFY23
- okr_SMB - AdminSurgePortfolio - AdminTemplateSet
commerce Allotment Basics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/licenses/allotment-basics.md
- Adm_O365 - commerce_licensing
+- empty
search.appverid: MET150 description: "Learn about the new allotments feature." Last updated 05/12/2022
commerce Review Partner Admin Privileges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/review-partner-admin-privileges.md
- Adm_O365 - commerce_subscriptions
+- empty
search.appverid: MET150 description: "Learn how to review your list of Microsoft-certified solution providers (partners) to determine what admin privileges they have, and how to remove those privileges." Last updated 12/03/2021
Last updated 12/03/2021
# Review Microsoft-certified cloud solution provider partner administrative privileges
-If you have a Microsoft-certified cloud solution provider (reseller partner), we recommend you conduct a quarterly review of the delegated administrative privileges (DAP) assigned to them. Make sure your organization wants this partner to have access to your organizationΓÇÖs data and make purchases on your behalf.
+If you have a Microsoft-certified cloud solution provider (reseller partner), we recommend you conduct a quarterly review of the delegated administrative privileges (DAP) assigned to them. Make sure your organization wants this partner to have access to your organization's data and make purchases on your behalf.
> [!IMPORTANT] > Giving DAP, which include Global admin permissions, to any partner might present a security risk. Having too many Global admins is also a security risk. [Learn more about recent activity targeting delegated privileges](https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/).
-After you accept a DAP agreement from a reseller partner, they can assign the Global admin role for your organization to their employees. The Global admin role gives the partnerΓÇÖs employees access to your employeesΓÇÖ personal data and other sensitive information. It also gives them permission to take tenant-wide actions, such as the following actions:
+After you accept a DAP agreement from a reseller partner, they can assign the Global admin role for your organization to their employees. The Global admin role gives the partner's employees access to your employees' personal data and other sensitive information. It also gives them permission to take tenant-wide actions, such as the following actions:
- Changing user passwords - Adding users with email accounts
commerce Cancel Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/cancel-your-subscription.md
- Adm_O365 - commerce_subscriptions
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet - admindeeplinkMAC
The steps to cancel your trial or paid subscription depend on the number of lice
|25 or fewer licenses | [Use the steps below to cancel](#steps-to-cancel-your-subscription) your trial or paid subscription online in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. | |More than 25 licenses | Reduce the number of licenses to 25 or fewer and then [use the steps below to cancel](#steps-to-cancel-your-subscription). |
-If you canΓÇÖt reduce the number of licenses, [turn off recurring billing](renew-your-subscription.md). This prevents you from being charged again for your subscription, and lets you keep your access to your products and services for the remainder of your subscription.
+If you can't reduce the number of licenses, [turn off recurring billing](renew-your-subscription.md). This prevents you from being charged again for your subscription, and lets you keep your access to your products and services for the remainder of your subscription.
If you're unable to cancel your subscription, [contact support](../../admin/get-help-support.md) for help. ## Steps to cancel your subscription > [!NOTE]
-> If you have multiple subscriptions to the same product, such as Microsoft 365 Business Premium, canceling one subscription wonΓÇÖt impact the purchased licenses or services inside the others.
+> If you have multiple subscriptions to the same product, such as Microsoft 365 Business Premium, canceling one subscription won't impact the purchased licenses or services inside the others.
::: moniker range="o365-worldwide"
commerce Manage Pay As You Go Services https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-pay-as-you-go-services.md
audience: Admin
-localization_priority: Normal
+ms.localizationpriority: medium
- M365-subscription-management - Adm_O365
Last updated 07/15/2022
# Enable pay-as-you-go for your subscription
-By default, when you buy a subscription that has a calling plan, youΓÇÖre limited to the number of minutes included in the plan. After those minutes are used up, your users canΓÇÖt make Teams calls until the next billing period. If you choose to turn on the pay-as-you-go option, your users can continue to make calls over the number of minutes included in the plan, referred to as *overage*. Your next invoice shows overage charges for extra calls at the pay-as-you-go rate.
+By default, when you buy a subscription that has a calling plan, you're limited to the number of minutes included in the plan. After those minutes are used up, your users can't make Teams calls until the next billing period. If you choose to turn on the pay-as-you-go option, your users can continue to make calls over the number of minutes included in the plan, referred to as *overage*. Your next invoice shows overage charges for extra calls at the pay-as-you-go rate.
## Before you begin
commerce Renew Your Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/renew-your-subscription.md
- Adm_O365 - commerce_subscriptions
+- VSBFY23
- SaRA - AdminSurgePortfolio - AdminTemplateSet
Last updated 05/04/2021
# Renew Microsoft 365 for business > [!IMPORTANT]
-> As of January 26, 2021, new bank accounts are no longer supported for customers in Belgium, France, Italy, Luxembourg, Portugal, Spain, and the United States. If youΓÇÖre an existing customer in one of those countries, you can continue paying for your subscription with an existing bank account, and you can add new subscriptions to it, but only as long as the bank account is in good standing.
+> As of January 26, 2021, new bank accounts are no longer supported for customers in Belgium, France, Italy, Luxembourg, Portugal, Spain, and the United States. If you're an existing customer in one of those countries, you can continue paying for your subscription with an existing bank account, and you can add new subscriptions to it, but only as long as the bank account is in good standing.
This article applies to most paid Microsoft 365 for business subscriptions.
commerce Upgrade From Teams Free https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/upgrade-from-teams-free.md
- Adm_O365 - commerce_subscriptions
+- empty
search.appverid: MET150 description: "Learn how to upgrade from Microsoft Teams Free to a new Microsoft 365 for business subscription."
commerce Try Or Buy Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/try-or-buy-microsoft-365.md
- Adm_TOC - commerce_purchase
+- VSBFY23
- AdminSurgePortfolio - AdminTemplateSet - admindeeplinkMAC
commerce Use Cost Mgmt https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/use-cost-mgmt.md
Title: "Use Cost management in the Microsoft 365 admin center"
-+ audience: Admin
Last updated 03/09/2022
# Use Cost management in the Microsoft 365 admin center
-If youΓÇÖre a Global or Billing admin with a Microsoft Customer Agreement (MCA), you can use the **Cost management** page in the Microsoft 365 admin center to view, analyze, and manage your service costs. To get to the **Cost management** page, in the admin center left navigation pane, select **Billing** > **Cost management**.
+If you're a Global or Billing admin with a Microsoft Customer Agreement (MCA), you can use the **Cost management** page in the Microsoft 365 admin center to view, analyze, and manage your service costs. To get to the **Cost management** page, in the admin center left navigation pane, select **Billing** > **Cost management**.
## Before you begin
You must be a Global or Billing admin to do the steps described in this article.
## What is cost management?
-Cost management is a methodology used to plan and control an organizationΓÇÖs budget. Microsoft is introducing new products and services that use a pay-as-you-go billing model, where you only pay for what you use. In the Microsoft 365 admin center, the cost management features help reduce the cost and overhead needed to manage your organizationΓÇÖs assets and also keep track of your variable pay-as-you-go charges. You can also:
+Cost management is a methodology used to plan and control an organization's budget. Microsoft is introducing new products and services that use a pay-as-you-go billing model, where you only pay for what you use. In the Microsoft 365 admin center, the cost management features help reduce the cost and overhead needed to manage your organization's assets and also keep track of your variable pay-as-you-go charges. You can also:
- Download cost and usage data used to generate your monthly invoice - Proactively apply data analysis to your costs
Cost management is a methodology used to plan and control an organizationΓÇÖs bu
You can use Microsoft 365 billing features to review your invoiced costs and manage access to billing information. In larger organizations, procurement and finance teams usually conduct billing tasks.
-When you sign up to use Microsoft 365, a billing account is automatically created for you. You use your billing account to manage your invoices and payments, and track costs. ItΓÇÖs possible for you to have multiple billing accounts. For each legal entity or sold-to address for your organization, you receive a separate billing account.
+When you sign up to use Microsoft 365, a billing account is automatically created for you. You use your billing account to manage your invoices and payments, and track costs. It's possible for you to have multiple billing accounts. For each legal entity or sold-to address for your organization, you receive a separate billing account.
## Plan and control costs
-Cost management in the Microsoft 365 admin center helps you plan for and control your organizationΓÇÖs costs by helping you do the following tasks:
+Cost management in the Microsoft 365 admin center helps you plan for and control your organization's costs by helping you do the following tasks:
- **Analyze costs:** Cost management views let you explore and analyze your organizational costs. You can view aggregated costs by organization to understand where costs are accrued and to identify spending trends. You can also see accumulated costs over time to estimate monthly, quarterly, or even yearly cost trends against a budget. - **Create budgets:** Budgets help you plan for and meet financial accountability in your organization. They help prevent cost thresholds or limits from being surpassed. Budgets can also help you inform others about their spending to proactively manage costs. And with budgets, you can see how spending in your organization progresses over time. ## View costs
-The **Cost management** page in the admin center has a **Services** tab where you can see the breakdown of the different products and services youΓÇÖre using today.
+The **Cost management** page in the admin center has a **Services** tab where you can see the breakdown of the different products and services you're using today.
:::image type="content" source="../media/mac-billing-costmgmt/MAC-Billing-CostMgmt.png" alt-text="The Cost management page in the Microsoft 365 admin center.":::
Select **Download** to download your daily cost data into a CSV or Excel file. Y
## Create budgets
-Budgets let you monitor your charges and ensure youΓÇÖre aware when you go over specified thresholds. You can create a quick budget where you set a threshold amount that you want to stay under each month. The quick budget sends you a notification when your costs exceed this threshold. Notifications are only sent to the admin who created the budget.
+Budgets let you monitor your charges and ensure you're aware when you go over specified thresholds. You can create a quick budget where you set a threshold amount that you want to stay under each month. The quick budget sends you a notification when your costs exceed this threshold. Notifications are only sent to the admin who created the budget.
:::image type="content" source="../media/mac-billing-costmgmt/MAC-Billing-CostMgmt-CreateBudget.png" alt-text="The Create budget window in the Microsoft 365 admin center.":::
compliance Alert Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/alert-policies.md
The table also indicates the Office 365 Enterprise and Office 365 US Government
|**Unusual volume of file deletion**|Generates an alert when an unusually large number of files are deleted in SharePoint or OneDrive within a short time frame. This policy has a **Medium** severity setting.|Data lifecycle management|No|E5/G5, Defender for Office 365 P2, or Microsoft 365 E5 add-on subscription| |**Unusual increase in email reported as phish**|Generates an alert when there's a significant increase in the number of people in your organization using the Report Message add-in in Outlook to report messages as phishing mail. This policy has a **Medium** severity setting. For more information about this add-in, see [Use the Report Message add-in](https://support.office.com/article/b5caa9f1-cdf3-4443-af8c-ff724ea719d2).|Threat management|No|E5/G5 or Defender for Office 365 P2 add-on subscription| |**User impersonation phish delivered to inbox/folder**<sup>1,</sup><sup>2</sup>|Generates an alert when Microsoft detects that an admin or user override has allowed the delivery of a user impersonation phishing message to the inbox (or other user-accessible folder) of a mailbox. Examples of overrides include an inbox or mail flow rule that allows messages from a specific sender or domain, or an anti-spam policy that allows messages from specific senders or domains. This policy has a **Medium** severity setting.|Threat management|No|E5/G5 or Defender for Office 365 P2 add-on subscription|
-|**User requested to release a quarantined message**|Generates an alert when a user requests release for a quarantined message. To request the release of quarantined messages, the **Allow recipients to request a message to be released from quarantine** (_PermissionToRequestRelease_) permission is required in the quarantine policy (for example, from the **Limited access** preset permissions group). For more information, see [Allow recipients to request a message to be released from quarantine permission](../security/office-365-security/quarantine-policies.md#allow-recipients-to-request-a-message-to-be-released-from-quarantine-permission). This policy has an **Informational** severity setting.|Threat management|No|E1/F1/G1, E3/F3/G3, or E5/G5|
+|**User requested to release a quarantined message**|Generates an alert when a user requests release for a quarantined message. To request the release of quarantined messages, the **Allow recipients to request a message to be released from quarantine** (_PermissionToRequestRelease_) permission is required in the quarantine policy (for example, from the **Limited access** preset permissions group). For more information, see [Allow recipients to request a message to be released from quarantine permission](../security/office-365-security/quarantine-policies.md#allow-recipients-to-request-a-message-to-be-released-from-quarantine-permission). This policy has an **Informational** severity setting.|Threat management|No| Microsoft Business Basic, Microsoft Business Standard, Microsoft Business Premium, E1/F1/G1, E3/F3/G3, or E5/G5|
|**User restricted from sending email**|Generates an alert when someone in your organization is restricted from sending outbound mail. This typically results when an account is compromised, and the user is listed on the **Restricted Users** page in the compliance portal. (To access this page, go to **Threat management > Review > Restricted Users**). This policy has a **High** severity setting. For more information about restricted users, see [Removing a user, domain, or IP address from a block list after sending spam email](/office365/securitycompliance/removing-user-from-restricted-users-portal-after-spam).|Threat management|Yes|E1/F1/G1, E3/F3/G3, or E5/G5| |**User restricted from sharing forms and collecting responses**|Generates an alert when someone in your organization has been restricted from sharing forms and collecting responses using Microsoft Forms due to detected repeated phishing attempt behavior. This policy has a **High** severity setting.|Threat management|No|E1, E3/F3, or E5|
compliance Apply Sensitivity Label Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
For more information about the PowerShell cmdlets that support auto-labeling pol
Although auto-labeling is one of the most efficient ways to classify, label, and protect Office files that your organization owns, check whether you can supplement it with any of the following methods to increase your labeling reach: -- With SharePoint Syntex, you can [apply a sensitivity label to a document understanding model](/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model), so that identified documents in a SharePoint library are automatically labeled.
+- For SharePoint document libraries, you can apply a default sensitivity label for new and edited files. For more information, see [Configure a default sensitivity label for a SharePoint document library](sensitivity-labels-sharepoint-default-label.md).
+
+- With SharePoint Syntex, you can [apply a sensitivity label to a document understanding model](/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model), so that identified documents in a SharePoint document library are automatically labeled.
- When you use the [Azure Information Protection unified labeling client](/azure/information-protection/rms-client/aip-clientv2):
compliance Archiving Third Party Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archiving-third-party-data.md
The Microsoft Purview compliance portal provides native third-party data connect
- [CellTrust](#celltrust-data-connectors)
-The third-party data listed in the next sections (except for HR data and physical badging data that is used for the Microsoft 365 Insider risk management solution) is imported into user mailboxes. The Microsoft Purview solutions that support third-party data are applied to the user mailbox where the data is stored.
+The third-party data listed in the next sections (except for HR data and physical badging data that is used for the Microsoft Purview Insider Risk Management solution) is imported into user mailboxes. The Microsoft Purview solutions that support third-party data are applied to the user mailbox where the data is stored.
### Microsoft data connectors
compliance Bulk Import External Contacts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/bulk-import-external-contacts.md
After you run the command in Step 2, the external contacts are created, but they
2. Go to the desktop folder where you saved the CSV file in Step 1; for example, `C:\Users\Administrator\desktop`.
-3. Run the following two commands to add the other properties from the CSV file to the external contacts that you created in Step 2.
+3. Run the following command to add the other properties from the CSV file to the external contacts that you created in Step 2.
```powershell
- $Contacts = Import-CSV .\ExternalContacts.csv
-
- ```
-
- ```powershell
- $contacts | ForEach {Set-Contact $_.Name -StreetAddress $_.StreetAddress -City $_.City -StateorProvince $_.StateorProvince -PostalCode $_.PostalCode -Phone $_.Phone -MobilePhone $_.MobilePhone -Pager $_.Pager -HomePhone $_.HomePhone -Company $_.Company -Title $_.Title -OtherTelephone $_.OtherTelephone -Department $_.Department -Fax $_.Fax -Initials $_.Initials -Notes $_.Notes -Office $_.Office -Manager $_.Manager}
+ Import-Csv .\ExternalContacts.csv|%{Set-Contact -Identity $_.Name -StreetAddress $_.StreetAddress -City $_.City -StateorProvince $_.StateorProvince -PostalCode $_.PostalCode -Phone $_.Phone -MobilePhone $_.MobilePhone -Pager $_.Pager -HomePhone $_.HomePhone -Company $_.Company -Title $_.Title -OtherTelephone $_.OtherTelephone -Department $_.Department -Fax $_.Fax -Initials $_.Initials -Notes $_.Notes -Office $_.Office -Manager $_.Manager}
``` > [!NOTE]
Some companies may use external contacts only so they can be added as members of
Get-Contact -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'MailContact')} | Set-MailContact -HiddenFromAddressListsEnabled $true ```
-After you hide them, external contacts aren't displayed in the shared address book, but you can still add them as members of a distribution group.
+After you hide them, external contacts aren't displayed in the shared address book, but you can still add them as members of a distribution group.
compliance Compliance Extensibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-extensibility.md
There are two key building blocks for compliance extensibility:
Microsoft provides third-party data connectors that can be configured in the Microsoft Purview compliance portal. For a list of data connectors provided by Microsoft, see the [Third-party data connectors](archiving-third-party-data.md#third-party-data-connectors) table. The table of third-party data connectors also summarizes the compliance solutions that you can apply to third-party data after you import and archive data in Microsoft 365, and links to the step-by-step instructions for each connector.
-To learn more about Microsoft 365 data connectors, see [Archiving third-party data](archiving-third-party-data.md). If a third-party data type isn't supported by the data connectors available in the compliance portal, you can work with a partner who can provide you with a custom connector. For a list of partners you can work with and the step-by-step process for this method, see [Work with a partner to archive third-party data](work-with-partner-to-archive-third-party-data.md).
+To learn more about Microsoft Purview Data Connectors, see [Archiving third-party data](archiving-third-party-data.md). If a third-party data type isn't supported by the data connectors available in the compliance portal, you can work with a partner who can provide you with a custom connector. For a list of partners you can work with and the step-by-step process for this method, see [Work with a partner to archive third-party data](work-with-partner-to-archive-third-party-data.md).
### Prerequisites for data connectors
Now rolling out, the first release of Graph APIs for records management support
For more information about the Graph APIs for records management, see [Use the Microsoft Graph Records Management API](/graph/api/resources/security-recordsmanagement-overview?view=graph-rest-beta&preserve-view=true).
-For licensing requirements to use these APIs, see the records management section from [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
+For licensing requirements to use these APIs, see the records management information from the Microsoft 365 guidance for security & compliance, [Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management--microsoft-purview-records-management) section.
compliance Compliance Quick Tasks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-quick-tasks.md
It's important to manage who in your organization has access to the Microsoft Pu
Start by assigning compliance permissions to the people in your organization so that they can perform these tasks and to prevent unauthorized people from having access to areas outside of their responsibilities. You'll want to make sure that you've assigned the proper people to the **Compliance data administrator** and the **Compliance administrator** admin roles before you start to configure and implement compliance solutions included with Microsoft 365. You'll also need to assign users to the Azure Active Directory global reader role to view data in Compliance Manager.
-For step-by-step guidance to configure permissions and assign people to admin roles, see [Permissions in the Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center).
+For step-by-step guidance to configure permissions and assign people to admin roles, see [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions).
## Task 2: Know your state of compliance
compliance Create A Report On Holds In Ediscovery Cases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-report-on-holds-in-ediscovery-cases.md
After you've connected to Security & Compliance PowerShell, the next step is to
} } else{
- write-host "No hold policies found in case:" $cc.name -foregroundColor 'Yellow'
+ "No hold policies found in case:" $cc.name -foregroundColor 'Yellow'
" " [string]$cc.name | out-file -filepath $noholdsfilepath -append }
compliance Create Retention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-policies.md
When you have more than one retention policy, and when you also use retention la
### Retention policy for Teams locations > [!NOTE]
-> Retention policies now support [shared channels](/MicrosoftTeams/shared-channels), currently in preview. When you configure retention settings for the **Teams channel message** location, if a team has any shared channels, they inherit retention settings from their parent team.
+> Retention policies support [shared channels](/MicrosoftTeams/shared-channels). When you configure retention settings for the **Teams channel message** location, if a team has any shared channels, they inherit retention settings from their parent team.
1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Data lifecycle management** > **Retention Policies**.
compliance Create Test Tune Dlp Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-test-tune-dlp-policy.md
Another option is to increase the instance count, so that a low volume of driver
In addition to changing the instance count, you can also adjust the match accuracy (or confidence level). If your sensitive information type has multiple patterns, you can adjust the match accuracy in your rule, so that your rule matches only specific patterns. For example, to help reduce false positives, you can set the match accuracy of your rule so that it matches only the pattern with the highest confidence level. For more information on confidence levels, see [How to use confidence level to tune your rules](data-loss-prevention-policies.md#match-accuracy).
-Finally, if you want to get even a bit more advanced, you can customize any sensitive information type -- for example, you can remove "Sydney NSW" from the list of keywords for [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number), to eliminate the false positive triggered above. To learn how to do this by using XML and PowerShell, see [customizing a built-in sensitive information type](customize-a-built-in-sensitive-information-type.md).
+Finally, if you want to get even a bit more advanced, you can customize any sensitive information type -- for example, you can remove "Sydney NSW" from the list of keywords for [Australia drivers license number](sit-defn-australia-drivers-license-number.md), to eliminate the false positive triggered above. To learn how to do this by using XML and PowerShell, see [customizing a built-in sensitive information type](customize-a-built-in-sensitive-information-type.md).
## Turn on a DLP policy
compliance Data Governance Solution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-governance-solution.md
For a data protection solution, see [Deploy an information protection solution w
## Licensing
-To understand your licensing requirements and options, see the following sections from the [Microsoft 365 licensing documentation](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance):
-- [Microsoft Purview Data Lifecycle Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management)-- [Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-records-management)-
-Any additional licensing requirements will be included in the documentation instructions. For example, licensing specific to managing mailboxes might require licenses from Exchange Online.
+To understand your licensing requirements and options, see the information from the Microsoft 365 guidance for security & compliance, [Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management--microsoft-purview-records-management) section for feature-level licensing requirements.
## Keep what you need and delete what you don't
compliance Dlp Policy Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md
This table lists all policy templates and the sensitive information types (SIT)
updated: 06/23/2021
-|Category| Template | SIT |
+|Category|Template | SIT |
||||
-|Financial| Australia Financial Data| - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia bank account number](sensitive-information-type-entity-definitions.md#australia-bank-account-number) </br> - [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
-|Financial| Canada Financial data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number)|
-|Financial| France Financial data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number)|
-|Financial| Germany Financial Data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number)|
-|Financial| Israel Financial Data |- [Israel bank account number](sensitive-information-type-entity-definitions.md#israel-bank-account-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
-|Financial| Japan Financial Data |- [Japan bank account number](sensitive-information-type-entity-definitions.md#japan-bank-account-number) </br> - [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
-|Financial| PCI Data Security Standard (PCI DSS)|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
-|Financial| Saudi Arabia Anti-Cyber Crime Law|- [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [International banking account number (IBAN)](sensitive-information-type-entity-definitions.md#international-banking-account-number-iban) |
-|Financial| Saudi Arabia Financial Data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [International banking account number (IBAN)](sensitive-information-type-entity-definitions.md#international-banking-account-number-iban)|
-|Financial| UK Financial Data|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
-|Financial| US Financial Data|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [ABA Routing Number](sensitive-information-type-entity-definitions.md#aba-routing-number)|
-|Financial| U.S. Federal Trade Commission (FTC) Consumer Rules|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [ABA Routing Number](sensitive-information-type-entity-definitions.md#aba-routing-number)|
-|Financial| U.S. Gramm-Leach-Bliley Act (GLBA) Enhanced|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number) </br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)|
-|Financial| U.S. Gramm-Leach-Bliley Act (GLBA)|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
-|Medical and health| Australia Health Records Act (HRIP Act) Enhanced |- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia medical account number](sensitive-information-type-entity-definitions.md#australia-medical-account-number) </br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions) </br> - [Australia Physical Addresses](sensitive-information-type-entity-definitions.md#australia-physical-addresses)|
-|Medical and health| Australia Health Records Act (HRIP Act)|- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia medical account number](sensitive-information-type-entity-definitions.md#australia-medical-account-number)|
-|Medical and health| Canada Health Information Act (HIA) |- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Medical and health| Canada Personal Health Information Act (PHIA) Manitoba|- [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Medical and health| Canada Personal Health Act (PHIPA) Ontario |- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Medical and health| U.K. Access to Medical Reports Act|- [U.K. national health service number](sensitive-information-type-entity-definitions.md#uk-national-health-service-number) </br> - [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino)|
-|Medical and health| U.S. Health Insurance Act (HIPAA) Enhanced|</br> - [International classification of diseases (ICD-9-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-9-cm) </br> - [International classification of diseases (ICD-10-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-10-cm) </br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions) </br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)|
-|Medical and health| U.S. Health Insurance Act (HIPAA)| - [International classification of diseases (ICD-9-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-9-cm) </br> - [International classification of diseases (ICD-10-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-10-cm)|
-|Privacy| Australia Privacy Act Enhanced|- [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number) </br> - [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number) </br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions) </br> - [Australia Physical Addresses](sensitive-information-type-entity-definitions.md#australia-physical-addresses)|
-|Privacy| Australia Privacy Act|- [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number) </br> - [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number)|
-|Privacy| Australia Personally Identifiable Information (PII) Data|- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number)|
-|Privacy| Canada Personally Identifiable Information (PII) Data|- [Canada driver's license number](sensitive-information-type-entity-definitions.md#canada-drivers-license-number)</br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number) </br> - [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Privacy| Canada Personal Information Protection Act (PIPA)|- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Privacy| Canada Personal Information Protection Act (PIPEDA)|- [Canada driver's license number](sensitive-information-type-entity-definitions.md#canada-drivers-license-number) </br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number) </br> - [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
-|Privacy| France Data Protection Act|- [France national id card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni) </br> - [France social security number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee)|
-|Privacy| France Personally Identifiable Information (PII) Data|- [France social security number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee) </br> - [France driver's license number](sensitive-information-type-entity-definitions.md#france-drivers-license-number) </br> - [France passport number](sensitive-information-type-entity-definitions.md#france-passport-number) </br> - [France national id card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni)|
-|Privacy| General Data Protection Regulation (GDPR) Enhanced|- [Austria Physical Addresses](sensitive-information-type-entity-definitions.md#austria-physical-addresses) </br> - [Belgium Physical Addresses](sensitive-information-type-entity-definitions.md#belgium-physical-addresses)</br> - [Bulgaria Physical Addresses](sensitive-information-type-entity-definitions.md#bulgaria-physical-addresses)</br> - [Croatia Physical Addresses](sensitive-information-type-entity-definitions.md#croatia-physical-addresses)</br> - [Cyprus Physical Addresses](sensitive-information-type-entity-definitions.md#cyprus-physical-addresses)</br> - [Czech Republic Physical Addresses](sensitive-information-type-entity-definitions.md#czech-republic-physical-addresses)</br> - [Denmark Physical Addresses](sensitive-information-type-entity-definitions.md#denmark-physical-addresses)</br> - [Estonia Physical Addresses](sensitive-information-type-entity-definitions.md#estonia-physical-addresses)</br> - [Finland Physical Addresses](sensitive-information-type-entity-definitions.md#finland-physical-addresses)</br> - [France Physical Addresses](sensitive-information-type-entity-definitions.md#france-physical-addresses)</br> - [Germany Physical Addresses](sensitive-information-type-entity-definitions.md#germany-physical-addresses)</br> - [Greece Physical Addresses](sensitive-information-type-entity-definitions.md#greece-physical-addresses)</br> - [Hungary Physical Addresses](sensitive-information-type-entity-definitions.md#hungary-physical-addresses)</br> - [Ireland Physical Addresses](sensitive-information-type-entity-definitions.md#ireland-physical-addresses)</br> - [Italy Physical Addresses](sensitive-information-type-entity-definitions.md#italy-physical-addresses)</br> - [Latvia Physical Addresses](sensitive-information-type-entity-definitions.md#latvia-physical-addresses)</br> - [Lithuania Physical Addresses](sensitive-information-type-entity-definitions.md#lithuania-physical-addresses)</br> - [Luxembourg Physical Addresses](sensitive-information-type-entity-definitions.md#luxemburg-physical-addresses)</br> - [Malta Physical Addresses](sensitive-information-type-entity-definitions.md#malta-physical-addresses)</br> - [Netherlands Physical Addresses](sensitive-information-type-entity-definitions.md#netherlands-physical-addresses)</br> - [Poland Physical Addresses](sensitive-information-type-entity-definitions.md#poland-physical-addresses)</br> - [Portuguese Physical Addresses](sensitive-information-type-entity-definitions.md#portugal-physical-addresses)</br> - [Romania Physical Addresses](sensitive-information-type-entity-definitions.md#romania-physical-addresses)</br> - [Slovakia Physical Addresses](sensitive-information-type-entity-definitions.md#slovakia-physical-addresses)</br> - [Slovenia Physical Addresses](sensitive-information-type-entity-definitions.md#slovenia-physical-addresses)</br> - [Spain Physical Addresses](sensitive-information-type-entity-definitions.md#spain-physical-addresses)</br> - [Sweden Physical Addresses](sensitive-information-type-entity-definitions.md#sweden-physical-addresses)</br> - [Austria Social Security Number](sensitive-information-type-entity-definitions.md#austria-social-security-number)</br> - [France Social Security Number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee)</br> - [Greece Social Security Number (AMKA)](sensitive-information-type-entity-definitions.md#greece-social-security-number-amka)</br> - [Hungarian Social Security Number (TAJ)](sensitive-information-type-entity-definitions.md#hungary-social-security-number-taj)</br> - [Spain Social Security Number (SSN)](sensitive-information-type-entity-definitions.md#spain-social-security-number-ssn)</br> - [Austria Identity Card](sensitive-information-type-entity-definitions.md#austria-identity-card)</br> - [Cyprus Identity Card](sensitive-information-type-entity-definitions.md#cyprus-identity-card)</br> - [Germany Identity Card Number](sensitive-information-type-entity-definitions.md#germany-identity-card-number)</br> - [Malta Identity Card Number](sensitive-information-type-entity-definitions.md#malta-identity-card-number)</br> - [France National ID Card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni)</br> - [Greece National ID Card](sensitive-information-type-entity-definitions.md#greece-national-id-card)</br> - [Finland National ID](sensitive-information-type-entity-definitions.md#finland-national-id)</br> - [Poland National ID (PESEL)](sensitive-information-type-entity-definitions.md#poland-national-id-pesel)</br> - [Sweden National ID](sensitive-information-type-entity-definitions.md#sweden-national-id)</br> - [Croatia Personal Identification (OIB) Number](sensitive-information-type-entity-definitions.md#croatia-personal-identification-oib-number)</br> - [Czech Personal Identity Number](sensitive-information-type-entity-definitions.md#czech-personal-identity-number)</br> - [Denmark Personal Identification Number](sensitive-information-type-entity-definitions.md#denmark-personal-identification-number)</br> - [Estonia Personal Identification Code](sensitive-information-type-entity-definitions.md#estonia-personal-identification-code)</br> - [Hungary Personal Identification Number](sensitive-information-type-entity-definitions.md#hungary-personal-identification-number)</br> - [Luxemburg National Identification Number (Natural persons)](sensitive-information-type-entity-definitions.md#luxemburg-national-identification-number-natural-persons)</br> - [Luxemburg National Identification Number (Non-natural persons)](sensitive-information-type-entity-definitions.md#luxemburg-national-identification-number-non-natural-persons)</br> - [Italy Fiscal Code](sensitive-information-type-entity-definitions.md#italy-fiscal-code)</br> - [Latvia Personal Code](sensitive-information-type-entity-definitions.md#latvia-personal-code)</br> - [Lithuania Personal Code](sensitive-information-type-entity-definitions.md#lithuania-personal-code)</br> - [Romania Personal Numerical Code (CNP)](sensitive-information-type-entity-definitions.md#romania-personal-numeric-code-cnp)</br> - [Netherlands Citizen's Service (BSN) Number](sensitive-information-type-entity-definitions.md#netherlands-citizens-service-bsn-number)</br> - [Ireland Personal Public Service (PPS) Number](sensitive-information-type-entity-definitions.md#ireland-personal-public-service-pps-number)</br> - [Bulgaria Uniform Civil Number](sensitive-information-type-entity-definitions.md#bulgaria-uniform-civil-number)</br> - [Belgium National Number](sensitive-information-type-entity-definitions.md#belgium-national-number)</br> - [Spain DNI](sensitive-information-type-entity-definitions.md#spain-dni)</br> - [Slovenia Unique Master Citizen Number](sensitive-information-type-entity-definitions.md#slovenia-unique-master-citizen-number)</br> - [Slovakia Personal Number](sensitive-information-type-entity-definitions.md#slovakia-personal-number)</br> - [Portugal Citizen Card Number](sensitive-information-type-entity-definitions.md#portugal-citizen-card-number)</br> - [Malta Tax ID Number](sensitive-information-type-entity-definitions.md#malta-tax-identification-number)</br> - [Austria Tax Identification Number](sensitive-information-type-entity-definitions.md#austria-tax-identification-number)</br> - [Cyprus Tax Identification Number](sensitive-information-type-entity-definitions.md#cyprus-tax-identification-number)</br> - [France Tax Identification Number (numéro SPI.)](sensitive-information-type-entity-definitions.md#france-tax-identification-number)</br> - [Germany Tax Identification Number](sensitive-information-type-entity-definitions.md#germany-tax-identification-number)</br> - [Greek Tax identification Number](sensitive-information-type-entity-definitions.md#greece-tax-identification-number)</br> - [Hungary Tax identification Number](sensitive-information-type-entity-definitions.md#hungary-tax-identification-number)</br> - [Netherlands Tax Identification Number](sensitive-information-type-entity-definitions.md#netherlands-tax-identification-number)</br> - [Poland Tax Identification Number](sensitive-information-type-entity-definitions.md#poland-tax-identification-number)</br> - [Portugal Tax Identification Number](sensitive-information-type-entity-definitions.md#portugal-tax-identification-number)</br> - [Slovenia Tax Identification Number](sensitive-information-type-entity-definitions.md#slovenia-tax-identification-number)</br> - [Spain Tax Identification Number](sensitive-information-type-entity-definitions.md#spain-tax-identification-number)</br> - [Sweden Tax Identification Number](sensitive-information-type-entity-definitions.md#sweden-tax-identification-number)</br> - [Austria Driver's License](sensitive-information-type-entity-definitions.md#austria-drivers-license-number)</br> - [Belgium Driver's License Number](sensitive-information-type-entity-definitions.md#belgium-drivers-license-number)</br> - [Bulgaria Driver's License Number](sensitive-information-type-entity-definitions.md#bulgaria-drivers-license-number)</br> - [Croatia Driver's License Number](sensitive-information-type-entity-definitions.md#croatia-drivers-license-number)</br> - [Cyprus Driver's License Number](sensitive-information-type-entity-definitions.md#cyprus-drivers-license-number)</br> - [Czech Driver's License Number](sensitive-information-type-entity-definitions.md#czech-drivers-license-number)</br> - [Denmark Driver's License Number](sensitive-information-type-entity-definitions.md#denmark-drivers-license-number)</br> - [Estonia Driver's License Number](sensitive-information-type-entity-definitions.md#estonia-drivers-license-number)</br> - [Finland Driver's License Number](sensitive-information-type-entity-definitions.md#finland-drivers-license-number)</br> - [France Driver's License Number](sensitive-information-type-entity-definitions.md#france-drivers-license-number)</br> - [German Driver's License Number](sensitive-information-type-entity-definitions.md#germany-drivers-license-number)</br> - [Greece Driver's License Number](sensitive-information-type-entity-definitions.md#greece-drivers-license-number)</br> - [Hungary Driver's License Number](sensitive-information-type-entity-definitions.md#hungary-drivers-license-number)</br> - [Ireland Driver's License Number](sensitive-information-type-entity-definitions.md#ireland-drivers-license-number)</br> - [Italy Driver's License Number](sensitive-information-type-entity-definitions.md#italy-drivers-license-number)</br> - [Latvia Driver's License Number](sensitive-information-type-entity-definitions.md#latvia-drivers-license-number)</br> - [Lithuania Driver's License Number](sensitive-information-type-entity-definitions.md#lithuania-drivers-license-number)</br> - [Luxemburg Driver's License Number](sensitive-information-type-entity-definitions.md#luxemburg-drivers-license-number)</br> - [Malta Driver's License Number](sensitive-information-type-entity-definitions.md#malta-drivers-license-number)</br> - [Netherlands Driver's License Number](sensitive-information-type-entity-definitions.md#netherlands-drivers-license-number)</br> - [Poland Driver's License Number](sensitive-information-type-entity-definitions.md#poland-drivers-license-number)</br> - [Portugal Driver's License Number](sensitive-information-type-entity-definitions.md#portugal-drivers-license-number)</br> - [Romania Driver's License Number](sensitive-information-type-entity-definitions.md#romania-drivers-license-number)</br> - [Slovakia Driver's License Number](sensitive-information-type-entity-definitions.md#slovakia-drivers-license-number)</br> - [Slovenia Driver's License Number](sensitive-information-type-entity-definitions.md#slovenia-drivers-license-number)</br> - [Spain Driver's License Number](sensitive-information-type-entity-definitions.md#spain-drivers-license-number)</br> - [Sweden Driver's License Number](sensitive-information-type-entity-definitions.md#sweden-drivers-license-number)</br> - [Austria Passport Number](sensitive-information-type-entity-definitions.md#austria-passport-number)</br> - [Belgium Passport Number](sensitive-information-type-entity-definitions.md#belgium-passport-number)</br> - [Bulgaria Passport Number](sensitive-information-type-entity-definitions.md#bulgaria-passport-number)</br> - [Croatia Passport Number](sensitive-information-type-entity-definitions.md#croatia-passport-number)</br> - [Cyprus Passport Number](sensitive-information-type-entity-definitions.md#cyprus-passport-number)</br> - [Czech Republic Passport Number](sensitive-information-type-entity-definitions.md#czech-passport-number)</br> - [Denmark Passport Number](sensitive-information-type-entity-definitions.md#denmark-passport-number)</br> - [Estonia Passport Number](sensitive-information-type-entity-definitions.md#estonia-passport-number)</br> - [Finland Passport Number](sensitive-information-type-entity-definitions.md#finland-passport-number)</br> - [France Passport Number](sensitive-information-type-entity-definitions.md#france-passport-number)</br> - [German Passport Number](sensitive-information-type-entity-definitions.md#germany-passport-number)</br> - [Greece Passport Number](sensitive-information-type-entity-definitions.md#greece-passport-number)</br> - [Hungary Passport Number](sensitive-information-type-entity-definitions.md#hungary-passport-number)</br> - [Ireland Passport Number](sensitive-information-type-entity-definitions.md#ireland-passport-number)</br> - [Italy Passport Number](sensitive-information-type-entity-definitions.md#italy-passport-number)</br> - [Latvia Passport Number](sensitive-information-type-entity-definitions.md#latvia-passport-number)</br> - [Lithuania Passport Number](sensitive-information-type-entity-definitions.md#lithuania-passport-number)</br> - [Luxemburg Passport Number](sensitive-information-type-entity-definitions.md#luxemburg-passport-number)</br> - [Malta Passport Number](sensitive-information-type-entity-definitions.md#malta-passport-number)</br> - [Netherlands Passport Number](sensitive-information-type-entity-definitions.md#netherlands-passport-number)</br> - [Poland Passport](sensitive-information-type-entity-definitions.md#poland-passport-number)</br> - [Portugal Passport Number](sensitive-information-type-entity-definitions.md#portugal-passport-number)</br> - [Romania Passport Number](sensitive-information-type-entity-definitions.md#romania-passport-number)</br> - [Slovakia Passport Number](sensitive-information-type-entity-definitions.md#slovakia-passport-number)</br> - [Slovenia Passport Number](sensitive-information-type-entity-definitions.md#slovenia-passport-number)</br> - [Spain Passport Number](sensitive-information-type-entity-definitions.md#spain-passport-number)</br> - [Sweden Passport Number](sensitive-information-type-entity-definitions.md#sweden-passport-number)</br> - [EU Debit Card Number](sensitive-information-type-entity-definitions.md#eu-debit-card-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)|
-|Privacy| General Data Protection Regulation (GDPR)|- [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number) </br> - [EU driver's license number](sensitive-information-type-entity-definitions.md#eu-drivers-license-number) </br> - [EU national identification number](sensitive-information-type-entity-definitions.md#eu-national-identification-number)</br> - [EU passport number](sensitive-information-type-entity-definitions.md#eu-passport-number) </br> - [EU social security number or equivalent identification](sensitive-information-type-entity-definitions.md#eu-social-security-number-or-equivalent-identification)</br> - [EU Tax identification number](sensitive-information-type-entity-definitions.md#eu-tax-identification-number)|
-|Privacy| Germany Personally Identifiable Information (PII) Data|- [Germany driver's license number](sensitive-information-type-entity-definitions.md#germany-drivers-license-number) </br> - [Germany passport number](sensitive-information-type-entity-definitions.md#germany-passport-number)|
-|Privacy| Israel Personally Identifiable Information (PII) Data|- [Israel national identification number](sensitive-information-type-entity-definitions.md#israel-national-identification-number)|
-|Privacy| Israel Protection of Privacy|- [Israel national identification number](sensitive-information-type-entity-definitions.md#israel-national-identification-number)</br> - [Israel bank account number](sensitive-information-type-entity-definitions.md#israel-bank-account-number)|
-|Privacy| Japan Personally Identifiable Information (PII) Data enhanced|- [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)</br> - [Japan My Number - Personal](sensitive-information-type-entity-definitions.md#japan-my-numberpersonal)</br> - [Japan passport number](sensitive-information-type-entity-definitions.md#japan-passport-number)</br> - [Japan driver's license number](sensitive-information-type-entity-definitions.md#japan-drivers-license-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [Japan Physical Addresses](sensitive-information-type-entity-definitions.md#all-physical-addresses)|
-|Privacy| Japan Personally Identifiable Information (PII) Data|- [Japan resident registration number](sensitive-information-type-entity-definitions.md#japan-resident-registration-number) </br> - [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)|
-|Privacy| Japan Protection of Personal Information Enhanced|- [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin) </br> - [Japan My Number - Personal](sensitive-information-type-entity-definitions.md#japan-my-numberpersonal)</br> - [Japan passport number](sensitive-information-type-entity-definitions.md#japan-passport-number) </br> - [Japan driver's license number](sensitive-information-type-entity-definitions.md#japan-drivers-license-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [Japan Physical Addresses](sensitive-information-type-entity-definitions.md#all-physical-addresses)|
-|Privacy| Japan Protection of Personal Information|- [Japan resident registration number](sensitive-information-type-entity-definitions.md#japan-resident-registration-number)</br> - [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)|
-|Privacy| Saudi Arabia Personally Identifiable (PII) Data|- [Saudi Arabia National ID](sensitive-information-type-entity-definitions.md#saudi-arabia-national-id)|
-|Privacy| U.K. Data Protection Act|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
-|Privacy| U.K. Privacy and Electronic Communications Regulations|- [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
-|Privacy| U.K. Personally Identifiable Information (PII) Data|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)|
-|Privacy| U.K. Personal Information Online Code of Practice (PIOCP)|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.K. national health service number](sensitive-information-type-entity-definitions.md#uk-national-health-service-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
-|Privacy| U.S Patriot Act Enhanced|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)|
-|Privacy| U.S. Patriot Act|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
-|Privacy| U.S. Personally Identifiable Information (PII) Data Enhanced|- [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names)</br> - [U.S. Physical Addresses](sensitive-information-type-entity-definitions.md#us-physical-addresses)|
-|Privacy| U.S. Personally Identifiable Information (PII) Data|- [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)|
-|Privacy| U.S. State Breach Notification Laws Enhanced|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [All Full Names](sensitive-information-type-entity-definitions.md#all-full-names) </br> - [U.S./U.K. passport number](sensitive-information-type-entity-definitions.md#usuk-passport-number)</br> - [All Medical Terms And Conditions](sensitive-information-type-entity-definitions.md#all-medical-terms-and-conditions)|
-|Privacy| U.S. State Breach Notification Laws|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
-|Privacy| U.S. State Social Security Number Confidentiality Laws|- [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
+|Financial| Australia Financial Data| - [SWIFT code](sit-defn-swift-code.md) </br> - [Australia tax file number](sit-defn-australia-tax-file-number.md) </br> - [Australia bank account number](sit-defn-australia-bank-account-number.md) </br> - [Credit card number](sit-defn-credit-card-number.md)|
+|Financial| Canada Financial data |- [Credit card number](sit-defn-credit-card-number.md) </br> - [Canada bank account number](sit-defn-canada-bank-account-number.md)|
+|Financial| France Financial data |- [Credit card number](sit-defn-credit-card-number.md) </br> - [EU debit card number](sit-defn-eu-debit-card-number.md)|
+|Financial| Germany Financial Data |- [Credit card number](sit-defn-credit-card-number.md) </br> - [EU debit card number](sit-defn-eu-debit-card-number.md)|
+|Financial| Israel Financial Data |- [Israel bank account number](sit-defn-israel-bank-account-number.md) </br> - [SWIFT code](sit-defn-swift-code.md) </br> - [Credit card number](sit-defn-credit-card-number.md)|
+|Financial| Japan Financial Data |- [Japan bank account number](sit-defn-japan-bank-account-number.md)</br> - [Credit card number](sit-defn-credit-card-number.md)|
+|Financial| PCI Data Security Standard (PCI DSS)|- [Credit card number](sit-defn-credit-card-number.md)|
+|Financial| Saudi Arabia Anti-Cyber Crime Law|- [SWIFT code](sit-defn-swift-code.md) </br> - [International banking account number (IBAN)](sit-defn-international-banking-account-number.md)|
+|Financial| Saudi Arabia Financial Data |- [Credit card number](sit-defn-credit-card-number.md) </br> - [SWIFT code](sit-defn-swift-code.md) </br> - [International banking account number (IBAN)](sit-defn-international-banking-account-number.md)|
+|Financial| UK Financial Data|- [Credit card number](sit-defn-credit-card-number.md) </br> - [EU debit card number](sit-defn-eu-debit-card-number.md) </br> - [SWIFT code](sit-defn-swift-code.md)|
+|Financial| US Financial Data|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [ABA Routing Number](sit-defn-aba-routing.md)|
+|Financial| U.S. Federal Trade Commission (FTC) Consumer Rules|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [ABA Routing Number](sit-defn-aba-routing.md)|
+|Financial| U.S. Gramm-Leach-Bliley Act (GLBA) Enhanced|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)</br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md) </br> -[U.S. driver's license number](sit-defn-us-drivers-license-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)</br> - [U.S. Physical Addresses](sit-defn-us-physical-addresses.md)|
+|Financial| U.S. Gramm-Leach-Bliley Act (GLBA)|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)|
+|Medical and health| Australia Health Records Act (HRIP Act) Enhanced |- [Australia tax file number](sit-defn-australia-tax-file-number.md)</br> - [Australia medical account number](sit-defn-australia-medical-account-number.md)</br> - [All Full Names](sit-defn-all-full-names.md) </br> - [All Medical Terms And Conditions](sit-defn-all-medical-terms-conditions.md) </br> - [Australia Physical Addresses](sit-defn-australia-physical-addresses.md)|
+|Medical and health| Australia Health Records Act (HRIP Act)|- [Australia tax file number](sit-defn-australia-tax-file-number.md) </br> - [Australia medical account number](sit-defn-australia-medical-account-number.md)|
+|Medical and health| Canada Health Information Act (HIA) |- [Canada passport number](sit-defn-canada-passport-number.md) </br> - [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Medical and health| Canada Personal Health Information Act (PHIA) Manitoba|- [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Medical and health| Canada Personal Health Act (PHIPA) Ontario |- [Canada passport number](sit-defn-canada-passport-number.md) </br> - [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Medical and health| U.K. Access to Medical Reports Act|- [U.K. national health service number](sit-defn-uk-national-health-service-number.md) </br> - [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md)|
+|Medical and health| U.S. Health Insurance Act (HIPAA) Enhanced|</br> - [International classification of diseases (ICD-9-CM)](sit-defn-international-classification-of-diseases-icd-9-cm.md) </br> - [International classification of diseases (ICD-10-CM)](sit-defn-international-classification-of-diseases-icd-10-cm.md) </br> - [All Full Names](sit-defn-all-full-names.md) </br> - [All Medical Terms And Conditions](sit-defn-all-medical-terms-conditions.md) </br> - [U.S. Physical Addresses](sit-defn-us-physical-addresses.md)|
+|Medical and health| U.S. Health Insurance Act (HIPAA)| - [International classification of diseases (ICD-9-CM)](sit-defn-international-classification-of-diseases-icd-9-cm.md) </br> - [International classification of diseases (ICD-10-CM)](sit-defn-international-classification-of-diseases-icd-10-cm.md)|
+|Privacy| Australia Privacy Act Enhanced|- [Australia driver's license number](sit-defn-australia-drivers-license-number.md) </br> - [Australia passport number](sit-defn-australia-passport-number.md) </br> - [All Full Names](sit-defn-all-full-names.md) </br> - [All Medical Terms And Conditions](sit-defn-all-medical-terms-conditions.md) </br> - [Australia Physical Addresses](sit-defn-australia-physical-addresses.md)|
+|Privacy| Australia Privacy Act|- [Australia drivers license number](sit-defn-australia-drivers-license-number.md)</br> - [Australia passport number](sit-defn-australia-passport-number.md)|
+|Privacy| Australia Personally Identifiable Information (PII) Data|- [Australia tax file number](sit-defn-australia-tax-file-number.md) </br> - [Australia driver's license number](sit-defn-australia-drivers-license-number.md)|
+|Privacy| Canada Personally Identifiable Information (PII) Data|- [Canada driver's license number](sit-defn-canada-drivers-license-number.md) </br> - [Canada bank account number](sit-defn-canada-bank-account-number.md) </br> - [Canada passport number](sit-defn-canada-passport-number.md) </br> - [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Privacy| Canada Personal Information Protection Act (PIPA)|- [Canada passport number](sit-defn-canada-passport-number.md) </br> - [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Privacy| Canada Personal Information Protection Act (PIPEDA)|- [Canada driver's license number](sit-defn-canada-drivers-license-number.md) </br> - [Canada bank account number](sit-defn-canada-bank-account-number.md) </br> - [Canada passport number](sit-defn-canada-passport-number.md) </br> - [Canada social insurance number](sit-defn-canada-social-insurance-number.md) </br> - [Canada health service number](sit-defn-canada-health-service-number.md) </br> - [Canada Personal Health Identification Number](sit-defn-canada-personal-health-identification-number.md)|
+|Privacy| France Data Protection Act|- [France national id card (CNI)](sit-defn-france-national-id-card.md)</br> - [France social security number (INSEE)](sit-defn-france-social-security-number.md)|
+|Privacy| France Personally Identifiable Information (PII) Data|- [France social security number (INSEE)](sit-defn-france-social-security-number.md) </br> - [France driver's license number](sit-defn-france-drivers-license-number.md) </br> - [France passport number](sit-defn-france-passport-number.md) </br> - [France national id card (CNI)](sit-defn-france-national-id-card.md)|
+|Privacy| General Data Protection Regulation (GDPR) Enhanced|- [Austria Physical Addresses](sit-defn-austria-physical-addresses.md) </br> - [Belgium Physical Addresses](sit-defn-belgium-physical-addresses.md) </br> - [Bulgaria Physical Addresses](sit-defn-bulgaria-physical-addresses.md) </br> - [Croatia Physical Addresses](sit-defn-croatia-physical-addresses.md) </br> - [Cyprus Physical Addresses](sit-defn-cyprus-physical-addresses.md) </br> - [Czech Republic Physical Addresses](sit-defn-czech-republic-physical-addresses.md)</br> - [Denmark Physical Addresses](sit-defn-denmark-physical-addresses.md)</br> - [Estonia Physical Addresses](sit-defn-estonia-physical-addresses.md)</br> - [Finland Physical Addresses](sit-defn-finland-physical-addresses.md)</br> - [France Physical Addresses](sit-defn-france-physical-addresses.md)</br> - [Germany Physical Addresses](sit-defn-germany-physical-addresses.md)</br> - [Greece Physical Addresses](sit-defn-greece-physical-addresses.md)</br> - [Hungary Physical Addresses](sit-defn-hungary-physical-addresses.md)</br> - [Ireland Physical Addresses](sit-defn-ireland-physical-addresses.md)</br> - [Italy Physical Addresses](sit-defn-italy-physical-addresses.md)</br> - [Latvia Physical Addresses](sit-defn-latvia-physical-addresses.md)</br> - [Lithuania Physical Addresses](sit-defn-lithuania-physical-addresses.md)</br> - [Luxembourg Physical Addresses](sit-defn-luxemburg-physical-addresses.md)</br> - [Malta Physical Addresses](sit-defn-malta-physical-addresses.md)</br> - [Netherlands Physical Addresses](sit-defn-netherlands-physical-addresses.md)</br> - [Poland Physical Addresses](sit-defn-poland-physical-addresses.md)</br> - [Portuguese Physical Addresses](sit-defn-portugal-physical-addresses.md)</br> - [Romania Physical Addresses](sit-defn-romania-physical-addresses.md)</br> - [Slovakia Physical Addresses](sit-defn-slovakia-physical-addresses.md)</br> - [Slovenia Physical Addresses](sit-defn-slovenia-physical-addresses.md)</br> - [Spain Physical Addresses](sit-defn-spain-physical-addresses.md)</br> - [Sweden Physical Addresses](sit-defn-sweden-physical-addresses.md)</br> - [Austria Social Security Number](sit-defn-austria-social-security-number.md) </br> - [France Social Security Number (INSEE)](sit-defn-france-social-security-number.md)</br> - [Greece Social Security Number (AMKA)](sit-defn-greece-social-security-number.md)</br> - [Hungarian Social Security Number (TAJ)](sit-defn-hungary-social-security-number.md)</br> - [Spain Social Security Number (SSN)](sit-defn-spain-social-security-number.md)</br> - [Austria Identity Card](sit-defn-austria-identity-card.md) </br> - [Cyprus Identity Card](sit-defn-cyprus-identity-card.md) </br> - [Germany Identity Card Number](sit-defn-germany-identity-card-number.md)</br> - [Malta Identity Card Number](sit-defn-malta-identity-card-number.md)</br> - [France National ID Card (CNI)](sit-defn-france-national-id-card.md)</br> - [Greece National ID Card](sit-defn-greece-national-id-card.md)</br> - [Finland National ID](sit-defn-finland-national-id.md)</br> - [Poland National ID (PESEL)](sit-defn-poland-national-id.md)</br> - [Sweden National ID](sit-defn-sweden-national-id.md)</br> - [Croatia Personal Identification (OIB) Number](sit-defn-croatia-personal-identification-number.md) </br> - [Czech Personal Identity Number](sit-defn-czech-personal-identity-number.md)</br> - [Denmark Personal Identification Number](sit-defn-denmark-personal-identification-number.md)</br> - [Estonia Personal Identification Code](sit-defn-estonia-personal-identification-code.md)</br> - [Hungary Personal Identification Number](sit-defn-hungary-personal-identification-number.md)</br> - [Luxemburg National Identification Number natural persons](sit-defn-luxemburg-national-identification-number-natural-persons.md)</br> - [Luxemburg National Identification Number (Non-natural persons)](sit-defn-luxemburg-national-identification-number-non-natural-persons.md)</br> - [Italy Fiscal Code](sit-defn-italy-fiscal-code.md)</br> - [Latvia Personal Code](sit-defn-latvia-personal-code.md)</br> - [Lithuania Personal Code](sit-defn-lithuania-personal-code.md)</br> - [Romania Personal Numerical Code (CNP)](sit-defn-romania-personal-numeric-code.md)</br> - [Netherlands Citizen's Service (BSN) Number](sit-defn-netherlands-citizens-service-number.md)</br> - [Ireland Personal Public Service (PPS) Number](sit-defn-ireland-personal-public-service-number.md)</br> - [Bulgaria Uniform Civil Number](sit-defn-bulgaria-uniform-civil-number.md) </br> - [Belgium National Number](sit-defn-belgium-national-number.md) </br> - [Spain DNI](sit-defn-spain-dni.md)</br> - [Slovenia Unique Master Citizen Number](sit-defn-slovenia-unique-master-citizen-number.md)</br> - [Slovakia Personal Number](sit-defn-slovakia-personal-number.md)</br> - [Portugal Citizen Card Number](sit-defn-portugal-citizen-card-number.md)</br> - [Malta Tax ID Number](sit-defn-malta-tax-identification-number.md)</br> - [Austria Tax Identification Number](sit-defn-austria-tax-identification-number.md) </br> - [Cyprus Tax Identification Number](sit-defn-cyprus-tax-identification-number.md) </br> -[France Tax Identification Number (numéro SPI.)](sit-defn-france-tax-identification-number.md)</br> - [Germany Tax Identification Number](sit-defn-germany-tax-identification-number.md)</br> - [Greek Tax identification Number](sit-defn-greece-tax-identification-number.md)</br> - [Hungary Tax identification Number](sit-defn-hungary-tax-identification-number.md)</br> - [Netherlands Tax Identification Number](sit-defn-netherlands-tax-identification-number.md)</br> - [Poland Tax Identification Number](sit-defn-poland-tax-identification-number.md)</br> - [Portugal Tax Identification Number](sit-defn-portugal-tax-identification-number.md)</br> - [Slovenia Tax Identification Number](sit-defn-slovenia-tax-identification-number.md)</br> - [Spain Tax Identification Number](sit-defn-spain-tax-identification-number.md)</br> - [Sweden Tax Identification Number](sit-defn-sweden-tax-identification-number.md)</br> - [Austria Driver's License](sit-defn-austria-drivers-license-number.md) </br> - [Belgium Driver's License Number](sit-defn-belgium-drivers-license-number.md) </br> - [Bulgaria Driver's License Number](sit-defn-bulgaria-drivers-license-number.md) </br> - [Croatia Driver's License Number](sit-defn-croatia-drivers-license-number.md) </br> - [Cyprus Driver's License Number](sit-defn-cyprus-drivers-license-number.md) </br> - [Czech Driver's License Number](sit-defn-czech-drivers-license-number.md) </br> - [Denmark Driver's License Number](sit-defn-denmark-drivers-license-number.md)</br> - [Estonia Driver's License Number](sit-defn-estonia-drivers-license-number.md)</br> - [Finland Driver's License Number](sit-defn-finland-drivers-license-number.md)</br> - [France Driver's License Number](sit-defn-france-drivers-license-number.md)</br> - [German Driver's License Number](sit-defn-germany-drivers-license-number.md)</br> - [Greece Driver's License Number](sit-defn-greece-drivers-license-number.md) </br> - [Hungary Driver's License Number](sit-defn-hungary-drivers-license-number.md)</br> - [Ireland Driver's License Number](sit-defn-ireland-drivers-license-number.md)</br> - [Italy Driver's License Number](sit-defn-italy-drivers-license-number.md)</br> - [Latvia Driver's License Number](sit-defn-latvia-drivers-license-number.md)</br> - [Lithuania Driver's License Number](sit-defn-lithuania-drivers-license-number.md)</br> - [Luxemburg Driver's License Number](sit-defn-luxemburg-drivers-license-number.md)</br> - [Malta Driver's License Number](sit-defn-malta-drivers-license-number.md)</br> - [Netherlands Driver's License Number](sit-defn-netherlands-drivers-license-number.md)</br> - [Poland Driver's License Number](sit-defn-poland-drivers-license-number.md)</br> - [Portugal Driver's License Number](sit-defn-portugal-drivers-license-number.md)</br> - [Romania Driver's License Number](sit-defn-romania-drivers-license-number.md)</br> - [Slovakia Driver's License Number](sit-defn-slovakia-drivers-license-number.md)</br> - [Slovenia Driver's License Number](sit-defn-slovenia-drivers-license-number.md)</br> - [Spain Driver's License Number](sit-defn-spain-drivers-license-number.md)</br> - [Sweden Driver's License Number](sit-defn-sweden-drivers-license-number.md)</br> - [Austria Passport Number](sit-defn-austria-passport-number.md) </br> - [Belgium Passport Number](sit-defn-belgium-passport-number.md) </br> - [Bulgaria Passport Number](sit-defn-bulgaria-passport-number.md) </br> - [Croatia Passport Number](sit-defn-croatia-passport-number.md) </br> - [Cyprus Passport Number](sit-defn-cyprus-passport-number.md) </br> - [Czech Republic Passport Number](sit-defn-czech-passport-number.md) </br> - [Denmark Passport Number](sit-defn-denmark-passport-number.md)</br> - [Estonia Passport Number](sit-defn-estonia-passport-number.md)</br> - [Finland Passport Number](sit-defn-finland-passport-number.md)</br> - [France Passport Number](sit-defn-france-passport-number.md)</br> - [German Passport Number](sit-defn-germany-passport-number.md)</br> - [Greece Passport Number](sit-defn-greece-passport-number.md)</br> - [Hungary Passport Number](sit-defn-hungary-passport-number.md)</br> - [Ireland Passport Number](sit-defn-ireland-passport-number.md)</br> - [Italy Passport Number](sit-defn-italy-passport-number.md)</br> - [Latvia Passport Number](sit-defn-latvia-passport-number.md)</br> - [Lithuania Passport Number](sit-defn-lithuania-passport-number.md)</br> - [Luxemburg Passport Number](sit-defn-luxemburg-passport-number.md)</br> - [Malta Passport Number](sit-defn-malta-passport-number.md)</br> - [Netherlands Passport Number](sit-defn-netherlands-passport-number.md)</br> - [Poland Passport](sit-defn-poland-passport-number.md)</br> - [Portugal Passport Number](sit-defn-portugal-passport-number.md)</br> - [Romania Passport Number](sit-defn-romania-passport-number.md)</br> - [Slovakia Passport Number](sit-defn-slovakia-passport-number.md)</br> - [Slovenia Passport Number](sit-defn-slovenia-passport-number.md)</br> - [Spain Passport Number](sit-defn-spain-passport-number.md)</br> - [Sweden Passport Number](sit-defn-sweden-passport-number.md)</br> - [EU Debit Card Number](sit-defn-eu-debit-card-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)|
+|Privacy| General Data Protection Regulation (GDPR)|- [EU debit card number](sit-defn-eu-debit-card-number.md) </br> - [EU driver's license number](sit-defn-eu-drivers-license-number.md) </br> - [EU national identification number](sit-defn-eu-national-identification-number.md)</br> - [EU passport number](sit-defn-eu-passport-number.md) </br> - [EU social security number or equivalent identification](sit-defn-eu-social-security-number-equivalent-identification.md)</br> - [EU Tax identification number](sit-defn-eu-tax-identification-number.md)|
+|Privacy| Germany Personally Identifiable Information (PII) Data|- [Germany driver's license number](sit-defn-germany-drivers-license-number.md) </br> - [Germany passport number](sit-defn-germany-passport-number.md)|
+|Privacy| Israel Personally Identifiable Information (PII) Data|- [Israel national identification number](sit-defn-israel-national-identification-number.md)|
+|Privacy| Israel Protection of Privacy|- [Israel national identification number](sit-defn-israel-national-identification-number.md)</br> - [Israel bank account number](sit-defn-israel-bank-account-number.md)|
+|Privacy| Japan Personally Identifiable Information (PII) Data enhanced|- [Japan Social Insurance Number (SIN)](sit-defn-japan-social-insurance-number.md)</br> - [Japan My Number - Personal](sit-defn-japan-my-number-personal.md)</br> - [Japan passport number](sit-defn-japan-passport-number.md)</br> - [Japan driver's license number](sit-defn-japan-drivers-license-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)</br> - [Japan Physical Addresses](sit-defn-all-physical-addresses.md)|
+|Privacy| Japan Personally Identifiable Information (PII) Data|- [Japan resident registration number](sit-defn-japan-resident-registration-number.md) </br> - [Japan Social Insurance Number (SIN)](sit-defn-japan-social-insurance-number.md)|
+|Privacy| Japan Protection of Personal Information Enhanced|- [Japan Social Insurance Number (SIN)](sit-defn-japan-social-insurance-number.md) </br> - [Japan My Number - Personal](sit-defn-japan-my-number-personal.md)</br> - [Japan passport number](sit-defn-japan-passport-number.md) </br> - [Japan driver's license number](sit-defn-japan-drivers-license-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)</br> - [Japan Physical Addresses](sit-defn-all-physical-addresses.md)|
+|Privacy| Japan Protection of Personal Information|- [Japan resident registration number](sit-defn-japan-resident-registration-number.md)</br> - [Japan Social Insurance Number (SIN)](sit-defn-japan-social-insurance-number.md)|
+|Privacy| Saudi Arabia Personally Identifiable (PII) Data|- [Saudi Arabia National ID](sit-defn-saudi-arabia-national-id.md)|
+|Privacy| U.K. Data Protection Act|- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md) </br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md) </br> - [SWIFT code](sit-defn-swift-code.md)|
+|Privacy| U.K. Privacy and Electronic Communications Regulations|- [SWIFT code](sit-defn-swift-code.md)|
+|Privacy| U.K. Personally Identifiable Information (PII) Data|- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md) </br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)|
+|Privacy| U.K. Personal Information Online Code of Practice (PIOCP)|- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md) </br> - [U.K. national health service number](sit-defn-uk-national-health-service-number.md) </br> - [SWIFT code](sit-defn-swift-code.md)|
+|Privacy| U.S Patriot Act Enhanced|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)</br> - [U.S. Physical Addresses](sit-defn-us-physical-addresses.md)|
+|Privacy| U.S. Patriot Act|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)|
+|Privacy| U.S. Personally Identifiable Information (PII) Data Enhanced|- [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)</br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)</br> - [All Full Names](sit-defn-all-full-names.md)</br> - [U.S. Physical Addresses](sit-defn-us-physical-addresses.md)|
+|Privacy| U.S. Personally Identifiable Information (PII) Data|- [U.S. Individual Taxpayer Identification Number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)</br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)|
+|Privacy| U.S. State Breach Notification Laws Enhanced|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> -[U.S. driver's license number](sit-defn-us-drivers-license-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)</br> - [All Full Names](sit-defn-all-full-names.md) </br> - [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)</br> - [All Medical Terms And Conditions](sit-defn-all-medical-terms-conditions.md)|
+|Privacy| U.S. State Breach Notification Laws|- [Credit card number](sit-defn-credit-card-number.md) </br> - [U.S. bank account number](sit-defn-us-bank-account-number.md)</br> -[U.S. driver's license number](sit-defn-us-drivers-license-number.md) </br> - [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)|
+|Privacy| U.S. State Social Security Number Confidentiality Laws|- [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)|
## Locations
A DLP policy can find and protect items that contain sensitive information acros
|Microsoft Defender for Cloud Apps | cloud app instance |data-at-rest | - [Use data loss prevention policies for non-Microsoft cloud apps](dlp-use-policies-non-microsoft-cloud-apps.md#use-data-loss-prevention-policies-for-non-microsoft-cloud-apps) | |Devices |user or group |data-at-rest </br> data-in-use </br> data-in-motion |- [Learn about Endpoint data loss prevention](endpoint-dlp-learn-about.md) </br>- [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md) </br>- [Configure device proxy and internet connection settings for Information Protection](device-onboarding-configure-proxy.md#configure-device-proxy-and-internet-connection-settings-for-information-protection) | |On-premises repositories (file shares and SharePoint) |repository | data-at-rest | - [Learn about the data loss prevention on-premises scanner](dlp-on-premises-scanner-learn.md) </br> - [Get started with the data loss prevention on-premises scanner](dlp-on-premises-scanner-get-started.md#get-started-with-the-data-loss-prevention-on-premises-scanner) |
-|PowerBI| workspaces | data-in-use | No|
+|Power BI| workspaces | data-in-use | No|
If you choose to include specific distribution groups in Exchange, the DLP policy will be scoped only to the members of that group. Similarly excluding a distribution group will exclude all the members of that distribution group from policy evaluation. You can choose to scope a policy to the members of distribution lists, dynamic distribution groups, and security groups. A DLP policy can contain no more than 50 such inclusions and exclusions.
DLP policies detect sensitive items by matching them to a sensitive information
|Teams Chat and Channel messages | Yes| No| No| |Devices |Yes | Yes| No| |Microsoft Defender for Cloud Apps | Yes| Yes| Yes|
-|On-Premises repositories| Yes| Yes| No|
-|PowerBI|Yes | Yes| No|
+|On-premises repositories| Yes| Yes| No|
+|Power BI|Yes | Yes| No|
> [!NOTE]
-> DLP supports (in preview) the using trainable classifiers as a condition to detect sensitive documents. Content can be defined by trainable classifiers in Exchange email online, Sharepoint Online sites, OneDrive for Business accounts, Teams Chat and Channels, and Devices. For more information, see [Trainable Classifiers](classifier-learn-about.md).
+> DLP supports (in preview) using trainable classifiers as a condition to detect sensitive documents. Content can be defined by trainable classifiers in Exchange Online, Sharepoint Online sites, OneDrive for Business accounts, Teams Chat and Channels, and Devices. For more information, see [Trainable Classifiers](classifier-learn-about.md).
> [!NOTE]
-> DLP supports detecting sensitivity labels on emails and attachments See, [Use sensitivity labels as conditions in DLP policies](dlp-sensitivity-label-as-condition.md#use-sensitivity-labels-as-conditions-in-dlp-policies).
+> DLP supports detecting sensitivity labels on emails and attachments. For more information, see [Use sensitivity labels as conditions in DLP policies](dlp-sensitivity-label-as-condition.md#use-sensitivity-labels-as-conditions-in-dlp-policies).
## Rules
Rules are the business logic of DLP policies. They consist of:
- [**Conditions**](#conditions) that when matched, trigger the policy - [**Exceptions**](#exceptions) to the conditions - [**Actions**](#actions) to take when the policy is triggered-- [**User notifications**](#user-notifications-and-policy-tips) to inform your users when they are doing something that triggers a policy and help educate them on how your org wants sensitive information treated
+- [**User notifications**](#user-notifications-and-policy-tips) to inform your users when they're doing something that triggers a policy and help educate them on how your organization wants sensitive information treated
- [**User Overrides**](#user-overrides) when configured by an admin, allow users to selectively override a blocking action - [**Incident Reports**](#incident-reports) that notify admins and other key stakeholders when a rule match occurs - [**Additional Options**](#additional-options) which define the priority for rule evaluation and can stop further rule and policy processing.
Rules are the business logic of DLP policies. They consist of:
#### Hosted service workloads
-For the hosted service workloads, like Exchange Online, SharePoint Online and OneDrive for Business, each rule is assigned a priority in the order in which it's created. That means, the rule created first has first priority, the rule created second has second priority, and so on.
+For the hosted service workloads, like Exchange Online, SharePoint Online and OneDrive for Business, each rule is assigned a priority in the order in which it's created. That means, the rule created first has first priority, the rule created second has second priority, and so on.
![Rules in priority order](../media/dlp-rules-in-priority-order.png)
When content is evaluated against rules, the rules are processed in priority ord
- Rule 1: only notifies users - Rule 2: notifies users, restricts access, and allows user overrides-- *Rule 3: notifies users, restricts access, and does not allow user overrides*
+- *Rule 3: notifies users, restricts access, and doesn't allow user overrides*
- Rule 4: restricts access Rules 1, 2, and 4 would be evaluated, but not applied. In this example, matches for all of the rules are recorded in the audit logs and shown in the DLP reports, even though only the most restrictive rule is applied.
For example, you might have a DLP policy that helps you detect the presence of i
Priority for rules on endpoints is also assigned according to the order in which it's created. That means, the rule created first has first priority, the rule created second has second priority, and so on.
-When a file on an endpoint matches multiple DLP policies, the first rule that's enabled with most restrictive enforcement on the [endpoint activities](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on) is the one that gets enforced on the content. For example, if content matches all of the following rules, then rule 2 takes precedence over the other rules since its the most restrictive.
+When a file on an endpoint matches multiple DLP policies, the first rule that's enabled with most restrictive enforcement on the [endpoint activities](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on) is the one that gets enforced on the content. For example, if content matches all of the following rules, then rule 2 takes precedence over the other rules since it's the most restrictive.
-- Rule 1: only audits all activity
+- Rule 1: only audits all activity
- *Rule 2: blocks all activity* - Rule 3: blocks all activity with option for end user to override
-In the below example, Rule 1 takes precedence over the other matching rules since its the most restrictive.
+In the below example, Rule 1 takes precedence over the other matching rules since it's the most restrictive.
-- *Rule 1: blocks activity and does not allow user override*
+- *Rule 1: blocks activity and doesn't allow user override*
- Rule 2: blocks activity and allows user overrides - Rule 3: only audits all activity - Rule 4: no enforcement
-All the other rules are evaluated but their actions are not enforced. Audit logs will show the most restrictive rule applied on the file. If there is more than one rule that matches and they are equally restrictive, then policy and rule priority governs which rule would be applied on the file.
+All the other rules are evaluated but their actions aren't enforced. Audit logs will show the most restrictive rule applied on the file. If there's more than one rule that matches and they're equally restrictive, then policy and rule priority governs which rule would be applied on the file.
### Conditions
Conditions are inclusive and are where you define what you want the rule to look
- [retention labels](retention.md#using-a-retention-label-as-a-condition-in-a-dlp-policy) - [Trainable Classifiers](classifier-learn-about.md) (in preview)
-depending on the [location(s)](#location-support-for-how-content-can-be-defined) you choose to apply the policy to.
+depending on the [location(s)](#location-support-for-how-content-can-be-defined) you choose to apply the policy to.
-The rule will only look for the presence of any **sensitivity labels** and **retention labels** you pick.
+The rule will only look for the presence of any **sensitivity labels** and **retention labels** you pick.
-SITs have a pre-defined [**confidence level**](https://www.microsoft.com/videoplayer/embed/RE4Hx60) which you can alter if needed. For more information, see [More on confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels).
+SITs have a pre-defined [**confidence level**](https://www.microsoft.com/videoplayer/embed/RE4Hx60) which you can alter if needed. For more information, see [More on confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels).
> [!IMPORTANT] > SITs have two different ways of defining the max unique instance count parameters. To learn more, see [Instance count supported values for SIT](create-a-custom-sensitive-information-type.md#instance-count-supported-values-for-sit).
The actions that are available in a rule are dependent on the locations that hav
#### Devices actions <!--- (preview) Audit or restricted activities when users acceses sensitive websites in Microsoft Edge browser on Windows devices. See, [Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains-preview) for more information.
+- (preview) Audit or restricted activities when users accesses sensitive websites in Microsoft Edge browser on Windows devices. See, [Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains-preview) for more information.
- Audit or restrict activities on Windows devices To use `Audit or restrict activities on Windows devices`, you have to configure options in **DLP settings** and in the policy in which you want to use them. See, [Restricted apps and app groups](dlp-configure-endpoint-settings.md#restricted-apps-and-app-groups) for more information.
This table shows the DLP blocking and notification behavior for policies that ar
|||||| |- **Content is shared from Microsoft 365** </br>- **with people outside my organization** |No actions are configured |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected |- **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** set to **On** </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |- Notifications will be sent only when a file is shared with an external user and an external user access the file. | |- **Content is shared from Microsoft 365** </br>- **only with people inside my organization** | No actions are configured |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |- Notifications are sent when a file is uploaded |
-|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** | - **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block users from receiveing email or accessing shared SharePoint, OndeDrive, and Teams files** is selected </br>- **Block only people outside your organization** is selected |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** | - Access to a sensitive file is blocked as soon as it is uploaded </br>- Notifications sent when content is shared from Microsoft 365 with people outside my organization |
-|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** | - **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block users from receiveing email or accessing shared SharePoint, OndeDrive, and Teams files** is selected </br>- **Block everyone** is selected | - **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |Notifications are sent when a file is shared with an external user and an external user access that file. |
+|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** | - **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block users from receiving email or accessing shared SharePoint, OneDrive, and Teams files** is selected </br>- **Block only people outside your organization** is selected |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** | - Access to a sensitive file is blocked as soon as it is uploaded </br>- Notifications sent when content is shared from Microsoft 365 with people outside my organization |
+|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** | - **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block users from receiving email or accessing shared SharePoint, OneDrive, and Teams files** is selected </br>- **Block everyone** is selected | - **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |Notifications are sent when a file is shared with an external user and an external user access that file. |
|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** |- **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block only people who were given access to the content through the "Anyone with the link" option** is selected. | - **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected. </br>- **Notify the user who sent, shared, or last modified the content** is selected |- **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |Notifications are sent as soon as a file is uploaded |
compliance Enable Mailbox Auditing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-mailbox-auditing.md
Here are some benefits of mailbox auditing on by default:
- Auditing is automatically enabled when you create a new mailbox. You don't need to manually enable it for new users. - You don't need to manage the mailbox actions that are audited. A predefined set of mailbox actions are audited by default for each logon type (Admin, Delegate, and Owner).-- When Microsoft releases a new mailbox action, the action might be automatically added to the list of mailbox actions that are audited by default (subject to the user having the appropriate license). This means you don't need to monitor add new actions on mailboxes.
+- When Microsoft releases a new mailbox action, the action might be added automatically to the list of mailbox actions that are audited by default (subject to the user having the appropriate license). This means you don't need to monitor add new actions on mailboxes.
- You have a consistent mailbox auditing policy across your organization (because you're auditing the same actions for all mailboxes). > [!NOTE]
Remember, an admin with Full Access permission to a Microsoft 365 Group mailbox
|**SendAs**|A message was sent using the SendAs permission.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|| |**SendOnBehalf**|A message was sent using the SendOnBehalf permission.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|| |**SoftDelete**|A message was permanently deleted or deleted from the Deleted Items folder. Soft-deleted items are moved to the Recoverable Items folder.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**Update**|A message or any of its property was changed.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**Update**|A message or any of its properties was changed.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
### Verify that default mailbox actions are being logged for each logon type
compliance Encryption Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-sensitivity-labels.md
You can use the following options to let users assign permissions when they manu
This option is supported by the Azure Information Protection unified labeling client and by some apps that use built-in labeling. For apps that don't support this capability, the label either won't be visible for users, or the label is visible for consistency but it can't be applied with an explanation message to users.
- To check which apps that use built-in labeling support this option, use the [capabilities table for Word, Excel, and PowerPoint](sensitivity-labels-office-apps.md#sensitivity-label-capabilities-in-word-excel-and-powerpoint) and the row **Let users assign permissions: - Prompt users**.
+ To check which apps that use built-in labeling support this option, use the [capabilities table for Word, Excel, and PowerPoint](sensitivity-labels-office-apps.md#sensitivity-label-capabilities-in-word-excel-and-powerpoint) and the rows for **Let users assign permissions**.
When the options are supported, use the following table to identify when users see the sensitivity label:
For built-in labeling, and for the Azure Information Protection unified labeling
> [!TIP] > If users were familiar with configuring custom permissions with the Azure Information Protection unified labeling client before [co-authoring was enabled](sensitivity-labels-coauthoring.md), you might find it helpful to review the mapping of permission levels to individual usage rights: [Rights included in permissions levels](/azure/information-protection/configure-usage-rights#rights-included-in-permissions-levels).
+#### Support for organization-wide custom permissions
+
+Now rolling out in preview for built-in labeling in Windows, users can specify a domain name that will apply to all users in an organization that owns the domain and it is in Azure Active Directory. This capability provides [parity with the Azure Information Protection unified labeling client](sensitivity-labels-aip.md#feature-parity-for-built-in-labeling-and-the-aip-add-in-for-office-apps):
+
+![Updated dialog box to support organization-wide custom permissions.](../media/org-wide-custom-permissions-dialog.png)
+
+For example, a user types "@contoso.com" (or "contoso.com") and grants read access. Because Contoso Corporation owns the contoso.com domain, all users in that domain and all other domains that the organization owns in Azure Active Directory will be granted read access.
+
+It's important to let users know that access isn't restricted to just the users in the domain specified. For example, "@sales.contoso.com" wouldn't restrict access to users in just the sales subdomain, but also grant access to users in the marketing.contoso.com domain, and even users with a disjoint namespace in the same Azure Active Directory tenant.
+ ## Example configurations for the encryption settings For each example that follows, do the configuration from the **Encryption** page when **Configure encryption settings** is selected:
compliance Endpoint Dlp Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-learn-about.md
Onboarding and offboarding are handled via scripts you download from the Device
Use the procedures in [Getting started with Microsoft 365 Endpoint DLP](endpoint-dlp-getting-started.md) to onboard devices.
-If you have onboarded devices through [Microsoft Defender for Endpoint](../security/defender-endpoint/configure-machines-onboarding.md), those devices will automatically show up in the list of devices. This is because onboarding to Defender also onboards devices to DLP. You only need to **Turn on device monitoring** to use endpoint DLP. .
+If you have onboarded devices through [Microsoft Defender for Endpoint](../security/defender-endpoint/configure-machines-onboarding.md), those devices will automatically show up in the list of devices. This is because onboarding to Defender also onboards devices to DLP. You only need to **Turn on device monitoring** to use endpoint DLP. .
> [!div class="mx-imgBorder"] > ![managed devices list.](../media/endpoint-dlp-learn-about-2-device-list.png)
compliance Get Started With Data Lifecycle Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-data-lifecycle-management.md
Ready to start managing the lifecycle of your organization's data by retaining t
A number of different subscriptions support data lifecycle management capabilities.
-To see the options for licensing your users to benefit from Microsoft Purview features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For the features listed on this page, see the [Microsoft Purview Data Lifecycle Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management) section and related [PDF download](https://go.microsoft.com/fwlink/?linkid=2139145) for feature-level licensing requirements.
+To see the options for licensing your users to benefit from Microsoft Purview features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For the features listed on this page, see the [Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management--microsoft-purview-records-management) section for feature-level licensing requirements.
## Permissions
compliance Get Started With Records Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-records-management.md
Ready to start managing your organization's high-value content for legal, busine
- [Publish retention labels and apply them in apps](create-apply-retention-labels.md) - [Apply a retention label to content automatically](apply-retention-labels-automatically.md)
+> [!TIP]
+> If you're migrating records to Microsoft 365 and need to validate that they haven't been altered, see [Validating migrated records](records-management.md#validating-migrated-records).
+ ## Subscription and licensing requirements A number of different subscriptions support records management and the licensing requirements for users depends on the features you use.
-To see the options for licensing your users to benefit from Microsoft Purview features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For records management, see the [Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-records-management) section and related PDF download for feature-level licensing requirements.
+To see the options for licensing your users to benefit from Microsoft Purview features, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance). For records management, see the [Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management--microsoft-purview-records-management) section for feature-level licensing requirements.
## Permissions
If you're using retention policies for baseline data governance, they typically
In comparison, retention labels have a UI presence in Microsoft 365 apps, so make sure you provide guidance for end users and your help desk before these labels are deployed to your production network. To help users apply retention labels in SharePoint and OneDrive, and information about unlocking records for editing, see [Apply retention labels to files in SharePoint or OneDrive](https://support.microsoft.com/office/apply-retention-labels-to-files-in-sharepoint-or-onedrive-11a6835b-ec9f-40db-8aca-6f5ef18132df).
-However, the most effective end-user documentation will be customized guidance and instructions you provide for the retention label names and configurations you choose. See the following page and downloads that you can use to help train your users: [End User Training for Retention Labels](https://microsoft.github.io/ComplianceCxE/enduser/retention/).
+However, the most effective end-user documentation will be customized guidance and instructions you provide for the retention label names and configurations you choose. See the following page and downloads that you can use to help train your users: [End User Training for Retention Labels](https://microsoft.github.io/ComplianceCxE/enduser/retention/).
compliance Get Started With Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-sensitivity-labels.md
All scenarios require you to [Create and configure sensitivity labels and their
|Extend labeling to File Explorer and PowerShell, with additional features for Office apps on Windows (if needed)|[Azure Information Protection unified labeling client for Windows](/azure/information-protection/rms-client/aip-clientv2)| |Encrypt documents and emails with sensitivity labels and restrict who can access that content and how it can be used |[Restrict access to content by using sensitivity labels to apply encryption](encryption-sensitivity-labels.md)| |Enable sensitivity labels for Office on the web, with support for coauthoring, eDiscovery, data loss prevention, searchΓÇöeven when documents are encrypted | [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md)
+|Files in SharePoint to be automatically labeled with a default sensitivity label | [Configure a default sensitivity label for a SharePoint document library](sensitivity-labels-sharepoint-default-label.md)
|Use co-authoring and AutoSave in Office desktop apps when documents are encrypted | [Enable co-authoring for files encrypted with sensitivity labels](sensitivity-labels-coauthoring.md) |Automatically apply sensitivity labels to documents and emails | [Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md)| |Use sensitivity labels to protect content in Teams and SharePoint |[Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](sensitivity-labels-teams-groups-sites.md)|
compliance Import Epic Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-epic-data.md
description: "Administrators can set up a data connector to import electronic he
# Set up a connector to import Epic EHR audit data (preview)
-You can set up a data connector in the Microsoft Purview compliance portal to import audit records for user activity in your organization's Epic Electronic Healthcare Records (EHR) system. Audit records from your Epic EHR system include records for events related to accessing a patient's health records. Epic EHR audit records can be used by the Microsoft 365 [insider risk management solution](insider-risk-management.md) to help protect your organization from unauthorized access to patient information.
+You can set up a data connector in the Microsoft Purview compliance portal to import audit records for user activity in your organization's Epic Electronic Healthcare Records (EHR) system. Audit records from your Epic EHR system include records for events related to accessing a patient's health records. Epic EHR audit records can be used by the Microsoft Purview [Insider Risk Management solution](insider-risk-management.md) to help protect your organization from unauthorized access to patient information.
Setting up an Epic connector consists of the following tasks:
The next step is to create an Epic connector in the compliance portal. After you
A status page is displayed that confirms the connector was created. This page contains two important things that you need to complete the next step to run the sample script to upload your Epic EHR audit records data.
- Review page with job ID and link to github for sample script
+ Review page with job ID and link to GitHub for sample script
1. **Job ID.** You'll need this job ID to run the script in the next step. You can copy it from this page or from the connector flyout page.
compliance Import Healthcare Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-healthcare-data.md
description: "Administrators can set up a data connector to import electronic he
# Set up a connector to import healthcare EHR audit data (preview)
-You can set up a data connector in the Microsoft Purview compliance portal to import auditing data for user activity in your organization's Electronic Healthcare Records (EHR) system. Auditing data from your healthcare EHR system include data for events related to accessing a patient's health records. Healthcare EHR auditing data can be used by the Microsoft 365 [insider risk management solution](insider-risk-management.md) to help protect your organization from unauthorized access to patient information.
+You can set up a data connector in the Microsoft Purview compliance portal to import auditing data for user activity in your organization's Electronic Healthcare Records (EHR) system. Auditing data from your healthcare EHR system include data for events related to accessing a patient's health records. Healthcare EHR auditing data can be used by the Microsoft Purview [Insider Risk Management solution](insider-risk-management.md) to help protect your organization from unauthorized access to patient information.
Setting up a Healthcare connector consists of the following tasks:
compliance Import Physical Badging Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-physical-badging-data.md
description: "Administrators can set up a data connector to import data from the
# Set up a connector to import physical badging data (preview)
-You can set up a data connector in the Microsoft Purview compliance portal to import physical badging data, such as employeeΓÇÖs raw physical access events or any physical access alarms generated by your organization's badging system. Examples of physical access points are an entry to a building or an entry to server room or data center. Physical badging data can be used by the Microsoft 365 [insider risk management solution](insider-risk-management.md) to help protect your organization from malicious activity or data theft inside your organization.
+You can set up a data connector in the Microsoft Purview compliance portal to import physical badging data, such as employeeΓÇÖs raw physical access events or any physical access alarms generated by your organization's badging system. Examples of physical access points are an entry to a building or an entry to server room or data center. Physical badging data can be used by the Microsoft Purview [Insider Risk Management solution](insider-risk-management.md) to help protect your organization from malicious activity or data theft inside your organization.
Setting up a physical badging connector consists of the following tasks:
compliance Information Protection Solution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-protection-solution.md
Use the information from knowing where your sensitive data resides to help you m
|Step|Description|More information| |:|--|:| | 1|Define your [sensitivity labels](sensitivity-labels.md) and policies that will protect your organization's data. <br /><br />In addition to identifying the sensitivity of content, these labels can apply protection actions, such as headers, footers, watermarks, and encryption. | [Get started with sensitivity labels](get-started-with-sensitivity-labels.md) <br /><br /> [Create and configure sensitivity labels and their policies](create-sensitivity-labels.md) <br /><br /> [Restrict access to content by using sensitivity labels to apply encryption](encryption-sensitivity-labels.md) |
-| 2|Label and protect items for Microsoft 365 apps and services. <br /><br />Sensitivity labels are supported for Microsoft 365 Word, Excel, PowerPoint, Outlook, and containers that include SharePoint and OneDrive sites, and Microsoft 365 groups. Use a combination of labeling methods such as manual labeling, automatic labeling, a default label, and mandatory labeling.| [Manage sensitivity labels in Office apps](sensitivity-labels-office-apps.md) <br /><br /> [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md) <br /><br /> [Enable co-authoring for files encrypted with sensitivity labels](sensitivity-labels-coauthoring.md) <br /><br /> [Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /><br /> [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](sensitivity-labels-teams-groups-sites.md) <br /><br /> [Use sensitivity labels to set the default sharing link for sites and documents in SharePoint and OneDrive](sensitivity-labels-default-sharing-link.md) <br /><br /> [Apply a sensitivity label to a model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model) <br /><br /> [Sensitivity labels in Power BI](/power-bi/admin/service-security-sensitivity-label-overview) |
+| 2|Label and protect items for Microsoft 365 apps and services. <br /><br />Sensitivity labels are supported for Microsoft 365 Word, Excel, PowerPoint, Outlook, and containers that include SharePoint and OneDrive sites, and Microsoft 365 groups. Use a combination of labeling methods such as manual labeling, automatic labeling, a default label, and mandatory labeling.| [Manage sensitivity labels in Office apps](sensitivity-labels-office-apps.md) <br /><br /> [Enable sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md) <br /><br /> [Enable co-authoring for files encrypted with sensitivity labels](sensitivity-labels-coauthoring.md) <br /><br /> [Configure a default sensitivity label for a SharePoint document library](sensitivity-labels-sharepoint-default-label.md) <br /><br /> [Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /><br /> [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](sensitivity-labels-teams-groups-sites.md) <br /><br /> [Use sensitivity labels to set the default sharing link for sites and documents in SharePoint and OneDrive](sensitivity-labels-default-sharing-link.md) <br /><br /> [Apply a sensitivity label to a model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model) <br /><br /> [Sensitivity labels in Power BI](/power-bi/admin/service-security-sensitivity-label-overview) |
|3|Discover, label, and protect sensitive items that reside in data stores in the cloud by using [Microsoft Defender for Cloud Apps](/cloud-app-security/what-is-cloud-app-security) with your sensitivity labels.| [Discover, classify, label, and protect regulated and sensitive data stored in the cloud](/cloud-app-security/best-practices#discover-classify-label-and-protect-regulated-and-sensitive-data-stored-in-the-cloud)| |4|Discover, label, and protect sensitive items that reside in data stores on premises by deploying the [Azure Information Protection unified labeling scanner](/azure/information-protection/deploy-aip-scanner) with your sensitivity labels.| [Configuring and installing the Azure Information Protection unified labeling scanner](/azure/information-protection/deploy-aip-scanner-configure-install)| |5|Extend your sensitivity labels to Azure by using [Microsoft Purview Data Map](/azure/purview/overview), to discover and label items for Azure Blob Storage, Azure files, Azure Data Lake Storage Gen1, and Azure Data Lake Storage Gen12. | [Labeling in Microsoft Purview Data Map](/azure/purview/create-sensitivity-label)|
compliance Insider Risk Management Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-configure.md
You'll choose from these role group options and solution actions when working wi
|View & export audit logs|Yes|No|No|No|Yes| > [!IMPORTANT]
-> Make sure you always have at least one user in the *Insider Risk Management* or *Insider Risk Management Admin* role groups (depending on the option you choose) so that your insider risk management configuration doesn't get in to a 'zero administrator' scenario if specific users leave your organization.
+> Make sure you always have at least one user in the built-in *Insider Risk Management* or *Insider Risk Management Admin* role groups (depending on the option you choose) so that your insider risk management configuration doesn't get into a 'zero administrator' scenario if specific users leave your organization.
Members of the following roles can assign users to insider risk management role groups and have the same solution permissions included with the *Insider Risk Management Admin* role group:
compliance Manage Data Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/manage-data-governance.md
Ready to start using some or all of these capabilities? See [Get started with re
## Licensing requirements
-To understand your licensing requirements and options, see the following sections from the [Microsoft 365 licensing documentation](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance):
-- [Microsoft Purview Data Lifecycle Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management)-- [Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-records-management)-
-Any additional licensing requirements will be included in the documentation instructions. For example, licensing specific to managing mailboxes might require licenses from Exchange Online.
+To understand your licensing requirements and options, see the information from the Microsoft 365 guidance for security & compliance, [Microsoft Purview Data Lifecycle Management & Microsoft Purview Records Management](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-data-lifecycle-management--microsoft-purview-records-management) section for feature-level licensing requirements.
compliance Office 365 Service Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/office-365-service-encryption.md
description: "Summary: Understand data resiliency in Microsoft Office 365."
In addition to using volume-level encryption, Exchange Online, Microsoft Teams, SharePoint Online, and OneDrive for Business also use Service Encryption to encrypt customer data. Service Encryption allows for two key management options: ## Microsoft-managed keys
-Microsoft manages all cryptographic keys including the root keys for service encryption. This option is currently enabled by default for Exchange Online, SharePoint Online, OneDrive for Business. Microsoft-managed keys provide default service encryption unless you decide to onboard using Customer Key. If, at a later date, you decide to stop using Customer Key without following the data purge path, then your data stays encrypted using the Microsoft-managed keys. Your data is always encrypted at this default level at a minimum.
+Microsoft manages all cryptographic keys including the root keys for service encryption. This option is currently enabled by default for Exchange Online, SharePoint Online, OneDrive for Business. Microsoft-managed keys provide default service encryption unless you decide to onboard using Customer Key. If, at a later date, you decide to stop using Customer Key without following the data purge path, then your data stays encrypted using the Microsoft-managed keys. Your data is always encrypted at this default level at a minimum.
## Customer Key You supply root keys used with service encryption and you manage these keys using Azure Key Vault. Microsoft manages all other keys. This option is called Customer Key, and it is currently available for Exchange Online, SharePoint Online, and OneDrive for Business. (Previously referred to as Advanced Encryption with BYOK. See [Enhancing transparency and control for Office 365 customers](https://www.microsoft.com/en-us/microsoft-365/blog/2015/04/21/enhancing-transparency-and-control-for-office-365-customers/) for the original announcement.)
compliance Records Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/records-management.md
Containers include SharePoint document libraries, OneDrive accounts, and Exchang
> > Because of the restrictions and irreversible actions, make sure you really do need to use regulatory records before you select this option for your retention labels. To help prevent accidental configuration, this option is not available by default but must first be enabled by using PowerShell. Instructions are included in [Declare records by using retention labels](declare-records.md).
+## Validating migrated records
+
+If you're migrating records to SharePoint or OneDrive, you might need to validate these records haven't been altered and retain their immutability status. For example, you're using a migration solution and need to meet the chain of custody requirements for your records. Typical file properties and methods often used for this type of validation, such as file size or file hash, might not be sufficient because SharePoint automatically updates the metadata for a file when it's uploaded.
+
+Instead, to validate your migrated records, you can use the value of the `vti_writevalidationtoken` property, which is a base64-encoded XOR hash of the file before it is modified by SharePoint. Use the following steps:
+
+1. Generate the XOR hash of the original file by using the QuickXorHash algorithm. For more information, see the [QuickXorHash Algorithm code snippet](/onedrive/developer/code-snippets/quickxorhash).
+
+2. Base64-encode the XOR hash. For more information, see the [Base64Encode method documentation](/windows/win32/seccrypto/utilities-base64encode).
+
+3. After the file is migrated, retrieve the value of the `vti_writevalidationtoken` property from the uploaded file.
+
+4. Compare the value generated in step 2 with the value retrieved in step 3. These two values should match. If they do, you've validated that the record hasn't changed.
++ ## Configuration guidance See [Get started with records management](get-started-with-records-management.md). This article has information about subscriptions, permissions, and links to end-to-end configuration guidance for records management scenarios.
compliance Retention Policies Sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-sharepoint.md
Only pages and sections are impacted by the retention settings that you specify.
Versioning is a feature of all document lists and libraries in SharePoint and OneDrive. By default, versioning retains a minimum of 500 major versions, although you can increase this limit. For more information, see [Enable and configure versioning for a list or library](https://support.office.com/article/1555d642-23ee-446a-990a-bcab618c7a37) and [How versioning works in lists and libraries](https://support.microsoft.com/office/how-versioning-works-in-lists-and-libraries-0f6cd105-974f-44a4-aadb-43ac5bdfd247).
-When a document with versions is subject to retention settings to retain that content, versions that get copied to the Preservation Hold library exist as a separate item. If the retention settings are configured to delete at the end of the retention period:
+When a document with versions is subject to retention settings to retain that content, how the versions are stored in the Preservation Hold library changed in July 2022 to improve performance. Now, all versions of the file are retained in a single file in the Preservation Hold library. Before the change, versions were copied to the Preservation Hold library as separate files, and after the change, remain as separate files.
+
+If the retention settings are configured to delete at the end of the retention period:
- If the retention period is based on when the content was created, each version has the same expiration date as the original document. The original document and its versions all expire at the same time. -- If the retention period is based on when the content was last modified, each version has its own expiration date based on when the original document was modified to create that version. The original document and its versions expire independently of each other.
+- If the retention period is based on when the content was last modified:
+ - **After the change where all versions of the file are retained in a single file in the Preservation Hold library**: Each version has the same expiration date as the last version of the document. The last version of the document and its versions all expire at the same time.
+ - **Before the change where versions were copied to the Preservation Hold library as separate files**: Each version has its own expiration date based on when the original document was modified to create that version. The original document and its versions expire independently of each other.
When the retention action is to delete the document, all versions not in the Preservation Hold library are deleted at the same time according to the current version.
compliance Retention Policies Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md
For other workloads, see:
## What's included for retention and deletion > [!NOTE]
-> Retention policies now support [shared channels](/MicrosoftTeams/shared-channels), currently in preview. Any shared channels inherit retention settings from the parent channel.
+> Retention policies support [shared channels](/MicrosoftTeams/shared-channels). Any shared channels inherit retention settings from the parent channel.
Teams chats messages, channel messages, and private channel messages can be deleted by using retention policies for Teams, and in addition to the text in the messages, the following items can be retained for compliance reasons: Embedded images, tables, hypertext links, links to other Teams messages and files, and [card content](/microsoftteams/platform/task-modules-and-cards/what-are-cards). Chat messages and private channel messages include all the names of the people in the conversation, and channel messages include the team name and the message title (if supplied).
compliance Retention Regulatory Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-regulatory-requirements.md
This report helps you understand how the system aspects of the New Zealand Publi
## SEC 17a-4(f), FINRA 4511(c), and CFTC 1.31(c)-(d)
-**Cohasset Assessment - Microsoft 365 - SEC Rule 17a-4(f) - Immutable Storage for SharePoint, OneDrive, Teams, Exchange, and Skype** - [Download assessment](https://servicetrust.microsoft.com/ViewPage/TrustDocuments?command=Download&downloadType=Document&downloadId=9fa8349d-a0c9-47d9-93ad-472aa0fa44ec&docTab=6d000410-c9e9-11e7-9a91-892aae8839ad_FAQ_and_White_Papers)
+**Cohasset Assessment - Microsoft 365 - SEC Rule 17a-4(f) - Immutable Storage for SharePoint, OneDrive, Exchange, Teams, and Yammer** - [Download assessment](https://servicetrust.microsoft.com/ViewPage/TrustDocuments?command=Download&downloadType=Document&downloadId=9fa8349d-a0c9-47d9-93ad-472aa0fa44ec&docTab=6d000410-c9e9-11e7-9a91-892aae8839ad_FAQ_and_White_Papers)
-Applicable workloads: SharePoint, OneDrive, Teams, Exchange, and Skype for Business
+Applicable workloads: SharePoint, OneDrive, Teams, Exchange, and Yammer
-Released November 2020, this report has been produced in partnership with Cohasset Associates, Inc. (Cohasset) to assess the capabilities of Microsoft 365 services for recording, storing, and managing requirements for electronic records, as specified by:
+Latest version released July 2022, this report has been produced in partnership with Cohasset Associates, Inc. (Cohasset) to assess the capabilities of Microsoft 365 services for recording, storing, and managing requirements for electronic records, as specified by:
- Securities and Exchange Commission (SEC) in 17 CFR § 240.17a-4(f), which regulates exchange members, brokers or dealers.
compliance Sensitive Information Type Entity Definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md
hideEdit: true feedback_system: None recommendations: false
-description: "There are many sensitive information types that are ready for you to use in your DLP policies. This article lists all of these sensitive information types and shows what a DLP policy looks for when it detects each type."
+description: "There are many sensitive information types that are ready for you to use in your DLP policies. This article is a list of all these sensitive information type entity definitions."
# Sensitive information type entity definitions
-This article lists all sensitive information type entity definitions. Each definition shows what a DLP policy looks for to detect each type. To learn more about sensitive information types, see [Sensitive information types](sensitive-information-type-learn-about.md)
+This article is a list of all sensitive information type (SIT) entity definitions. Each link takes you to the definition of that specific SIT and shows what a DLP policy looks for to detect each type. To learn more about sensitive information types, see [Sensitive information types](sensitive-information-type-learn-about.md)
> [!NOTE] > Mapping of confidence level (high/medium/low) with accuracy number (numeric value of 1 to 100)
This article lists all sensitive information type entity definitions. Each defin
> - Medium confidence: 75 > - High confidence: 85
-## ABA routing number
+- [ABA routing number](sit-defn-aba-routing.md)
+- [All full names](sit-defn-all-full-names.md)
+- [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md)
+- [All Physical Addresses](sit-defn-all-physical-addresses.md)
+- [Amazon S3 Client Secret Access Key (preview)](sit-defn-amazon-s3-client-secret-access-key.md)
+- [Argentina national identity (DNI) number](sit-defn-argentina-national-identity-numbers.md)
+- [Argentina Unique Tax Identification Key (CUIT/CUIL)](sit-defn-argentina-unique-tax-identification-key.md)
+- [ASP.NET machine Key (preview)](sit-defn-asp-net-machine-key.md)
+- [Australia bank account number](sit-defn-australia-bank-account-number.md)
+- [Australia business number](sit-defn-australia-business-number.md)
+- [Australia company number](sit-defn-australia-business-number.md)
+- [Australia drivers license number](sit-defn-australia-drivers-license-number.md)
+- [Australia medical account number](sit-defn-australia-medical-account-number.md)
+- [Australia passport number](sit-defn-australia-passport-number.md)
+- [Australia physical addresses](sit-defn-australia-physical-addresses.md)
+- [Australia tax file number](sit-defn-australia-tax-file-number.md)
+- [Austria drivers license number](sit-defn-austria-drivers-license-number.md)
+- [Austria identity card](sit-defn-austria-identity-card.md)
+- [Austria passport number](sit-defn-austria-passport-number.md)
+- [Austria physical addresses](sit-defn-austria-physical-addresses.md)
+- [Austria social security number](sit-defn-austria-social-security-number.md)
+- [Austria tax identification number](sit-defn-austria-tax-identification-number.md)
+- [Austria value added tax](sit-defn-austria-value-added-tax.md)
+- [Azure AD client access token (preview)](sit-defn-azure-ad-client-access-token.md)
+- [Azure AD client secret (preview)](sit-defn-azure-ad-client-secret.md)
+- [Azure AD User Credentials (preview)](sit-defn-azure-ad-user-credentials.md)
+- [Azure App Service deployment password (preview)](sit-defn-azure-app-service-deployment-password.md)
+- [Azure Batch shared access key (preview)](sit-defn-azure-batch-shared-access-key.md)
+- [Azure Bot Framework secret key (preview)](sit-defn-azure-bot-framework-secret-key.md)
+- [Azure Bot service app secret (preview)](sit-defn-azure-bot-service-app-secret.md)
+- [Azure Cognitive Search API key (preview)](sit-defn-azure-cognitive-search-api-key.md)
+- [Azure Cognitive Service key (preview)](sit-defn-azure-cognitive-service-key.md)
+- [Azure Container Registry access key (preview)](sit-defn-azure-container-registry-access-key.md)
+- [Azure COSMOS DB account access key (preview)](sit-defn-azure-cosmos-db-account-access-key.md)
+- [Azure Databricks personal access token (preview)](sit-defn-azure-databricks-personal-access-token.md)
+- [Azure DevOps app secret (preview)](sit-defn-azure-devops-app-secret.md)
+- [Azure DevOps personal access token (preview)](sit-defn-azure-devops-personal-access-token.md)
+- [Azure DocumentDB auth key](sit-defn-azure-document-db-auth-key.md)
+- [Azure EventGrid access key (preview)](sit-defn-azure-eventgrid-access-key.md)
+- [Azure Function Master / API key (preview)](sit-defn-azure-function-master-api-key.md)
+- [Azure IAAS database connection string and Azure SQL connection string](sit-defn-azure-iaas-database-connection-string-azure-sql-connection-string.md)
+- [Azure IoT connection string](sit-defn-azure-iot-connection-string.md)
+- [Azure IoT shared access key (preview)](sit-defn-azure-iot-shared-access-key.md)
+- [Azure Logic app shared access signature (preview)](sit-defn-azure-logic-app-shared-access-signature.md)
+- [Azure Machine Learning web service API key (preview)](sit-defn-azure-machine-learning-web-service-api-key.md)
+- [Azure Maps subscription key (preview)](sit-defn-azure-maps-subscription-key.md)
+- [Azure publish setting password](sit-defn-azure-publish-setting-password.md)
+- [Azure Redis cache connection string](sit-defn-azure-redis-cache-connection-string.md)
+- [Azure Redis cache connection string password (preview)](sit-defn-azure-redis-cache-connection-string-password.md)
+- [Azure SAS](sit-defn-azure-sas.md)
+- [Azure service bus connection string](sit-defn-azure-service-bus-connection-string.md)
+- [Azure service bus shared access signature (preview)](sit-defn-azure-service-bus-shared-access-signature.md)
+- [Azure Shared Access key / Web Hook token (preview)](sit-defn-azure-shared-access-key-web-hook-token.md)
+- [Azure SignalR access key (preview)](sit-defn-azure-signalr-access-key.md)
+- [Azure SQL connection string (preview)](sit-defn-azure-sql-connection-string.md)
+- [Azure storage account access key (preview)](sit-defn-azure-storage-account-access-key.md)
+- [Azure storage account key](sit-defn-azure-storage-account-key.md)
+- [Azure Storage account key (generic)](sit-defn-azure-storage-account-key-generic.md)
+- [Azure Storage account shared access signature (preview)](sit-defn-azure-storage-account-shared-access-signature.md)
+- [Azure Storage account shared access signature for high risk resources (preview)](sit-defn-azure-storage-account-shared-access-signature-high-risk-resources.md)
+- [Azure subscription management certificate (preview)](sit-defn-azure-subscription-management-certificate.md)
+- [Belgium driver's license number](sit-defn-belgium-drivers-license-number.md)
+- [Belgium national number](sit-defn-belgium-national-number.md)
+- [Belgium passport number](sit-defn-belgium-passport-number.md)
+- [Belgium physical addresses](sit-defn-belgium-physical-addresses.md)
+- [Belgium value added tax number](sit-defn-belgium-value-added-tax-number.md)
+- [Blood test terms](sit-defn-blood-test-terms.md)
+- [Brand medication names](sit-defn-brand-medication-names.md)
+- [Brazil CPF number](sit-defn-brazil-cpf-number.md)
+- [Brazil legal entity number (CNPJ)](sit-defn-brazil-legal-entity-number.md)
+- [Brazil national identification card (RG)](sit-defn-brazil-national-identification-card.md)
+- [Brazil physical addresses](sit-defn-brazil-physical-addresses.md)
+- [Bulgaria driver's license number](sit-defn-bulgaria-drivers-license-number.md)
+- [Bulgaria passport number](sit-defn-bulgaria-passport-number.md)
+- [Bulgaria physical addresses](sit-defn-bulgaria-physical-addresses.md)
+- [Bulgaria uniform civil number](sit-defn-bulgaria-uniform-civil-number.md)
+- [Canada bank account number](sit-defn-canada-bank-account-number.md)
+- [Canada driver's license number](sit-defn-canada-drivers-license-number.md)
+- [Canada health service number](sit-defn-canada-health-service-number.md)
+- [Canada passport number](sit-defn-canada-passport-number.md)
+- [Canada personal health identification number (PHIN)](sit-defn-canada-personal-health-identification-number.md)
+- [Canada physical addresses](sit-defn-canada-physical-addresses.md)
+- [Canada social insurance number](sit-defn-canada-social-insurance-number.md)
+- [Chile identity card number](sit-defn-chile-identity-card-number.md)
+- [China resident identity card (PRC) number](sit-defn-china-resident-identity-card-number.md)
+- [Client secret / API key (preview)](sit-defn-client-secret-api-key.md)
+- [Credentials in URL](sit-defn-credentials-in-url.md)
+- [Credit card number](sit-defn-credit-card-number.md)
+- [Croatia driver's license number](sit-defn-croatia-drivers-license-number.md)
+- [Croatia identity card number](sit-defn-croatia-identity-card-number.md)
+- [Croatia passport number](sit-defn-croatia-passport-number.md)
+- [Croatia personal identification (OIB) number](sit-defn-croatia-personal-identification-number.md)
+- [Croatia physical addresses](sit-defn-croatia-physical-addresses.md)
+- [Cyprus drivers license number](sit-defn-cyprus-drivers-license-number.md)
+- [Cyprus identity card](sit-defn-cyprus-identity-card.md)
+- [Cyprus passport number](sit-defn-cyprus-passport-number.md)
+- [Cyprus physical addresses](sit-defn-cyprus-physical-addresses.md)
+- [Cyprus tax identification number](sit-defn-cyprus-tax-identification-number.md)
+- [Czech driver's license number](sit-defn-czech-drivers-license-number.md)
+- [Czech passport number](sit-defn-czech-passport-number.md)
+- [Czech personal identity number](sit-defn-czech-personal-identity-number.md)
+- [Czech Republic physical addresses](sit-defn-czech-republic-physical-addresses.md)
+- [Denmark driver's license number](sit-defn-denmark-drivers-license-number.md)
+- [Denmark passport number](sit-defn-denmark-passport-number.md)
+- [Denmark personal identification number](sit-defn-denmark-personal-identification-number.md)
+- [Denmark physical addresses](sit-defn-denmark-physical-addresses.md)
+- [Diseases](sit-defn-diseases.md)
+- [Drug Enforcement Agency (DEA) number](sit-defn-drug-enforcement-agency-number.md)
+- [Estonia driver's license number](sit-defn-estonia-drivers-license-number.md)
+- [Estonia passport number](sit-defn-estonia-passport-number.md)
+- [Estonia Personal Identification Code](sit-defn-estonia-personal-identification-code.md)
+- [Estonia physical addresses](sit-defn-estonia-physical-addresses.md)
+- [EU debit card number](sit-defn-eu-debit-card-number.md)
+- [EU driver's license number](sit-defn-eu-drivers-license-number.md)
+- [EU national identification number](sit-defn-eu-national-identification-number.md)
+- [EU passport number](sit-defn-eu-passport-number.md)
+- [EU social security number or equivalent identification](sit-defn-eu-social-security-number-equivalent-identification.md)
+- [EU Tax identification number](sit-defn-eu-tax-identification-number.md)
+- [Finland driver's license number](sit-defn-finland-drivers-license-number.md)
+- [Finland european health insurance number](sit-defn-finland-european-health-insurance-number.md)
+- [Finland national ID](sit-defn-finland-national-id.md)
+- [Finland passport number](sit-defn-finland-passport-number.md)
+- [Finland physical addresses](sit-defn-finland-physical-addresses.md)
+- [France driver's license number](sit-defn-france-drivers-license-number.md)
+- [France health insurance number](sit-defn-france-health-insurance-number.md)
+- [France national id card (CNI)](sit-defn-france-national-id-card.md)
+- [France passport number](sit-defn-france-passport-number.md)
+- [France physical addresses](sit-defn-france-physical-addresses.md)
+- [France social security number (INSEE)](sit-defn-france-social-security-number.md)
+- [France tax identification number](sit-defn-france-tax-identification-number.md)
+- [France value added tax number](sit-defn-france-value-added-tax-number.md)
+- [General password (preview)](sit-defn-general-password.md)
+- [General Symmetric key (preview)](sit-defn-general-symmetric-key.md)
+- [Generic medication names](sit-defn-generic-medication-names.md)
+- [Germany driver's license number](sit-defn-germany-drivers-license-number.md)
+- [Germany identity card number](sit-defn-germany-identity-card-number.md)
+- [Germany passport number](sit-defn-germany-passport-number.md)
+- [Germany physical addresses](sit-defn-germany-physical-addresses.md)
+- [Germany tax identification number](sit-defn-germany-tax-identification-number.md)
+- [Germany value added tax number](sit-defn-germany-value-added-tax-number.md)
+- [GitHub Personal Access Token (preview)](sit-defn-github-personal-access-token.md)
+- [Google API key (preview)](sit-defn-google-api-key.md)
+- [Greece driver's license number](sit-defn-greece-drivers-license-number.md)
+- [Greece national ID card](sit-defn-greece-national-id-card.md)
+- [Greece passport number](sit-defn-greece-passport-number.md)
+- [Greece physical addresses](sit-defn-greece-physical-addresses.md)
+- [Greece Social Security Number (AMKA)](sit-defn-greece-social-security-number.md)
+- [Greece tax identification number](sit-defn-greece-tax-identification-number.md)
+- [Hong Kong identity card (HKID) number](sit-defn-hong-kong-identity-card-number.md)
+- [Http authorization header (preview)](sit-defn-http-authorization-header.md)
+- [Hungary driver's license number](sit-defn-hungary-drivers-license-number.md)
+- [Hungary passport number](sit-defn-hungary-passport-number.md)
+- [Hungary personal identification number](sit-defn-hungary-personal-identification-number.md)
+- [Hungary physical addresses](sit-defn-hungary-physical-addresses.md)
+- [Hungary social security number (TAJ)](sit-defn-hungary-social-security-number.md)
+- [Hungary tax identification number](sit-defn-hungary-tax-identification-number.md)
+- [Hungary value added tax number](sit-defn-hungary-value-added-tax-number.md)
+- [Iceland physical addresses](sit-defn-iceland-physical-addresses.md)
+- [Impairments Listed In The U.S. Disability Evaluation Under Social Security](sit-defn-impairments-us-disability-evaluation-under-social-security.md)
+- [India Driver's License Number](sit-defn-india-drivers-license-number.md)
+- [India GST Number](sit-defn-india-gst-number.md)
+- [India permanent account number (PAN)](sit-defn-india-permanent-account-number.md)
+- [India unique identification (Aadhaar) number](sit-defn-india-unique-identification-number.md)
+- [India Voter Id Card](sit-defn-india-voter-id-card.md)
+- [Indonesia identity card (KTP) number](sit-defn-indonesia-identity-card-number.md)
+- [International banking account number (IBAN)](sit-defn-international-banking-account-number.md)
+- [International classification of diseases (ICD-10-CM)](sit-defn-international-classification-of-diseases-icd-10-cm.md)
+- [International classification of diseases (ICD-9-CM)](sit-defn-international-classification-of-diseases-icd-9-cm.md)
+- [IP address](sit-defn-ip-address.md)
+- [IP Address v4](sit-defn-ip-address-v4.md)
+- [IP Address v6](sit-defn-ip-address-v6.md)
+- [Ireland driver's license number](sit-defn-ireland-drivers-license-number.md)
+- [Ireland passport number](sit-defn-ireland-passport-number.md)
+- [Ireland personal public service (PPS) number](sit-defn-ireland-personal-public-service-number.md)
+- [Ireland physical addresses](sit-defn-ireland-physical-addresses.md)
+- [Israel bank account number](sit-defn-israel-bank-account-number.md)
+- [Israel national identification number](sit-defn-israel-national-identification-number.md)
+- [Italy driver's license number](sit-defn-italy-drivers-license-number.md)
+- [Italy fiscal code](sit-defn-italy-fiscal-code.md)
+- [Italy passport number](sit-defn-italy-passport-number.md)
+- [Italy physical addresses](sit-defn-italy-physical-addresses.md)
+- [Italy value added tax number](sit-defn-italy-value-added-tax-number.md)
+- [Japan bank account number](sit-defn-japan-bank-account-number.md)
+- [Japan driver's license number](sit-defn-japan-drivers-license-number.md)
+- [Japan My Number - Corporate](sit-defn-japan-my-number-corporate.md)
+- [Japan My Number - Personal](sit-defn-japan-my-number-personal.md)
+- [Japan passport number](sit-defn-japan-passport-number.md)
+- [Japan residence card number](sit-defn-japan-residence-card-number.md)
+- [Japan resident registration number](sit-defn-japan-resident-registration-number.md)
+- [Japan social insurance number (SIN)](sit-defn-japan-social-insurance-number.md)
+- [Lab test terms](sit-defn-lab-test-terms.md)
+- [Latvia driver's license number](sit-defn-latvia-drivers-license-number.md)
+- [Latvia passport number](sit-defn-latvia-passport-number.md)
+- [Latvia personal code](sit-defn-latvia-personal-code.md)
+- [Latvia physical addresses](sit-defn-latvia-physical-addresses.md)
+- [Liechtenstein physical addresses](sit-defn-liechtenstein-physical-addresses.md)
+- [Lifestyles that relate to medical conditions](sit-defn-lifestyles-relate-to-medical-conditions.md)
+- [Lithuania driver's license number](sit-defn-lithuania-drivers-license-number.md)
+- [Lithuania passport number](sit-defn-lithuania-passport-number.md)
+- [Lithuania personal code](sit-defn-lithuania-personal-code.md)
+- [Lithuania physical addresses](sit-defn-lithuania-physical-addresses.md)
+- [Luxemburg driver's license number](sit-defn-luxemburg-drivers-license-number.md)
+- [Luxemburg national identification number (natural persons)](sit-defn-luxemburg-national-identification-number-natural-persons.md)
+- [Luxemburg national identification number (non-natural persons)](sit-defn-luxemburg-national-identification-number-non-natural-persons.md)
+- [Luxemburg passport number](sit-defn-luxemburg-passport-number.md)
+- [Luxemburg physical addresses](sit-defn-luxemburg-physical-addresses.md)
+- [Malaysia identification card number](sit-defn-malaysia-identification-card-number.md)
+- [Malta driver's license number](sit-defn-malta-drivers-license-number.md)
+- [Malta identity card number](sit-defn-malta-identity-card-number.md)
+- [Malta passport number](sit-defn-malta-passport-number.md)
+- [Malta physical addresses](sit-defn-malta-physical-addresses.md)
+- [Malta tax identification number](sit-defn-malta-tax-identification-number.md)
+- [Medical specialities](sit-defn-medical-specialities.md)
+- [Medicare Beneficiary Identifier (MBI) card](sit-defn-medicare-beneficiary-Identifier-card.md)
+- [Mexico Unique Population Registry Code (CURP)](sit-defn-mexico-unique-population-registry-code.md)
+- [Microsoft Bing maps key (preview)](sit-defn-microsoft-bing-maps-key.md)
+- [Netherlands citizen's service (BSN) number](sit-defn-netherlands-citizens-service-number.md)
+- [Netherlands driver's license number](sit-defn-netherlands-drivers-license-number.md)
+- [Netherlands passport number](sit-defn-netherlands-passport-number.md)
+- [Netherlands physical addresses](sit-defn-netherlands-physical-addresses.md)
+- [Netherlands tax identification number](sit-defn-netherlands-tax-identification-number.md)
+- [Netherlands value added tax number](sit-defn-netherlands-value-added-tax-number.md)
+- [New Zealand bank account number](sit-defn-new-zealand-bank-account-number.md)
+- [New Zealand driver's license number](sit-defn-new-zealand-drivers-license-number.md)
+- [New Zealand inland revenue number](sit-defn-new-zealand-inland-revenue-number.md)
+- [New Zealand ministry of health number](sit-defn-new-zealand-ministry-of-health-number.md)
+- [New Zealand physical addresses](sit-defn-new-zealand-physical-addresses.md)
+- [New Zealand social welfare number](sit-defn-new-zealand-social-welfare-number.md)
+- [Norway identification number](sit-defn-norway-identification-number.md)
+- [Norway physical addresses](sit-defn-norway-physical-addresses.md)
+- [Philippines unified multi-purpose identification number](sit-defn-philippines-unified-multi-purpose-identification-number.md)
+- [Poland driver's license number](sit-defn-poland-drivers-license-number.md)
+- [Poland identity card](sit-defn-poland-identity-card.md)
+- [Poland national ID (PESEL)](sit-defn-poland-national-id.md)
+- [Poland passport number](sit-defn-poland-passport-number.md)
+- [Poland physical addresses](sit-defn-poland-physical-addresses.md)
+- [Poland REGON number](sit-defn-poland-regon-number.md)
+- [Poland tax identification number](sit-defn-poland-tax-identification-number.md)
+- [Portugal citizen card number](sit-defn-portugal-citizen-card-number.md)
+- [Portugal driver's license number](sit-defn-portugal-drivers-license-number.md)
+- [Portugal passport number](sit-defn-portugal-passport-number.md)
+- [Portugal physical addresses](sit-defn-portugal-physical-addresses.md)
+- [Portugal tax identification number](sit-defn-portugal-tax-identification-number.md)
+- [Romania driver's license number](sit-defn-romania-drivers-license-number.md)
+- [Romania passport number](sit-defn-romania-passport-number.md)
+- [Romania personal numeric code (CNP)](sit-defn-romania-personal-numeric-code.md)
+- [Romania physical addresses](sit-defn-romania-physical-addresses.md)
+- [Russia passport number domestic](sit-defn-russia-passport-number-domestic.md)
+- [Russia passport number international](sit-defn-russia-passport-number-international.md)
+- [Saudi Arabia National ID](sit-defn-saudi-arabia-national-id.md)
+- [Singapore national registration identity card (NRIC) number](sit-defn-singapore-national-registration-identity-card-number.md)
+- [Slack access token (preview)](sit-defn-slack-access-token.md)
+- [Slovakia driver's license number](sit-defn-slovakia-drivers-license-number.md)
+- [Slovakia passport number](sit-defn-slovakia-passport-number.md)
+- [Slovakia personal number](sit-defn-slovakia-personal-number.md)
+- [Slovakia physical addresses](sit-defn-slovakia-physical-addresses.md)
+- [Slovenia driver's license number](sit-defn-slovenia-drivers-license-number.md)
+- [Slovenia passport number](sit-defn-slovenia-passport-number.md)
+- [Slovenia physical addresses](sit-defn-slovenia-physical-addresses.md)
+- [Slovenia tax identification number](sit-defn-slovenia-tax-identification-number.md)
+- [Slovenia Unique Master Citizen Number](sit-defn-slovenia-unique-master-citizen-number.md)
+- [South Africa identification number](sit-defn-south-africa-identification-number.md)
+- [South Korea resident registration number](sit-defn-south-korea-resident-registration-number.md)
+- [Spain DNI](sit-defn-spain-dni.md)
+- [Spain driver's license number](sit-defn-spain-drivers-license-number.md)
+- [Spain passport number](sit-defn-spain-passport-number.md)
+- [Spain physical addresses](sit-defn-spain-physical-addresses.md)
+- [Spain social security number (SSN)](sit-defn-spain-social-security-number.md)
+- [Spain tax identification number](sit-defn-spain-tax-identification-number.md)
+- [SQL Server connection string](sit-defn-sql-server-connection-string.md)
+- [Surgical procedures](sit-defn-surgical-procedures.md)
+- [Sweden driver's license number](sit-defn-sweden-drivers-license-number.md)
+- [Sweden national ID](sit-defn-sweden-national-id.md)
+- [Sweden passport number](sit-defn-sweden-passport-number.md)
+- [Sweden physical addresses](sit-defn-sweden-physical-addresses.md)
+- [Sweden tax identification number](sit-defn-sweden-tax-identification-number.md)
+- [SWIFT code](sit-defn-swift-code.md)
+- [Switzerland physical addresses](sit-defn-switzerland-physical-addresses.md)
+- [Switzerland SSN AHV number](sit-defn-switzerland-ssn-ahv-number.md)
+- [Taiwan national identification number](sit-defn-taiwan-national-identification-number.md)
+- [Taiwan passport number](sit-defn-taiwan-passport-number.md)
+- [Taiwan-resident certificate (ARC/TARC) number](sit-defn-taiwan-resident-certificate-number.md)
+- [Thai population identification code](sit-defn-thai-population-identification-code.md)
+- [Turkey national identification number](sit-defn-turkey-national-identification-number.md)
+- [Turkey physical addresses](sit-defn-turkey-physical-addresses.md)
+- [Types of medication](sit-defn-types-of-medication.md)
+- [U.K. driver's license number](sit-defn-uk-drivers-license-number.md)
+- [U.K. electoral roll number](sit-defn-uk-electoral-roll-number.md)
+- [U.K. national health service number](sit-defn-uk-national-health-service-number.md)
+- [U.K. national insurance number (NINO)](sit-defn-uk-national-insurance-number.md)
+- [U.K. physical addresses](sit-defn-uk-physical-addresses.md)
+- [U.K. Unique Taxpayer Reference Number](sit-defn-uk-unique-taxpayer-reference-number.md)
+- [U.S. bank account number](sit-defn-us-bank-account-number.md)
+- [U.S. driver's license number](sit-defn-us-drivers-license-number.md)
+- [U.S. individual taxpayer identification number (ITIN)](sit-defn-us-individual-taxpayer-identification-number.md)
+- [U.S. physical addresses](sit-defn-us-physical-addresses.md)
+- [U.S. social security number (SSN)](sit-defn-us-social-security-number.md)
+- [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)
+- [Ukraine passport domestic](sit-defn-ukraine-passport-domestic.md)
+- [Ukraine passport international](sit-defn-ukraine-passport-international.md)
+- [User login credentials (preview)](sit-defn-user-login-credentials.md)
+- [X.509 certificate private key (preview)](sit-defn-x-509-certificate-private-key.md)
-### Format
-
-nine digits that may be in a formatted or unformatted pattern
-
-### Pattern
--- two digits in the ranges 00-12, 21-32, 61-72, or 80-- two digits-- an optional hyphen-- four digits-- an optional hyphen-- a digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_aba_routing finds content that matches the pattern.-- A keyword from Keyword_ABA_Routing is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_aba_routing finds content that matches the pattern.-
-```xml
- <!-- ABA Routing Number -->
- <Entity id="cb353f78-2b72-4c3c-8827-92ebe4f69fdf" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_aba_routing" />
- <Match idRef="Keyword_ABA_Routing" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_aba_routing" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_aba_routing
--- aba number-- aba#-- aba-- abarouting#-- abaroutingnumber-- americanbankassociationrouting#-- americanbankassociationroutingnumber-- bankrouting#-- bankroutingnumber-- routing #-- routing no-- routing number-- routing transit number-- routing#-- RTN-
-## All full names
-
-All full names is a bundled named entity. It detects full names for people from all supported countries/regions, which include Australia, China, Japan, U.S., and countries in the EU. Use this SIT to detect all possible matches of full names.
-
-### Format
-
-Various.
-
-### Pattern
-
-Various.
-
-### Checksum
-
-No.
-
-### Description
-
-This named entity SIT matches personal names that a human would identify as a name with high confidence. For example, if a string is found consisting of a given name and is followed by a family name then a match is made with high confidence. It uses three primary resources:
--- A dictionary of given names.-- A dictionary of family names.-- Patterns of how names are formed.-
-The three resources are different for each country. The strings *Olivia Wilson* would trigger a match. Common given/family names are given a higher confidence than rarer names. However, the pattern also allows partial matches. If a given name from the dictionary is found and it's followed by a family name that isn't in the dictionary, then a partial match is triggered. For example, *Tomas Richard* would trigger a partial match. Partial matches are given lower confidence.
-
-In addition, patterns that a human would see as indicative of names are also matched with appropriate confidence. Like *O. Wilson*, *O.P. Wilson*, *Dr. O. P. Wilson*, *Wilson, O.P.* or *T. Richard, Jr.* would be matches.
-
-### Supported languages
--- English-- Bulgarian-- Croatian-- Czech-- Danish-- Estonian-- Finnish-- French-- German-- Hungarian-- Icelandic-- Irish-- Italian-- Japanese-- Latvian-- Lithuanian-- Maltese-- Dutch-- Norwegian-- Polish-- Portuguese-- Romanian-- Slovak-- Slovenian-- Spanish-- Swedish-- Turkish-
-## All medical terms and conditions
-
-All medical terms and conditions is a bundled named entity that detects medical terms and medical conditions. It detects English terms only. Use this SIT to detect all possible matches of medical terms and conditions.
-
-### Format
-
-Dictionary
-
-### Pattern
-
-Dictionary
-
-### Checksum
-
-No
-
-### Description
-
-This bundled named entity matches text that mentions medical conditions that are present in curated dictionaries. There's one curated dictionary per supported language. The dictionaries are from many international medical resources. The dictionaries include as many medical conditions as possible without risking a large number of false positives. Each entry contains the different forms that a single condition is commonly written in to ensure coverage, for example:
--- *TB*-- *tuberculosis*-- *phthisis pulmonalis*-
-### Contains
-
-This bundled named entity SIT contains these individual SITs.
--- Blood test terms-- Types of medication-- Diseases-- Generic medication names-- Impairments listed in the U.S. Disability Evaluation Under Social Security-- Lab test terms-- Lifestyles that relate to medical conditions-- Medical specialties-- Surgical procedures-- Brand medication names-
-## All Physical Addresses
-
-All physical addresses is a bundled entity SIT, which detects patterns related to physical addresses from all supported countries/regions.
-
-### Format
-
-Various
-
-### Pattern
-
-Various
-
-### Checksum
-
-No
-
-### Description
-
-The matching of street addresses is designed to match strings that a human would identify as a street address. To do this, it uses several primary resources:
--- A dictionary of settlements, counties and regions.-- A dictionary of street suffixes, like Road, Street, or Avenue.-- Patterns of postal codes.-- Patterns of address formats.-
-The resources are different for each country. The primary resources are the patterns of address formats that are used in a given country. Different formats are chosen to make sure that as many addresses as possible are matched. These formats allow flexibility, for example, an address may omit the postal code or omit a town name or have a street with no street suffix. In all cases, such matches are used to increase the confidence of the match.
-
-The patterns are designed to match individual single addresses, not generic locations. So strings such as *Redmond, WA 98052* or *Main Street, Albuquerque* won't be matched.
-
-### Contains
-
-This bundled named entity SIT contains these individual SITs:
--- Australia physical addresses-- Austria physical addresses-- Belgium physical addresses-- Brazil physical addresses-- Bulgaria physical addresses-- Canada physical addresses-- Croatia physical addresses-- Cyprus physical addresses-- Czech Republic physical addresses-- Denmark physical addresses-- Estonia physical addresses-- Finland physical addresses-- France physical addresses-- Germany physical addresses-- Greece physical addresses-- Hungary physical addresses-- Iceland physical addresses-- Ireland physical addresses-- Italy physical addresses-- Latvia physical addresses-- Liechtenstein physical addresses-- Lithuania physical addresses-- Luxembourg physical addresses-- Malta physical addresses-- Netherlands physical addresses-- New Zealand physical addresses-- Norway physical addresses-- Poland physical addresses-- Portugal physical addresses-- Romania physical addresses-- Slovakia physical addresses-- Slovenia physical addresses-- Spain physical addresses-- Sweden physical addresses-- Switzerland physical addresses-- Turkey physical addresses-- United Kingdom physical addresses-- United States physical addresses-
-### Supported languages
--- English-- Bulgarian-- Chinese-- Croatian-- Czech-- Danish-- Estonian-- Finnish-- French-- German-- Hungarian-- Icelandic-- Irish-- Italian-- Japanese-- Latvian-- Lithuanian-- Maltese-- Dutch-- Norwegian-- Polish-- Portuguese-- Romanian-- Slovak-- Slovenian-- Spanish-- Swedish-- Turkish-
-## Argentina national identity (DNI) number
-
-### Format
-
-Eight digits with or without periods
-
-### Pattern
-
-Eight digits:
--- two digits-- an optional period-- three digits-- an optional period-- three digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_argentina_national_id finds content that matches the pattern.-- A keyword from Keyword_argentina_national_id is found.-
-```xml
-<!-- Argentina National Identity (DNI) Number -->
-<Entity id="eefbb00e-8282-433c-8620-8f1da3bffdb2" recommendedConfidence="75" patternsProximity="300">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_argentina_national_id"/>
- <Match idRef="Keyword_argentina_national_id"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_argentina_national_id
--- Argentina National Identity number-- cedula-- cédula-- dni-- documento nacional de identidad-- documento número-- documento numero-- registro nacional de las personas-- rnp-
-## Argentina Unique Tax Identification Key (CUIT/CUIL)
-
-### Format
-
-11 digits with dash
-
-### Pattern
-
-11 digits with a dash:
--- two digits in 20, 23, 24, 27, 30, 33 or 34-- a hyphen (-)-- eight digits-- a hyphen (-)-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_Argentina_Unique_Tax_Key` finds content that matches the pattern.-- A keyword from `Keyword_Argentina_Unique_Tax_Key` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_Argentina_Unique_Tax_Key` finds content that matches the pattern.-
-```xml
- <!-- Argentina Unique Tax Identification Key (CUIT/CUIL) -->
- <Entity id="98da3da1-9199-4571-b7c4-b6522980b507" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_Argentina_Unique_Tax_Key" />
- <Match idRef="Keyword_Argentina_Unique_Tax_Key" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_Argentina_Unique_Tax_Key" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_Argentina_Unique_Tax_Key
--- Clave Unica de Identificacion Tributaria-- CUIT-- unique code of labour identification-- Clave Única de Identificación Tributaria-- unique labour identification code-- CUIL-- Unique Tax Identification Key-- Unique Labour Identification Key-- Unique Key of Labour Identification-- Unique Work Identification Code-- Unique Code of Work Identification-- Unique Work Identification Key-- Unique Key of Work Identification-- Unique Code of Tax Identification-- Unique Key of Tax Identification-- Unique Labor Identification Code-- Unique Code of Labor Identification-- Unique Labor Identification Key-- Unique Key of Labor Identification-- tax ID-- taxID#-- taxId-- taxidnumber-- tax number-- tax no-- tax #-- tax#-- taxpayer ID-- taxpayer number-- taxpayer no-- taxpayer #-- taxpayer#-- tax identity-- tax identification-- Número de Identificación Fiscal-- número de contribuyente-
-## Australia bank account number
-
-### Format
-
-six to 10 digits with or without a bank state branch number
-
-### Pattern
-
-Account number is 6 to 10 digits.
-
-Australia bank state branch number:
--- three digits-- a hyphen-- three digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_australia_bank_account_number finds content that matches the pattern.-- A keyword from Keyword_australia_bank_account_number is found.-- The regular expression Regex_australia_bank_account_number_bsb finds content that matches the pattern.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_australia_bank_account_number finds content that matches the pattern.--- A keyword from Keyword_australia_bank_account_number is found.-
-```xml
-<!-- Australia Bank Account Number -->
-<Entity id="74a54de9-2a30-4aa0-a8aa-3d9327fc07c7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_australia_bank_account_number" />
- <Match idRef="Keyword_australia_bank_account_number" />
- <Match idRef="Regex_australia_bank_account_number_bsb" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_australia_bank_account_number" />
- <Match idRef="Keyword_australia_bank_account_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_australia_bank_account_number
--- swift bank code-- correspondent bank-- base currency-- usa account-- holder address-- bank address-- information account-- fund transfers-- bank charges-- bank details-- banking information-- full names-- iaea-
-## Australia business number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits with optional delimiters
-
-### Pattern
-
-11 digits with optional delimiters:
--- two digits-- an optional hyphen or space-- three digits-- an optional hyphen or space-- three digits-- an optional hyphen or space-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_australian_business_number finds content that matches the pattern.-- A keyword from Keywords_australian_business_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_australian_business_number finds content that matches the pattern.-
-```xml
- <!-- Australia Business Number -->
- <Entity id="76e83b3b-01ee-4530-aced-e667a6609f49" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_australian_business_number" />
- <Match idRef="Keywords_australian_business_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_australian_business_number" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_australia_business_number
--- australia business no-- business number-- abn#-- businessid#-- business id-- abn-- businessno#-
-## Australia company number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-nine digits with delimiters
-
-### Pattern
-
-nine digits with delimiters:
--- three digits-- a space-- three digits-- a space-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Australian_Company_Number finds content that matches the pattern.-- A keyword from Keyword_Australian_Company_Number is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Australian_Company_Number finds content that matches the pattern.-
-```xml
- <!-- Australia Company Number -->
- <Entity id="b1fba4f7-7b3e-4bb9-8f9a-9366df604dbb" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_Australian_Company_Number" />
- <Match idRef="Keyword_Australian_Company_Number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_Australian_Company_Number" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_australia_company_number
--- acn-- australia company no-- australia company no#-- australia company number-- australian company no-- australian company no#-- australian company number-
-## Australia driver's license number
-
-### Format
-
-nine letters and digits
-
-### Pattern
-
-nine letters and digits:
--- two digits or letters (not case-sensitive)-- two digits-- five digits or letters (not case-sensitive)-
-OR
--- one to two optional letters (not case-sensitive)-- four to nine digits-
-OR
--- nine digits or letters (not case-sensitive)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_australia_drivers_license_number finds content that matches the pattern.-- A keyword from Keyword_australia_drivers_license_number is found.-- No keyword from Keyword_australia_drivers_license_number_exclusions is found.-
-```xml
-<!-- Australia Drivers License Number -->
-<Entity id="1cbbc8f5-9216-4392-9eb5-5ac2298d1356" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_australia_drivers_license_number" />
- <Match idRef="Keyword_australia_drivers_license_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keyword_australia_drivers_license_number_exclusions" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_australia_drivers_license_number
--- international driving permits-- australian automobile association-- international driving permit-- DriverLicence-- DriverLicences-- Driver Lic-- Driver Licence-- Driver Licences-- DriversLic-- DriversLicence-- DriversLicences-- Drivers Lic-- Drivers Lics-- Drivers Licence-- Drivers Licences-- Driver'Lic-- Driver'Lics-- Driver'Licence-- Driver'Licences-- Driver' Lic-- Driver' Lics-- Driver' Licence-- Driver' Licences-- Driver'sLic-- Driver'sLics-- Driver'sLicence-- Driver'sLicences-- Driver's Lic-- Driver's Lics-- Driver's Licence-- Driver's Licences-- DriverLic#-- DriverLics#-- DriverLicence#-- DriverLicences#-- Driver Lic#-- Driver Lics#-- Driver Licence#-- Driver Licences#-- DriversLic#-- DriversLics#-- DriversLicence#-- DriversLicences#-- Drivers Lic#-- Drivers Lics#-- Drivers Licence#-- Drivers Licences#-- Driver'Lic#-- Driver'Lics#-- Driver'Licence#-- Driver'Licences#-- Driver' Lic#-- Driver' Lics#-- Driver' Licence#-- Driver' Licences#-- Driver'sLic#-- Driver'sLics#-- Driver'sLicence#-- Driver'sLicences#-- Driver's Lic#-- Driver's Lics#-- Driver's Licence#-- Driver's Licences#-
-#### Keyword_australia_drivers_license_number_exclusions
--- aaa-- DriverLicense-- DriverLicenses-- Driver License-- Driver Licenses-- DriversLicense-- DriversLicenses-- Drivers License-- Drivers Licenses-- Driver'License-- Driver'Licenses-- Driver' License-- Driver' Licenses-- Driver'sLicense-- Driver'sLicenses-- Driver's License-- Driver's Licenses-- DriverLicense#-- DriverLicenses#-- Driver License#-- Driver Licenses#-- DriversLicense#-- DriversLicenses#-- Drivers License#-- Drivers Licenses#-- Driver'License#-- Driver'Licenses#-- Driver' License#-- Driver' Licenses#-- Driver'sLicense#-- Driver'sLicenses#-- Driver's License#-- Driver's Licenses#-
-## Australia medical account number
-
-### Format
-
-10-11 digits
-
-### Pattern
-
-10-11 digits:
--- First digit is in the range 2-6-- Ninth digit is a check digit-- Tenth digit is the issue digit-- 11th digit (optional) is the individual number-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_australian_medical_account_number finds content that matches the pattern.-- A keyword from Keyword_Australia_Medical_Account_Number is found.-- The checksum passes.-
-```xml
- <!-- Australia Medical Account Number -->
-<Entity id="104a99a0-3d3b-4542-a40d-ab0b9e1efe63" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_australian_medical_account_number"/>
- <Match idRef="Keyword_Australia_Medical_Account_Number"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_Australia_Medical_Account_Number
--- bank account details-- medicare payments-- mortgage account-- bank payments-- information branch-- credit card loan-- department of human services-- local service-- medicare-
-## Australia passport number
-
-### Format
-
-eight or nine alphanumeric characters
-
-### Pattern
--- one letter (N, E, D, F, A, C, U, X) followed by seven digits
-or
-- Two letters (PA, PB, PC, PD, PE, PF, PU, PW, PX, PZ) followed by seven digits.-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_australia_passport_number` finds content that matches the pattern.-- A keyword from `Keyword_australia_passport_number` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_australia_passport_number` finds content that matches the pattern.-
-```xml
- <!-- Australia Passport Number -->
- <Entity id="29869db6-602d-4853-ab93-3484f905df50" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_australia_passport_number" />
- <Match idRef="Keyword_australia_passport_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_australia_passport_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_australia_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-- passport details-- immigration and citizenship-- commonwealth of australia-- department of immigration-- national identity card-- travel document-- issuing authority-
-## Australia physical addresses
-
-Unbundled named entity, detects patterns related to physical address from Australia. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-medium
-
-## Australia tax file number
-
-### Format
-
-eight to nine digits
-
-### Pattern
-
-eight to nine digits typically presented with spaces as follows:
--- three digits-- an optional space-- three digits-- an optional space-- two to three digits where the last digit is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_australian_tax_file_number finds content that matches the pattern.-- No keyword from Keyword_Australia_Tax_File_Number or Keyword_number_exclusions is found.-- The checksum passes.-
-```xml
- <!-- Australia Tax File Number -->
- <Entity id="e29bc95f-ff70-4a37-aa01-04d17360a4c5" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_australian_tax_file_number" />
- <Match idRef="Keyword_Australia_Tax_File_Number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_australia_tax_file_number
--- australian business number-- marginal tax rate-- medicare levy-- portfolio number-- service veterans-- withholding tax-- individual tax return-- tax file number-- tfn-
-## Austria driver's license number
-
-### Format
-
-eight digits without spaces and delimiters
-
-### Pattern
-
-eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_austria_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_austria_eu_driver's_license_number` is found.-
-```xml
- <!-- Austria Driver's License Number -->
- <Entity id="682f18ce-44eb-482b-8198-2bcb96a0761e" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_austria_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_austria_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_austria_eu_driver's_license_number
--- fuhrerschein-- f├╝hrerschein-- F├╝hrerscheine-- F├╝hrerscheinnummer-- F├╝hrerscheinnummern-
-## Austria identity card
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-A 24-character combination of letters, digits, and special characters
-
-### Pattern
-
-24 characters:
--- 22 letters (not case-sensitive), digits, backslashes, forward slashes, or plus signs--- two letters (not case-sensitive), digits, backslashes, forward slashes, plus signs, or equal signs-
-### Checksum
-
-Not applicable
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_austria_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_austria_eu_national_id_card` is found.-
-```xml
- <!-- Austria Identity Card -->
- <Entity id="5ec06c3b-007e-4820-8343-7ff73b889735" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_austria_eu_national_id_card" />
- <Match idRef="Keywords_austria_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_austria_eu_national_id_card
--- identity number-- national id-- personalausweis republik ├╢sterreich-
-## Austria passport number
-
-### Format
-
-One letter followed by an optional space and seven digits
-
-### Pattern
-
-A combination of one letter, seven digits, and one space:
--- one letter (not case-sensitive)-- one space (optional)-- seven digits-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.-
-```xml
- <!-- Austria Passport Number -->
- <Entity id="1c96ae4e-303b-447d-86c7-77113ac266bf" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_austria_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_austria_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_austria_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_austria_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_austria_eu_passport_number
--- reisepassnummer-- reisepasse-- No-Reisepass-- Nr-Reisepass-- Reisepass-Nr-- Passnummer-- reisepässe-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Austria physical addresses
-
-This unbundled named entity detects patterns related to physical address from Austria. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Austria social security number
-
-### Format
-
-10 digits in the specified format
-
-### Pattern
-
-10 digits:
--- three digits that correspond to a serial number-- one check digit-- six digits that correspond to the birth date (DDMMYY)-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.-- a keyword from `Keywords_austria_eu_ssn_or_equivalent` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.-
-```xml
- <!-- Austria Social Security Number -->
- <Entity id="6896a906-86c9-4d19-a2da-6e43ccd19b7b" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_austria_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_austria_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_austria_eu_ssn_or_equivalent" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_austria_eu_telephone_number" />
- <Match idRef="Keywords_austria_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_austria_eu_ssn_or_equivalent
--- austrian ssn-- ehic number-- ehic no-- insurance code-- insurancecode#-- insurance number-- insurance no-- krankenkassennummer-- krankenversicherung-- socialsecurityno-- socialsecurityno#-- social security no-- social security number-- social security code-- sozialversicherungsnummer-- sozialversicherungsnummer#-- soziale sicherheit kein-- sozialesicherheitkein#-- ssn#-- ssn-- versicherungscode-- versicherungsnummer-- zdravstveno zavarovanje-
-## Austria tax identification number
-
-### Format
-
-nine digits with optional hyphen and forward slash
-
-### Pattern
-
-nine digits with optional hyphen and forward slash:
--- two digits-- a hyphen (optional)-- three digits-- a forward slash (optional)-- four digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_austria_eu_tax_file_number` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Austria Tax Identification Number -->
- <Entity id="4fd58d22-af28-4451-b18a-6f722430a56d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_austria_eu_tax_file_number" />
- <Match idRef="Keywords_austria_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_austria_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_austria_eu_tax_file_number
--- ├╢sterreich-- st.nr.-- steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- tax number-
-## Austria value added tax
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11-character alphanumeric pattern
-
-### Pattern
-
-11-character alphanumeric pattern:
--- A or a-- T or t-- Optional space-- U or u-- optional space-- two or three digits-- optional space-- four digits-- optional space-- one or two digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Austria_Value_Added_Tax finds content that matches the pattern.-- A keyword from Keyword_Austria_Value_Added_Tax is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Austria_Value_Added_Tax finds content that matches the pattern.-
-```xml
- <!-- Austria Value Added Tax -->
- <Entity id="b6a3eda2-c56c-4b69-a5f7-dca34db00f48" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_Austria_Value_Added_Tax" />
- <Match idRef="Keyword_Austria_Value_Added_Tax" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_Austria_Value_Added_Tax" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_austria_value_added_tax
--- vat number-- vat#-- austrian vat number-- vat no.-- vatno#-- value added tax number-- austrian vat-- mwst-- umsatzsteuernummer-- mwstnummer-- ust.-identifikationsnummer-- umsatzsteuer-identifikationsnummer-- vat identification number-- atu number-- uid number-
-## Azure DocumentDB auth key
-
-### Format
-
-The string "DocumentDb" followed by the characters and strings outlined in the pattern below.
-
-### Pattern
--- The string "DocumentDb"-- Any combination of between 3-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- A greater than symbol (>), an equal sign (=), a quotation mark ("), or an apostrophe (')-- Any combination of 86 lower- or uppercase letters, digits, forward slash (/), or plus sign (+)-- Two equal signs (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureDocumentDBAuthKey finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!-- Azure Document DB Auth Key -->
-<Entity id="0f587d92-eb28-44a9-bd1c-90f2892b47aa" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureDocumentDBAuthKey" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_CommonExampleKeywords
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure IAAS database connection string and Azure SQL connection string
-
-### Format
-
-The string "Server", "server", or "data source" followed by the characters and strings outlined in the pattern below, including the string "cloudapp.azure.<!--no-hyperlink-->com" or "cloudapp.azure.<!--no-hyperlink-->net" or "database.windows.<!--no-hyperlink-->net", and the string "Password" or "password" or "pwd".
-
-### Pattern
--- the string "Server", "server", or "data source"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- The string "cloudapp.azure.<!--no-hyperlink-->com", "cloudapp.azure.<!--no-hyperlink-->net", or "database.windows.<!--no-hyperlink-->net"-- any combination of between 1-300 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "Password", "password", or "pwd"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- one or more characters that aren't a semicolon (;), quotation mark ("), or apostrophe (')-- a semicolon (;), quotation mark ("), or apostrophe (')-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureConnectionString finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure IAAS Database Connection String and Azure SQL Connection String-->
-<Entity id="ce1a126d-186f-4700-8c0c-486157b953fd" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureConnectionString" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_common_example_keywords
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure IoT connection string
-
-### Format
-
-The string "HostName" followed by the characters and strings outlined in the pattern below, including the strings "azure-devices.<!--no-hyperlink-->net" and "SharedAccessKey".
-
-### Pattern
--- the string "HostName"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "azure-devices.<!--no-hyperlink-->net"-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "SharedAccessKey"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of 43 lower- or uppercase letters, digits, forward slash (/), or plus sign (+)-- an equal sign (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureIoTConnectionString finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure IoT Connection String-->
-<Entity id="0b34bec3-d5d6-4974-b7b0-dcdb5c90c29d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureIoTConnectionString" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_common_example_keywords
-
-This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure publish setting password
-
-### Format
-
-The string "userpwd=" followed by an alphanumeric string.
-
-### Pattern
--- the string "userpwd="-- any combination of 60 lowercase letters or digits-- a quotation mark (")-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzurePublishSettingPasswords finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure Publish Setting Password-->
-<Entity id="75f4cc8a-a68e-49e5-89ce-fa8f03d286a5" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzurePublishSettingPasswords" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_common_example_keywords
-
-This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure Redis cache connection string
-
-### Format
-
-The string "redis.cache.windows.<!--no-hyperlink-->net" followed by the characters and strings outlined in the pattern below, including the string "password" or "pwd".
-
-### Pattern
--- the string "redis.cache.windows.<!--no-hyperlink-->net"-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "password" or "pwd"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of 43 characters that are lower- or uppercase letters, digits, forward slash (/), or plus sign (+)-- an equal sign (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureRedisCacheConnectionString finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure Redis Cache Connection String-->
-<Entity id="095a7e6c-efd8-46d5-af7b-5298d53a49fc" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureRedisCacheConnectionString" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_common_example_keywords
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure SAS
-
-### Format
-
-The string "sig" followed by the characters and strings outlined in the pattern below.
-
-### Pattern
--- the string "sig"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of between 43-53 characters that are lower- or uppercase letters, digits, or the percent sign (%)-- the string "%3d"-- any character that isn't a lower- or uppercase letter, digit, or percent sign (%)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureSAS finds content that matches the pattern.-
-```xml
-<!--Azure SAS-->
-<Entity id="4d235014-e564-47f4-a6fb-6ebb4a826834" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureSAS" />
- </Pattern>
-</Entity>
-```
-
-## Azure service bus connection string
-
-### Format
-
-The string "EndPoint" followed by the characters and strings outlined in the pattern below, including the strings "servicebus.windows.<!--no-hyperlink-->net" and "SharedAccesKey".
-
-### Pattern
--- the string "EndPoint"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "servicebus.windows.<!--no-hyperlink-->net"-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "SharedAccessKey"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of 43 characters that are lower- or uppercase letters, digits, forward slash (/), or plus sign (+)-- an equal sign (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureServiceBusConnectionString finds content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure Service Bus Connection String-->
-<Entity id="b9a6578f-a83f-4fcd-bf44-2130bae49a6f" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureServiceBusConnectionString" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_common_example_keywords
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure storage account key
-
-### Format
-
-The string "DefaultEndpointsProtocol" followed by the characters and strings outlined in the pattern below, including the string "AccountKey".
-
-### Pattern
--- the string "DefaultEndpointsProtocol"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "AccountKey"-- zero to two whitespace characters-- an equal sign (=)-- zero to two whitespace characters-- any combination of 86 characters that are lower- or uppercase letters, digits, forward slash (/), or plus sign (+)-- two equal signs (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureStorageAccountKey finds content that matches the pattern.-- The regular expression CEP_AzureEmulatorStorageAccountFilter doesn't find content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```xml
-<!--Azure Storage Account Key-->
-<Entity id="c7bc98e8-551a-4c35-a92d-d2c8cda714a7" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureStorageAccountKey" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_AzureEmulatorStorageAccountFilter" />
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_azure_emulator_storage_account_filter
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==-
-#### CEP_common_example_keywords
-
-(Technically, this sensitive information type identifies these keywords by using a regular expression, not a keyword list.)
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Azure Storage account key (generic)
-
-### Format
-
-Any combination of 86 lower- or uppercase letters, digits, the forward slash (/), or plus sign (+), preceded or followed by the characters outlined in the pattern below.
-
-### Pattern
--- zero to one of the greater than symbol (>), apostrophe ('), equal sign (=), quotation mark ("), or number sign (#)-- any combination of 86 characters that are lower- or uppercase letters, digits, the forward slash (/), or plus sign (+)-- two equal signs (=)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_AzureStorageAccountKeyGeneric finds content that matches the pattern.-
-```xml
-<!--Azure Storage Account Key (Generic)-->
-<Entity id="7ff41bd0-5419-4523-91d6-383b3a37f084" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_AzureStorageAccountKeyGeneric" />
- </Pattern>
-</Entity>
-```
-
-## Belgium driver's license number
-
-### Format
-
-10 digits without spaces and delimiters
-
-### Pattern
-
-10 digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_belgium_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_belgium_eu_driver's_license_number` is found.-
-```xml
- <!-- Belgium Driver's License Number -->
- <Entity id="d89fd329-9324-433c-b687-2c37bd5166f3" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_belgium_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_belgium_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_belgium_eu_driver's_license_number
--- rijbewijs-- rijbewijsnummer-- führerschein-- führerscheinnummer-- füehrerscheinnummer-- fuhrerschein-- fuehrerschein-- fuhrerscheinnummer-- fuehrerscheinnummer-- permis de conduire-- numéro permis conduire-
-## Belgium national number
-
-### Format
-
-11 digits plus optional delimiters
-
-### Pattern
-
-11 digits plus delimiters:
--- six digits and two optional periods in the format YY.MM.DD for date of birth-- An optional delimiter from dot, dash, space-- three sequential digits (odd for males, even for females)-- An optional delimiter from dot, dash, space-- two check digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_belgium_national_number finds content that matches the pattern.-- A keyword from Keyword_belgium_national_number is found.-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_belgium_national_number finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Belgium National Number -->
- <Entity id="fb969c9e-0fd1-4b18-8091-a2123c5e6a54" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_belgium_national_number" />
- <Match idRef="Keyword_belgium_national_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_belgium_national_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_belgium_national_number
--- belasting aantal-- bnn#-- bnn-- carte d'identité-- identifiant national-- identifiantnational#-- identificatie-- identification-- identifikation-- identifikationsnummer-- identifizierung-- identité-- identiteit-- identiteitskaart-- identity-- inscription-- national number-- national register-- nationalnumber#-- nationalnumber-- nif#-- nif-- numéro d'assuré-- numéro de registre national-- numéro de sécurité-- numéro d'identification-- numéro d'immatriculation-- numéro national-- numéronational#-- personal id number-- personalausweis-- personalidnumber#-- registratie-- registration-- registrationsnumme-- registrierung-- social security number-- ssn#-- ssn-- steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Belgium passport number
-
-### Format
-
-two letters followed by six digits with no spaces or delimiters
-
-### Pattern
-
-two letters and followed by six digits
-
-### Checksum
-
-not applicable
-
-### Definition
-
- A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` or `Keywords_belgium_eu_passport_number` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.-
-```xml
- <!-- Belgium Passport Number -->
- <Entity id="d7b1315b-21ca-4774-a32a-596010ff78fd" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_belgium_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_belgium_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date2" />
- <Match idRef="Keywords_eu_passport_date" />
- <Match idRef="Keywords_belgium_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_belgium_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_belgium_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_belgium_eu_passport_number
--- numéro passeport-- paspoort nr-- paspoort-nr-- paspoortnummer-- paspoortnummers-- Passeport carte-- Passeport livre-- Pass-Nr-- Passnummer-- reisepass kein-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Belgium physical addresses
-
-This unbundled named entity detects patterns related to physical addresses from Belgium. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Belgium value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-12-character alphanumeric pattern
-
-### Pattern
-
-12-character alphanumeric pattern:
--- a letter B or b-- a letter E or e-- a digit 0-- a digit from 1 to 9-- an optional dot or Hyphen or space-- four digits-- an optional dot or Hyphen or space-- four digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_belgium_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_belgium_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_belgium_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- Belgium Value Added Tax Number -->
- <Entity id="85b5b3c3-f2de-4ae8-ac46-fd3cb38bf9ed" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_belgium_value_added_tax_number" />
- <Match idRef="Keywords_belgium_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_belgium_value_added_tax_number" />
- </Pattern>
- </Entity>
- </Version>
-```
-### Keywords
-
-#### Keyword_belgium_value_added_tax_number
--- nº tva-- vat number-- vat no-- numéro t.v.a-- umsatzsteuer-identifikationsnummer-- umsatzsteuernummer-- btw-- btw#-- vat#-
-## Blood test terms
-
-This unbundled named entity detects terms related to blood tests, such as *hCG*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Brand medication names
-
-This unbundled named entity detects names of brand medication, such as *Tylenol*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Brazil CPF number
-
-### Format
-
-11 digits that include a check digit and can be formatted or unformatted
-
-### Pattern
-
-Formatted:
--- three digits-- a period-- three digits-- a period-- three digits-- a hyphen-- two digits that are check digits-
-Unformatted:
--- 11 digits where the last two digits are check digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_brazil_cpf finds content that matches the pattern.-- A keyword from Keyword_brazil_cpf is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_brazil_cpf finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Brazil CPF Number -->
-<Entity id="78e09124-f2c3-4656-b32a-c1a132cd2711" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_brazil_cpf"/>
- <Match idRef="Keyword_brazil_cpf"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_brazil_cpf"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_brazil_cpf
--- CPF-- Identification-- Registration-- Revenue-- Cadastro de Pessoas Físicas-- Imposto-- Identificação-- Inscrição-- Receita-
-## Brazil legal entity number (CNPJ)
-
-### Format
-
-14 digits that include a registration number, branch number, and check digits, plus delimiters
-
-### Pattern
-
-14 digits, plus delimiters:
--- two digits-- a period-- three digits-- a period-- three digits (these first eight digits are the registration number)-- a forward slash-- four-digit branch number-- a hyphen-- two digits that are check digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_brazil_cnpj finds content that matches the pattern.-- A keyword from Keyword_brazil_cnpj is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_brazil_cnpj finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Brazil Legal Entity Number (CNPJ) -->
-<Entity id="9b58b5cd-5e90-4df6-b34f-1ebcc88ceae4" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_brazil_cnpj"/>
- <Match idRef="Keyword_brazil_cnpj"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_brazil_cnpj"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_brazil_cnpj
--- CNPJ-- CNPJ/MF-- CNPJ-MF-- National Registry of Legal Entities-- Taxpayers Registry-- Legal entity-- Legal entities-- Registration Status-- Business-- Company-- CNPJ-- Cadastro Nacional da Pessoa Jurídica-- Cadastro Geral de Contribuintes-- CGC-- Pessoa jurídica-- Pessoas jurídicas-- Situação cadastral-- Inscrição-- Empresa-
-## Brazil national identification card (RG)
-
-### Format
-
-Registro Geral (old format): Nine digits
-
-Registro de Identidade (RIC) (new format): 11 digits
-
-### Pattern
-
-Registro Geral (old format):
--- two digits-- a period-- three digits-- a period-- three digits-- a hyphen-- one digit that is a check digit-
-Registro de Identidade (RIC) (new format):
--- 10 digits-- a hyphen-- one digit that is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_brazil_rg finds content that matches the pattern.-- A keyword from Keyword_brazil_rg is found.-- The checksum passes.-
-```xml
- <!-- Brazil National ID Card (RG) -->
- <Entity id="486de900-db70-41b3-a886-abdf25af119c" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_brazil_rg" />
- <Match idRef="Keyword_brazil_rg" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_brazil_rg
--- Cédula de identidade-- identity card-- national id-- número de rregistro-- registro de Iidentidade-- registro geral-- RG (this keyword is case-sensitive)-- RIC (this keyword is case-sensitive)-
-## Brazil physical addresses
-
-This unbundled named entity detects patterns related to physical address from Brazil. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Bulgaria driver's license number
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_bulgaria_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_bulgaria_eu_driver's_license_number` is found.-
-```xml
- <!-- Bulgaria Driver's License Number -->
- <Entity id="66d39258-94c2-43b2-804b-aa312258e54b" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_bulgaria_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_bulgaria_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_bulgaria_eu_driver's_license_number
--- свидетелство за управление на мпс-- свидетелство за управление на моторно превозно средство-- сумпс-- шофьорска книжка-- шофьорски книжки-
-## Bulgaria passport number
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.-
-```xml
- <!-- Bulgaria Passport Number -->
- <Entity id="f7172b82-c588-4216-845e-4e54e397f29a" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_bulgaria_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_bulgaria_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_bulgaria_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_bulgaria_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_bulgaria_eu_passport_number
--- номер на паспорта-- номер на паспорт-- паспорт №-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Bulgaria physical addresses
-
-This unbundled named entity detects patterns related to physical address from Bulgaria. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Bulgaria uniform civil number
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10 digits without spaces and delimiters
-
-### Pattern
-
-10 digits without spaces and delimiters
--- six digits that correspond to the birth date (YYMMDD)-- two digits that correspond to the birth order-- one digit that corresponds to gender: An even digit for male and an odd digit for female-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_bulgaria_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Bulgaria Uniform Civil Number -->
- <Entity id="100d58b1-0a35-4fb1-aa89-e4a86fb53fcc" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_bulgaria_eu_national_id_card" />
- <Match idRef="Keywords_bulgaria_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_bulgaria_eu_national_id_card" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_bulgaria_eu_telephone_number" />
- <Match idRef="Keywords_bulgaria_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_bulgaria_eu_national_id_card
--- bnn#-- bnn-- bucn#-- bucn-- edinen grazhdanski nomer-- egn#-- egn-- identification number-- national id-- national number-- nationalnumber#-- nationalnumber-- personal id-- personal no-- personal number-- personalidnumber#-- social security number-- ssn#-- ssn-- uniform civil id-- uniform civil no-- uniform civil number-- uniformcivilno#-- uniformcivilno-- uniformcivilnumber#-- uniformcivilnumber-- unique citizenship number-- егн#-- егн-- единен граждански номер-- идентификационен номер-- личен номер-- лична идентификация-- лично не-- национален номер-- номер на гражданството-- униформ id-- униформ граждански id-- униформ граждански не-- униформ граждански номер-- униформгражданскиid#-- униформгражданскине.#-
-## Canada bank account number
-
-### Format
-
-7 or 12 digits
-
-### Pattern
-
-A Canada Bank Account Number is 7 or 12 digits.
-
-A Canada bank account transit number is:
--- five digits-- a hyphen-- three digits
-OR
-- a zero "0"-- eight digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_canada_bank_account_number finds content that matches the pattern.-- A keyword from Keyword_canada_bank_account_number is found.-- The regular expression Regex_canada_bank_account_transit_number finds content that matches the pattern.-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_canada_bank_account_number finds content that matches the pattern.-- A keyword from Keyword_canada_bank_account_number is found.-
-```xml
-<!-- Canada Bank Account Number -->
-<Entity id="552e814c-cb50-4d94-bbaa-bb1d1ffb34de" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_canada_bank_account_number" />
- <Match idRef="Keyword_canada_bank_account_number" />
- <Match idRef="Regex_canada_bank_account_transit_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_canada_bank_account_number" />
- <Match idRef="Keyword_canada_bank_account_number" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_canada_bank_account_number
--- canada savings bonds-- canada revenue agency-- canadian financial institution-- direct deposit form-- canadian citizen-- legal representative-- notary public-- commissioner for oaths-- child care benefit-- universal child care-- canada child tax benefit-- income tax benefit-- harmonized sales tax-- social insurance number-- income tax refund-- child tax benefit-- territorial payments-- institution number-- deposit request-- banking information-- direct deposit-
-## Canada driver's license number
-
-### Format
-
-Varies by province
-
-### Pattern
-
-Various patterns covering:
--- Alberta-- British Columbia-- Manitoba-- New Brunswick-- Newfoundland/Labrador-- Nova Scotia-- Ontario-- Prince Edward Island-- Quebec-- Saskatchewan-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_[province_name]_drivers_license_number finds content that matches the pattern.-- A keyword from Keyword_[province_name]_drivers_license_name is found.-- A keyword from Keyword_canada_drivers_license is found.-
-```xml
-<!-- Canada Driver's License Number -->
- <Entity id="37186abb-8e48-4800-ad3c-e3d1610b3db0" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_alberta_drivers_license_number" />
- <Match idRef="Keyword_alberta_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_british_columbia_drivers_license_number" />
- <Match idRef="Keyword_british_columbia_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_manitoba_drivers_license_number" />
- <Match idRef="Keyword_manitoba_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_new_brunswick_drivers_license_number" />
- <Match idRef="Keyword_new_brunswick_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_newfoundland_labrador_drivers_license_number" />
- <Match idRef="Keyword_newfoundland_labrador_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_nova_scotia_drivers_license_number" />
- <Match idRef="Keyword_nova_scotia_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_ontario_drivers_license_number" />
- <Match idRef="Keyword_ontario_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_prince_edward_island_drivers_license_number" />
- <Match idRef="Keyword_prince_edward_island_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_quebec_drivers_license_number" />
- <Match idRef="Keyword_quebec_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_saskatchewan_drivers_license_number" />
- <Match idRef="Keyword_saskatchewan_drivers_license_name" />
- <Match idRef="Keyword_canada_drivers_license" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_[province_name]_drivers_license_name
--- The province abbreviation, for example AB-- The province name, for example Alberta-
-#### Keyword_canada_drivers_license
--- DL-- DLS-- CDL-- CDLS-- DriverLic-- DriverLics-- DriverLicense-- DriverLicenses-- DriverLicence-- DriverLicences-- Driver Lic-- Driver Lics-- Driver License-- Driver Licenses-- Driver Licence-- Driver Licences-- DriversLic-- DriversLics-- DriversLicence-- DriversLicences-- DriversLicense-- DriversLicenses-- Drivers Lic-- Drivers Lics-- Drivers License-- Drivers Licenses-- Drivers Licence-- Drivers Licences-- Driver'Lic-- Driver'Lics-- Driver'License-- Driver'Licenses-- Driver'Licence-- Driver'Licences-- Driver' Lic-- Driver' Lics-- Driver' License-- Driver' Licenses-- Driver' Licence-- Driver' Licences-- Driver'sLic-- Driver'sLics-- Driver'sLicense-- Driver'sLicenses-- Driver'sLicence-- Driver'sLicences-- Driver's Lic-- Driver's Lics-- Driver's License-- Driver's Licenses-- Driver's Licence-- Driver's Licences-- Permis de Conduire-- id-- ids-- idcard number-- idcard numbers-- idcard #-- idcard #s-- idcard card-- idcard cards-- idcard-- identification number-- identification numbers-- identification #-- identification #s-- identification card-- identification cards-- identification-- DL#-- DLS#-- CDL#-- CDLS#-- DriverLic#-- DriverLics#-- DriverLicense#-- DriverLicenses#-- DriverLicence#-- DriverLicences#-- Driver Lic#-- Driver Lics#-- Driver License#-- Driver Licenses#-- Driver License#-- Driver Licences#-- DriversLic#-- DriversLics#-- DriversLicense#-- DriversLicenses#-- DriversLicence#-- DriversLicences#-- Drivers Lic#-- Drivers Lics#-- Drivers License#-- Drivers Licenses#-- Drivers Licence#-- Drivers Licences#-- Driver'Lic#-- Driver'Lics#-- Driver'License#-- Driver'Licenses#-- Driver'Licence#-- Driver'Licences#-- Driver' Lic#-- Driver' Lics#-- Driver' License#-- Driver' Licenses#-- Driver' Licence#-- Driver' Licences#-- Driver'sLic#-- Driver'sLics#-- Driver'sLicense#-- Driver'sLicenses#-- Driver'sLicence#-- Driver'sLicences#-- Driver's Lic#-- Driver's Lics#-- Driver's License#-- Driver's Licenses#-- Driver's Licence#-- Driver's Licences#-- Permis de Conduire#-- id#-- ids#-- idcard card#-- idcard cards#-- idcard#-- identification card#-- identification cards#-- identification#-
-## Canada health service number
-
-### Format
-
- 10 digits
-
-### Pattern
-
-10 digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_canada_health_service_number finds content that matches the pattern.-- A keyword from Keyword_canada_health_service_number is found.-
-```xml
-<!-- Canada Health Service Number -->
-<Entity id="59c0bf39-7fab-482c-af25-00faa4384c94" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_canada_health_service_number" />
- <Any minMatches="1">
- <Match idRef="Keyword_canada_health_service_number" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_canada_health_service_number
--- personal health number-- patient information-- health services-- speciality services-- automobile accident-- patient hospital-- psychiatrist-- workers compensation-- disability-
-## Canada passport number
-
-### Format
-
-two uppercase letters followed by six digits
-
-### Pattern
-
-two uppercase letters followed by six digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_canada_passport_number finds content that matches the pattern.-- A keyword from Keyword_canada_passport_number or Keyword_passport is found.-
-```xml
-<!-- Canada Passport Number -->
-<Entity id="14d0db8b-498a-43ed-9fca-f6097ae687eb" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_canada_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keyword_canada_passport_number" />
- <Match idRef="Keyword_passport" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_canada_passport_number
--- canadian citizenship-- canadian passport-- passport application-- passport photos-- certified translator-- canadian citizens-- processing times-- renewal application-
-#### Keyword_passport
--- Passport Number-- Passport No-- Passport #-- Passport#-- PassportID-- Passportno-- passportnumber-- パスポート-- パスポート番号-- パスポートのNum-- パスポート#-- Numéro de passeport-- Passeport n °-- Passeport Non-- Passeport #-- Passeport#-- PasseportNon-- Passeportn °-
-## Canada personal health identification number (PHIN)
-
-### Format
-
-nine digits
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_canada_phin finds content that matches the pattern.-- At least two keywords from Keyword_canada_phin or Keyword_canada_provinces are found.-
-```xml
-<!-- Canada PHIN -->
-<Entity id="722e12ac-c89a-4ec8-a1b7-fea3469f89db" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_canada_phin" />
- <Any minMatches="2">
- <Match idRef="Keyword_canada_phin" />
- <Match idRef="Keyword_canada_provinces" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_canada_phin
--- social insurance number-- health information act-- income tax information-- manitoba health-- health registration-- prescription purchases-- benefit eligibility-- personal health-- power of attorney-- registration number-- personal health number-- practitioner referral-- wellness professional-- patient referral-- health and wellness-
-#### Keyword_canada_provinces
--- Nunavut-- Quebec-- Northwest Territories-- Ontario-- British Columbia-- Alberta-- Saskatchewan-- Manitoba-- Yukon-- Newfoundland and Labrador-- New Brunswick-- Nova Scotia-- Prince Edward Island-- Canada-
-## Canada physical addresses
-
-This unbundled named entity detects patterns related to physical address from Canada. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Canada social insurance number
-
-### Format
-
-nine digits with optional hyphens or spaces
-
-### Pattern
-
-Formatted:
--- three digits-- a hyphen or space-- three digits-- a hyphen or space-- three digits-
-Unformatted: nine digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_canadian_sin finds content that matches the pattern.-- At least two of the following patterns:
- - A keyword from Keyword_sin is found.
- - A keyword from Keyword_sin_collaborative is found.
- - The function Func_eu_date finds a date in the right date format.
-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_unformatted_canadian_sin finds content that matches the pattern.-- A keyword from Keyword_sin is found.-- The checksum passes.-
-```xml
-<!-- Canada Social Insurance Number -->
-<Entity id="a2f29c85-ecb8-4514-a610-364790c0773e" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_canadian_sin" />
- <Any minMatches="2">
- <Match idRef="Keyword_sin" />
- <Match idRef="Keyword_sin_collaborative" />
- <Match idRef="Func_eu_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_unformatted_canadian_sin" />
- <Match idRef="Keyword_sin" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_sin
--- sin-- social insurance-- numero d'assurance sociale-- sins-- ssn-- ssns-- social security-- numero d'assurance social-- national identification number-- national id-- sin#-- soc ins-- social ins-
-#### Keyword_sin_collaborative
--- driver's license-- drivers license-- driver's licence-- drivers licence-- DOB-- Birthdate-- Birthday-- Date of Birth-
-## Chile identity card number
-
-### Format
-
-seven to eight digits plus delimiters a check digit or letter
-
-### Pattern
-
-seven to eight digits plus delimiters:
--- one to two digits-- an optional period-- three digits-- an optional period-- three digits-- a dash-- one digit or letter (not case-sensitive) which is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_chile_id_card finds content that matches the pattern.-- A keyword from Keyword_chile_id_card is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_chile_id_card finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Chile Identity Card Number -->
-<Entity id="4e979794-49a0-407e-a0b9-2c536937b925" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_chile_id_card"/>
- <Match idRef="Keyword_chile_id_card"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_chile_id_card"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_chile_id_card
--- cédula de identidad-- identificación-- national identification-- national identification number-- national id-- número de identificación nacional-- rol único nacional-- rol único tributario-- RUN-- RUT-- tarjeta de identificación-- Rol Unico Nacional-- Rol Unico Tributario-- RUN#-- RUT#-- nationaluniqueroleID#-- nacional identidad-- número identificación-- identidad número-- numero identificacion-- identidad numero-- Chilean identity no.-- Chilean identity number-- Chilean identity #-- Unique Tax Registry-- Unique Tributary Role-- Unique Tax Role-- Unique Tributary Number-- Unique National Number-- Unique National Role-- National unique role-- Chile identity no.-- Chile identity number-- Chile identity #-- R.U.T-- R.U.N-
-## China resident identity card (PRC) number
-
-### Format
-
-18 digits
-
-### Pattern
-
-18 digits:
--- six digits that are an address code-- eight digits in the form YYYYMMDD, which are the date of birth-- three digits that are an order code-- one digit that is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_china_resident_id finds content that matches the pattern.-- A keyword from Keyword_china_resident_id is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_china_resident_id finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- China Resident Identity Card (PRC) Number -->
-<Entity id="c92daa86-2d16-4871-901f-816b3f554fc1" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_china_resident_id"/>
- <Match idRef="Keyword_china_resident_id"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_china_resident_id"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-### Keyword_china_resident_id
--- Resident Identity Card-- PRC-- National Identification Card-- 身份证-- 居民 身份证-- 居民身份证-- 鉴定-- 身分證-- 居民 身份證-- 鑑定-
-## Credit card number
-
-### Format
-
-14 to 19 digits that can be formatted or unformatted (dddddddddddddddd) and that must pass the Luhn test.
-
-### Pattern
-
-Detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, diner's cards, Rupay and China UnionPay.
-
-### Checksum
-
-Yes, the Luhn check
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_credit_card finds content that matches the pattern.-- One of the following conditions is true:
- - A keyword from Keyword_cc_verification is found.
- - A keyword from Keyword_cc_name is found.
- - The function Func_expiration_date finds a date in the right date format.
-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_credit_card finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Credit Card Number -->
-<Entity id="50842eb7-edc8-4019-85dd-5a5c1f2bb085" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_credit_card" />
- <Any minMatches="1">
- <Match idRef="Keyword_cc_verification" />
- <Match idRef="Keyword_cc_name" />
- <Match idRef="Func_expiration_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_credit_card" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_cc_verification
--- card verification-- card identification number-- cvn-- cid-- cvc2-- cvv2-- pin block-- security code-- security number-- security no-- issue number-- issue no-- cryptogramme-- numéro de sécurité-- numero de securite-- kreditkartenprüfnummer-- kreditkartenprufnummer-- prüfziffer-- prufziffer-- sicherheits Kode-- sicherheitscode-- sicherheitsnummer-- verfalldatum-- codice di verifica-- cod. sicurezza-- cod sicurezza-- n autorizzazione-- código-- codigo-- cod. seg-- cod seg-- código de segurança-- codigo de seguranca-- codigo de segurança-- código de seguranca-- cód. segurança-- cod. seguranca-- cod. segurança-- cód. seguranca-- cód segurança-- cod seguranca-- cod segurança-- cód seguranca-- número de verificação-- numero de verificacao-- ablauf-- gültig bis-- gültigkeitsdatum-- gultig bis-- gultigkeitsdatum-- scadenza-- data scad-- fecha de expiracion-- fecha de venc-- vencimiento-- válido hasta-- valido hasta-- vto-- data de expiração-- data de expiracao-- data em que expira-- validade-- valor-- vencimento-- transaction-- transaction number-- reference number-- セキュリティコード-- セキュリティ コード-- セキュリティナンバー-- セキュリティ ナンバー-- セキュリティ番号-
-#### Keyword_cc_name
--- amex-- american express-- americanexpress-- americano espresso-- Visa-- mastercard-- master card-- mc-- mastercards-- master cards-- diner's Club-- diners club-- dinersclub-- discover-- discover card-- discovercard-- discover cards-- JCB-- BrandSmart-- japanese card bureau-- carte blanche-- carteblanche-- credit card-- cc#-- cc#:--- expiration date-- exp date-- expiry date-- date d'expiration-- date d'exp-- date expiration-- bank card-- bankcard-- card number-- card num-- cardnumber-- cardnumbers-- card numbers-- creditcard-- credit cards-- creditcards-- ccn-- card holder-- cardholder-- card holders-- cardholders-- check card-- checkcard-- check cards-- checkcards-- debit card-- debitcard-- debit cards-- debitcards-- atm card-- atmcard-- atm cards-- atmcards-- enroute-- en route-- card type-- Cardmember Acct-- cardmember account-- Cardno-- Corporate Card-- Corporate cards-- Type of card-- card account number-- card member account-- Cardmember Acct.-- card no.-- card no-- card number-- carte bancaire-- carte de crédit-- carte de credit-- numéro de carte-- numero de carte-- nº de la carte-- nº de carte-- kreditkarte-- karte-- karteninhaber-- karteninhabers-- kreditkarteninhaber-- kreditkarteninstitut-- kreditkartentyp-- eigentümername-- kartennr-- kartennummer-- kreditkartennummer-- kreditkarten-nummer-- carta di credito-- carta credito-- n. carta-- n carta-- nr. carta-- nr carta-- numero carta-- numero della carta-- numero di carta-- tarjeta credito-- tarjeta de credito-- tarjeta crédito-- tarjeta de crédito-- tarjeta de atm-- tarjeta atm-- tarjeta debito-- tarjeta de debito-- tarjeta débito-- tarjeta de débito-- nº de tarjeta-- no. de tarjeta-- no de tarjeta-- numero de tarjeta-- número de tarjeta-- tarjeta no-- tarjetahabiente-- cartão de crédito-- cartão de credito-- cartao de crédito-- cartao de credito-- cartão de débito-- cartao de débito-- cartão de debito-- cartao de debito-- débito automático-- debito automatico-- número do cartão-- numero do cartão-- número do cartao-- numero do cartao-- número de cartão-- numero de cartão-- número de cartao-- numero de cartao-- nº do cartão-- nº do cartao-- nº. do cartão-- no do cartão-- no do cartao-- no. do cartão-- no. do cartao-- rupay-- union pay-- unionpay-- diner's-- diners-- クレジットカード番号-- クレジットカードナンバー-- クレジットカード#-- クレジットカード-- クレジット-- クレカ-- カード番号-- カードナンバー-- カード#-- アメックス-- アメリカンエクスプレス-- アメリカン エクスプレス-- Visaカード-- Visa カード-- マスターカード-- マスター カード-- マスター-- ダイナースクラブ-- ダイナース クラブ-- ダイナース-- 有効期限-- 期限-- キャッシュカード-- キャッシュ カード-- カード名義人-- カードの名義人-- カードの名義-- デビット カード-- デビットカード-- 中国银联-- 银联-
-## Croatia driver's license number
-
-### Format
-
-eight digits without spaces and delimiters
-
-### Pattern
-
-eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_croatia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_croatia_eu_driver's_license_number` is found.-
-```xml
- <!-- Croatia Driver's License Number -->
- <Entity id="005b3ef1-47dd-4e68-bb02-c6db484d00f2" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_croatia_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_croatia_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_croatia_eu_driver's_license_number
--- voza─ìka dozvola-- voza─ìke dozvole-
-## Croatia identity card number
-
-This entity is included in the EU National Identification Number sensitive information type. It's available as a stand-alone sensitive information type entity.
-
-### Format
-
-nine digits
-
-### Pattern
-
-nine consecutive digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_croatia_id_card finds content that matches the pattern.-- A keyword from Keyword_croatia_id_card is found.-
-```xml
-<!--Croatia Identity Card Number-->
-<Entity id="ff12f884-c20a-4189-b185-34c8e7258d47" recommendedConfidence="75" patternsProximity="300">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_croatia_id_card"/>
- <Match idRef="Keyword_croatia_id_card"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_croatia_id_card
--- majstorski broj gra─æana-- master citizen number-- nacionalni identifikacijski broj-- national identification number-- oib#-- oib-- osobna iskaznica-- osobni id-- osobni identifikacijski broj-- personal identification number-- porezni broj-- porezni identifikacijski broj-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Croatia passport number
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.-
-```xml
- <!-- Croatia Passport Number -->
- <Entity id="7d7a729d-32d8-4204-8d01-d5e6a6c25581" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_croatia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_croatia_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_croatia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_croatia_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_croatia_eu_passport_number
--- broj putovnice-- br. Putovnice-- br putovnice-
-## Croatia personal identification (OIB) number
-
-### Format
-
-11 digits
-
-### Pattern
-
-11 digits:
--- 10 digits-- final digit is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_croatia_oib_number finds content that matches the pattern.-- A keyword from Keywords_croatia_eu_tax_file_number is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_croatia_oib_number finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- Croatia Personal Identification (OIB) Number -->
- <Entity id="31983b6d-db95-4eb2-a630-b44bd091968d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_croatia_oib_number" />
- <Match idRef="Keywords_croatia_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_croatia_oib_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_croatia_oib_number
--- majstorski broj gra─æana-- master citizen number-- nacionalni identifikacijski broj-- national identification number-- oib#-- oib-- osobna iskaznica-- osobni id-- osobni identifikacijski broj-- personal identification number-- porezni broj-- porezni identifikacijski broj-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Croatia physical addresses
-
-This unbundled named entity detects patterns related to physical address from Croatia. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Cyprus drivers license number
-
-### Format
-
-12 digits without spaces and delimiters
-
-### Pattern
-
-12 digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_cyprus_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_cyprus_eu_driver's_license_number` is found.-
-```xml
- <!-- Cyprus Driver's License Number -->
- <Entity id="356fa104-f9ac-4aff-a0e4-2e6e65ea06c4" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_cyprus_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_cyprus_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_cyprus_eu_driver's_license_number
--- άδεια οδήγησης-- αριθμό άδειας οδήγησης-- άδειες οδήγησης-
-## Cyprus identity card
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10 digits without spaces and delimiters
-
-### Pattern
-
-10 digits
-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_cyprus_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_cyprus_eu_national_id_card` is found.-
-```xml
- <!-- Cyprus Identity Card -->
- <Entity id="3ba8afe5-7a6c-4929-8247-0001b6878438" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_cyprus_eu_national_id_card" />
- <Match idRef="Keywords_cyprus_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_cyprus_eu_national_id_card
--- id card number-- identity card number-- kimlik karti-- national identification number-- personal id number-- ταυτοτητασ-
-## Cyprus passport number
-
-### Format
-
-one letter followed by 6-8 digits with no spaces or delimiters
-
-### Pattern
-
-one letter followed by six to eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.-- The regular expression `Regex_cyprus_eu_passport_date` finds date in the format DD/MM/YYYY or a keyword from `Keywords_cyprus_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.-
-```xml
- <!-- Cyprus Passport Number -->
- <Entity id="9193e2e8-7f8c-43c1-a274-ac40d651936f" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_cyprus_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_cyprus_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_cyprus_eu_passport_date" />
- <Match idRef="Keywords_cyprus_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_cyprus_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_cyprus_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_cyprus_eu_passport_number
--- αριθμό διαβατηρίου-- pasaportu-- Αριθμός Διαβατηρίου-- κυπριακό διαβατήριο-- διαβατήριο#-- διαβατήριο-- αριθμός διαβατηρίου-- Pasaport Kimliği-- pasaport numarası-- Pasaport no.-- Αρ. Διαβατηρίου-
-#### Keywords_cyprus_eu_passport_date
--- expires on-- issued on-
-## Cyprus physical addresses
-
-This unbundled named entity detects patterns related to physical address from Cyprus. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Cyprus tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-eight digits and one letter in the specified pattern
-
-### Pattern
-
-eight digits and one letter:
--- a "0" or "9"-- seven digits-- one letter (not case-sensitive)-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_cyprus_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Cyprus Tax Identification Number -->
- <Entity id="40e64bd9-55f3-4a09-9bd6-1db18dced9dd" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_cyprus_eu_tax_file_number" />
- <Match idRef="Keywords_cyprus_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_cyprus_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_cyprus_eu_tax_file_number
--- tax id-- tax identification code-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tic#-- tic-- tin id-- tin no-- tin#-- vergi kimlik kodu-- vergi kimlik numarası-- αριθμός φορολογικού μητρώου-- κωδικός φορολογικού μητρώου-- φορολογική ταυτότητα-- φορολογικού κωδικού-
-## Czech driver's license number
-
-### Format
-
-two letters followed by six digits
-
-### Pattern
-
-eight letters and digits:
--- letter 'E' (not case-sensitive)-- a letter-- a space (optional)-- six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_czech_republic_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_czech_republic_eu_driver's_license_number` is found.-
-```xml
- <Entity id="86b40d3b-d8ea-4c36-aab0-ef9416a6769c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_czech_republic_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_czech_republic_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_czech_republic_eu_driver's_license_number
--- řidičský prúkaz-- řidičské průkazy-- číslo řidičského průkazu-- čísla řidičských průkazů-
-## Czech passport number
-
-### Format
-
-eight digits without spaces or delimiters
-
-### Pattern
-
-eight digits without spaces or delimiters
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.-
-```xml
- <!-- Czech Republic Passport Number -->
- <Entity id="7bcd8ce8-5e92-4bbe-bc92-fa669f0369fa" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_czech_republic_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_czech_republic_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_czech_republic_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_czech_republic_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_czech_republic_eu_passport_number
--- cestovní pas-- číslo pasu-- cestovní pasu-- passeport no-- čísla pasu-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Czech personal identity number
-
-### Format
-
-nine digits with optional forward slash (old format)
-
-10 digits with optional forward slash (new format)
-
-### Pattern
-
-nine digits (old format):
--- six digits that represent date of birth-- an optional forward slash-- three digits-
-10 digits (new format):
--- six digits that represent date of birth-- an optional forward slash-- four digits where last digit is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_czech_id_card finds content that matches the pattern.-- A keyword from Keyword_czech_id_card is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_czech_id_card_new_format finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Czech Personal Identity Number -->
- <!-- Czech Personal Identity Number -->
- <Entity id="60c0725a-4eb6-455b-9dda-05d8a7396497" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_czech_id_card" />
- <Match idRef="Keyword_czech_id_card" />
- </Pattern>
- <Version minEngineVersion="15.20.3000.000">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_czech_id_card_new_format" />
- </Pattern>
- </Version>
- </Entity>
-```
-### Keywords
-
-#### Keyword_czech_id_card
--- birth number-- czech republic id-- czechidno#-- daňové číslo-- identifikační číslo-- identity no-- identity number-- identityno#-- identityno-- insurance number-- national identification number-- nationalnumber#-- national number-- osobní číslo-- personalidnumber#-- personal id number-- personal identification number-- personal number-- pid#-- pid-- pojištění číslo-- rč-- rodne cislo-- rodné číslo-- ssn-- ssn#-- social security number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- unique identification number-
-## Czech Republic physical addresses
-
-This unbundled named entity detects patterns related to physical address from the Czech Republic. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Denmark driver's license number
-
-### Format
-
-eight digits without spaces and delimiters
-
-### Pattern
-
-eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_denmark_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_denmark_eu_driver's_license_number` is found.-
-```xml
- <!-- Denmark Driver's License Number -->
- <Entity id="98a95812-6203-451a-a220-d39870ebef0e" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_denmark_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_denmark_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_denmark_eu_driver's_license_number
--- k├╕rekort-- k├╕rekortnummer-
-## Denmark passport number
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.-
-```xml
- <!-- Denmark Passport Number -->
- <Entity id="25e8c47e-e6fe-4884-a211-74898f8c0196" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_denmark_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_denmark_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date2" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_denmark_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_denmark_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_denmark_eu_passport_number
--- pasnummer-- Passeport n┬░-- pasnumre-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Denmark personal identification number
-
-### Format
-
-10 digits containing a hyphen
-
-### Pattern
-
-10 digits:
--- six digits in the format DDMMYY, which are the date of birth-- an optional space or hyphen-- four digits where the final digit is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Func_denmark_eu_tax_file_number finds content that matches the pattern.-- A keyword from Keyword_denmark_id is found.-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Func_denmark_eu_tax_file_number finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Denmark Personal Identification Number -->
- <!-- Denmark Personal Identification Number -->
- <Entity id="6c4f2fef-56e1-4c00-8093-88d7a01cf460" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_denmark_eu_tax_file_number" />
- <Match idRef="Keyword_denmark_id" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_denmark_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_denmark_id
--- centrale personregister-- civilt registreringssystem-- cpr-- cpr#-- gesundheitskarte nummer-- gesundheitsversicherungkarte nummer-- health card-- health insurance card number-- health insurance number-- identification number-- identifikationsnummer-- identifikationsnummer#-- identity number-- krankenkassennummer-- nationalid#-- nationalnumber#-- national number-- personalidnumber#-- personalidentityno#-- personal id number-- personnummer-- personnummer#-- reisekrankenversicherungskartenummer-- rejsesygesikringskort-- ssn-- ssn#-- skat id-- skat kode-- skat nummer-- skattenummer-- social security number-- sundhedsforsikringskort-- sundhedsforsikringsnummer-- sundhedskort-- sundhedskortnummer-- sygesikring-- sygesikringkortnummer-- tax code-- travel health insurance card-- uniqueidentityno#-- tax number-- tax registration number-- tax id-- tax identification number-- taxid#-- taxnumber#-- tax no-- taxno#-- taxnumber-- tax identification no-- tin#-- taxidno#-- taxidnumber#-- tax no#-- tin id-- tin no-- cpr.nr-- cprnr-- cprnummer-- personnr-- personregister-- sygesikringsbevis-- sygesikringsbevisnr-- sygesikringsbevisnummer-- sygesikringskort-- sygesikringskortnr-- sygesikringskortnummer-- sygesikringsnr-- sygesikringsnummer-
-## Denmark physical addresses
-
-This unbundled named entity detects patterns related to physical address from Denmark. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Diseases
-
-This unbundled named entity detects text that matches disease names, such as *diabetes*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Drug Enforcement Agency (DEA) number
-
-### Format
-
-two letters followed by seven digits
-
-### Pattern
-
-Pattern must include all of the following:
--- one letter (not case-sensitive) from this set of possible letters: A/B/F/G/M/P/R, which is a registrant code-- one letter (not case-sensitive), which is the first letter of the registrant's last name or digit '9'-- seven digits, the last of which is the check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_dea_number finds content that matches the pattern.-- A keyword from `Keyword_dea_number` is found-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_dea_number finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- DEA Number -->
- <Entity id="9a5445ad-406e-43eb-8bd7-cac17ab6d0e4" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_dea_number" />
- </Pattern>
- <Version minEngineVersion="15.20.1207.000" maxEngineVersion="15.20.3134.000">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_dea_number" />
- </Pattern>
- </Version>
- <Version minEngineVersion="15.20.3135.000">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_dea_number" />
- <Match idRef="Keyword_dea_number" />
- </Pattern>
- </Version>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_dea_number
--- dea-- dea#-- drug enforcement administration-- drug enforcement agency-
-## Estonia driver's license number
-
-### Format
-
-two letters followed by six digits
-
-### Pattern
-
-two letters and six digits:
--- the letters "ET" (not case-sensitive)-- six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_estonia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_estonia_eu_driver's_license_number` is found.-
-```xml
- <!-- Estonia Driver's License Number -->
- <Entity id="51da8171-da70-4cc1-9d65-055a59ca4f83" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_estonia_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_estonia_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_estonia_eu_driver's_license_number
--- permis de conduire-- juhilubade numbrid-- juhiloa number-- juhiluba-
-## Estonia passport number
-
-### Format
-
-one letter followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-one letter followed by seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.-
-```xml
- <!-- Estonia Passport Number -->
- <Entity id="61f7073a-509e-425b-a754-bc01bb5d5b8c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_estonia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_estonia_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_estonia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_estonia_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_estonia_eu_passport_number
-
-eesti kodaniku pass
-passi number
-passinumbrid
-document number
-document no
-dokumendi nr
-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Estonia Personal Identification Code
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits without spaces and delimiters
-
-### Pattern
-
-11 digits:
--- one digit that corresponds to sex and century of birth (odd number male, even number female; 1-2: 19th century; 3-4: 20th century; 5-6: 21st century)-- six digits that correspond to date of birth (YYMMDD)-- three digits that correspond to a serial number separating persons born on the same date-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_estonia_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Estonia Personal Identification Code -->
- <Entity id="bfb26de6-dad5-4d48-ab72-4789cdd0654c" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_estonia_eu_national_id_card" />
- <Match idRef="Keywords_estonia_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_estonia_eu_national_id_card" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_estonia_eu_telephone_number" />
- <Match idRef="Keywords_estonia_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_estonia_eu_national_id_card
--- id-kaart-- ik-- isikukood#-- isikukood-- maksu id-- maksukohustuslase identifitseerimisnumber-- maksunumber-- national identification number-- national number-- personal code-- personal id number-- personal identification code-- personal identification number-- personalidnumber#-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Estonia physical addresses
-
-This unbundled named entity detects patterns related to physical address from Estonia. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## EU debit card number
-
-### Format
-
-16 digits
-
-### Pattern
-
-Complex and robust pattern
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_eu_debit_card finds content that matches the pattern.-- At least one of the following is true:
- - A keyword from Keyword_eu_debit_card is found.
- - A keyword from Keyword_card_terms_dict is found.
- - A keyword from Keyword_card_security_terms_dict is found.
- - A keyword from Keyword_card_expiration_terms_dict is found.
- - The function Func_expiration_date finds a date in the right date format.
-- The checksum passes.-
-```xml
- <!-- EU Debit Card Number -->
- <Entity id="0e9b3178-9678-47dd-a509-37222ca96b42" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_eu_debit_card" />
- <Any minMatches="1">
- <Match idRef="Keyword_eu_debit_card" />
- <Match idRef="Keyword_card_terms_dict" />
- <Match idRef="Keyword_card_security_terms_dict" />
- <Match idRef="Keyword_card_expiration_terms_dict" />
- <Match idRef="Func_expiration_date" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_eu_debit_card
--- account number-- card number-- card no.-- security number-- cc#-
-#### Keyword_card_terms_dict
--- acct nbr-- acct num-- acct no-- american express-- americanexpress-- americano espresso-- amex-- atm card-- atm cards-- atm kaart-- atmcard-- atmcards-- atmkaart-- atmkaarten-- bancontact-- bank card-- bankkaart-- card holder-- card holders-- card num-- card number-- card numbers-- card type-- cardano numerico-- cardholder-- cardholders-- cardnumber-- cardnumbers-- carta bianca-- carta credito-- carta di credito-- cartao de credito-- cartao de crédito-- cartao de debito-- cartao de débito-- carte bancaire-- carte blanche-- carte bleue-- carte de credit-- carte de crédit-- carte di credito-- carteblanche-- cartão de credito-- cartão de crédito-- cartão de debito-- cartão de débito-- cb-- ccn-- check card-- check cards-- checkcard-- checkcards-- chequekaart-- cirrus-- cirrus-edc-maestro-- controlekaart-- controlekaarten-- credit card-- credit cards-- creditcard-- creditcards-- debetkaart-- debetkaarten-- debit card-- debit cards-- debitcard-- debitcards-- debito automatico-- diners club-- dinersclub-- discover-- discover card-- discover cards-- discovercard-- discovercards-- débito automático-- edc-- eigentümername-- european debit card-- hoofdkaart-- hoofdkaarten-- in viaggio-- japanese card bureau-- japanse kaartdienst-- jcb-- kaart-- kaart num-- kaartaantal-- kaartaantallen-- kaarthouder-- kaarthouders-- karte-- karteninhaber-- karteninhabers-- kartennr-- kartennummer-- kreditkarte-- kreditkarten-nummer-- kreditkarteninhaber-- kreditkarteninstitut-- kreditkartennummer-- kreditkartentyp-- maestro-- master card-- master cards-- mastercard-- mastercards-- mc-- mister cash-- n carta-- carta-- no de tarjeta-- no do cartao-- no do cartão-- no. de tarjeta-- no. do cartao-- no. do cartão-- nr carta-- nr. carta-- numeri di scheda-- numero carta-- numero de cartao-- numero de carte-- numero de cartão-- numero de tarjeta-- numero della carta-- numero di carta-- numero di scheda-- numero do cartao-- numero do cartão-- numéro de carte-- nº carta-- nº de carte-- nº de la carte-- nº de tarjeta-- nº do cartao-- nº do cartão-- nº. do cartão-- número de cartao-- número de cartão-- número de tarjeta-- número do cartao-- scheda dell'assegno-- scheda dell'atmosfera-- scheda dell'atmosfera-- scheda della banca-- scheda di controllo-- scheda di debito-- scheda matrice-- schede dell'atmosfera-- schede di controllo-- schede di debito-- schede matrici-- scoprono la scheda-- scoprono le schede-- solo-- supporti di scheda-- supporto di scheda-- switch-- tarjeta atm-- tarjeta credito-- tarjeta de atm-- tarjeta de credito-- tarjeta de debito-- tarjeta debito-- tarjeta no-- tarjetahabiente-- tipo della scheda-- ufficio giapponese della-- scheda-- v pay-- v-pay-- visa-- visa plus-- visa electron-- visto-- visum-- vpay-
-#### Keyword_card_security_terms_dict
--- card identification number-- card verification-- cardi la verifica-- cid-- cod seg-- cod seguranca-- cod segurança-- cod sicurezza-- cod. seg-- cod. seguranca-- cod. segurança-- cod. sicurezza-- codice di sicurezza-- codice di verifica-- codigo-- codigo de seguranca-- codigo de segurança-- crittogramma-- cryptogram-- cryptogramme-- cv2-- cvc-- cvc2-- cvn-- cvv-- cvv2-- cód seguranca-- cód segurança-- cód. seguranca-- cód. segurança-- código-- código de seguranca-- código de segurança-- de kaart controle-- geeft nr uit-- issue no-- issue number-- kaartidentificatienummer-- kreditkartenprufnummer-- kreditkartenprüfnummer-- kwestieaantal-- no. dell'edizione-- no. di sicurezza-- numero de securite-- numero de verificacao-- numero dell'edizione-- numero di identificazione della-- scheda-- numero di sicurezza-- numero van veiligheid-- numéro de sécurité-- nº autorizzazione-- número de verificação-- perno il blocco-- pin block-- prufziffer-- prüfziffer-- security code-- security no-- security number-- sicherheits kode-- sicherheitscode-- sicherheitsnummer-- speldblok-- veiligheid nr-- veiligheidsaantal-- veiligheidscode-- veiligheidsnummer-- verfalldatum-
-#### Keyword_card_expiration_terms_dict
--- ablauf-- data de expiracao-- data de expiração-- data del exp-- data di exp-- data di scadenza-- data em que expira-- data scad-- data scadenza-- date de validité-- datum afloop-- datum van exp-- de afloop-- espira-- espira-- exp date-- exp datum-- expiration-- expire-- expires-- expiry-- fecha de expiracion-- fecha de venc-- gultig bis-- gultigkeitsdatum-- gültig bis-- gültigkeitsdatum-- la scadenza-- scadenza-- valable-- validade-- valido hasta-- valor-- venc-- vencimento-- vencimiento-- verloopt-- vervaldag-- vervaldatum-- vto-- válido hasta-
-## EU driver's license number
-
-These entities are in the EU Driver's License Number and are sensitive information types.
--- [Austria](#austria-drivers-license-number)-- [Belgium](#belgium-drivers-license-number)-- [Bulgaria](#bulgaria-drivers-license-number)-- [Croatia](#croatia-drivers-license-number)-- [Cyprus](#cyprus-drivers-license-number)-- [Czech](#czech-drivers-license-number)-- [Denmark](#denmark-drivers-license-number)-- [Estonia](#estonia-drivers-license-number)-- [Finland](#finland-drivers-license-number)-- [France](#france-drivers-license-number)-- [Germany](#germany-drivers-license-number)-- [Greece](#greece-drivers-license-number)-- [Hungary](#hungary-drivers-license-number)-- [Ireland](#ireland-drivers-license-number)-- [Italy](#italy-drivers-license-number)-- [Latvia](#latvia-drivers-license-number)-- [Lithuania](#lithuania-drivers-license-number)-- [Luxemburg](#luxemburg-drivers-license-number)-- [Malta](#malta-drivers-license-number)-- [Netherlands](#netherlands-drivers-license-number)-- [Poland](#poland-drivers-license-number)-- [Portugal](#portugal-drivers-license-number)-- [Romania](#romania-drivers-license-number)-- [Slovakia](#slovakia-drivers-license-number)-- [Slovenia](#slovenia-drivers-license-number)-- [Spain](#spain-drivers-license-number)-- [Sweden](#sweden-drivers-license-number)-- [U.K.](#uk-drivers-license-number)-
-## EU national identification number
-
-These entities are in the EU National Identification Number and are sensitive information types.
--- [Austria](#austria-identity-card)-- [Belgium](#belgium-national-number)-- [Bulgaria](#bulgaria-uniform-civil-number)-- [Croatia](#croatia-identity-card-number)-- [Cyprus](#cyprus-identity-card)-- [Czech](#czech-personal-identity-number)-- [Denmark](#denmark-personal-identification-number)-- [Estonia](#estonia-personal-identification-code)-- [Finland](#finland-national-id)-- [France](#france-national-id-card-cni)-- [Germany](#germany-identity-card-number)-- [Greece](#greece-national-id-card)-- [Hungary](#hungary-personal-identification-number)-- [Ireland](#ireland-personal-public-service-pps-number)-- [Italy](#italy-fiscal-code)-- [Latvia](#latvia-personal-code)-- [Lithuania](#lithuania-personal-code)-- [Luxemburg](#luxemburg-national-identification-number-natural-persons)-- [Malta](#malta-identity-card-number)-- [Netherlands](#netherlands-citizens-service-bsn-number)-- [Poland](#poland-national-id-pesel)-- [Portugal](#portugal-citizen-card-number)-- [Romania](#romania-personal-numeric-code-cnp)-- [Slovakia](#slovakia-personal-number)-- [Slovenia](#slovenia-unique-master-citizen-number)-- [Spain](#spain-dni)-- [U.K.](#uk-national-insurance-number-nino)-
-## EU passport number
-
-These entities are in the EU passport number and are sensitive information types. These entities are in the EU passport number bundle.
--- [Austria](#austria-passport-number)-- [Belgium](#belgium-passport-number)-- [Bulgaria](#bulgaria-passport-number)-- [Croatia](#croatia-passport-number)-- [Cyprus](#cyprus-passport-number)-- [Czech](#czech-passport-number)-- [Denmark](#denmark-passport-number)-- [Estonia](#estonia-passport-number)-- [Finland](#finland-passport-number)-- [France](#france-passport-number)-- [Germany](#germany-passport-number)-- [Greece](#greece-passport-number)-- [Hungary](#hungary-passport-number)-- [Ireland](#ireland-passport-number)-- [Italy](#italy-passport-number)-- [Latvia](#latvia-passport-number)-- [Lithuania](#lithuania-passport-number)-- [Luxemburg](#luxemburg-passport-number)-- [Malta](#malta-passport-number)-- [Netherlands](#netherlands-passport-number)-- [Poland](#poland-passport-number)-- [Portugal](#portugal-passport-number)-- [Romania](#romania-passport-number)-- [Slovakia](#slovakia-passport-number)-- [Slovenia](#slovenia-passport-number)-- [Spain](#spain-passport-number)-- [Sweden](#sweden-passport-number)-- [U.S./U.K. passport number](#usuk-passport-number)-
-## EU social security number or equivalent identification
-
-These entities are in the EU Social Security Number or equivalent identification and are sensitive information types.
--- [Austria](#austria-social-security-number)-- [Belgium](#belgium-national-number)-- [Croatia](#croatia-personal-identification-oib-number)-- [Czech](#czech-personal-identity-number)-- [Denmark](#denmark-personal-identification-number)-- [Finland](#finland-national-id)-- [France](#france-social-security-number-insee)-- [Germany](#germany-identity-card-number)-- [Greece](#greece-national-id-card)-- [Hungary](#hungary-social-security-number-taj)-- [Portugal](#portugal-citizen-card-number)-- [Spain](#spain-social-security-number-ssn)-- [Sweden](#sweden-national-id)-
-## EU Tax identification number
-
-These entities are in the EU Tax identification number sensitive information type.
--- [Austria](#austria-tax-identification-number)-- [Belgium](#belgium-national-number)-- [Bulgaria](#bulgaria-uniform-civil-number)-- [Croatia](#croatia-identity-card-number)-- [Cyprus](#cyprus-tax-identification-number)-- [Czech](#czech-personal-identity-number)-- [Denmark](#denmark-personal-identification-number)-- [Estonia](#estonia-personal-identification-code)-- [Finland](#finland-national-id)-- [France](#france-tax-identification-number)-- [Germany](#germany-tax-identification-number)-- [Greece](#greece-tax-identification-number)-- [Hungary](#hungary-tax-identification-number)-- [Ireland](#ireland-personal-public-service-pps-number)-- [Italy](#italy-fiscal-code)-- [Latvia](#latvia-personal-code)-- [Lithuania](#lithuania-personal-code)-- [Luxemburg](#luxemburg-national-identification-number-non-natural-persons)-- [Malta](#malta-tax-identification-number)-- [Netherlands](#netherlands-tax-identification-number)-- [Poland](#poland-tax-identification-number)-- [Portugal](#portugal-tax-identification-number)-- [Romania](#romania-personal-numeric-code-cnp)-- [Slovakia](#slovakia-personal-number)-- [Slovenia](#slovenia-tax-identification-number)-- [Spain](#spain-tax-identification-number)-- [Sweden](#sweden-tax-identification-number)-- [U.K.](#uk-unique-taxpayer-reference-number)-
-## Finland driver's license number
-
-### Format
-
-10 digits containing a hyphen
-
-### Pattern
-
-10 digits containing a hyphen:
--- six digits-- a hyphen-- three digits-- a digit or letter-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_finland_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_finland_eu_driver's_license_number` is found.-
-```xml
- <!-- Finland Driver's License Number -->
- <Entity id="bb3b27a3-79bd-4ac4-81a7-f9fca3c7d1a7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_finland_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_finland_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_finland_eu_driver's_license_number
--- ajokortti-- permis de conduire-- ajokortin numero-- kuljettaja lic.-- k├╢rkort-- k├╢rkortnummer-- f├╢rare lic.-- ajokortit-- ajokortin numerot-
-## Finland european health insurance number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-20-digit number
-
-### Pattern
-
-20-digit number:
--- 10 digits - 8024680246-- an optional space or hyphen-- 10 digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regex Regex_Finland_European_Health_Insurance_Number finds content that matches the pattern.-- A keyword from Keyword_Finland_European_Health_Insurance_Number is found.-
-```xml
- <!-- Finland European Health Insurance Number -->
- <Entity id="60f75aed-81bf-4625-89b0-0846b9248ee7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_Finland_European_Health_Insurance_Number"/>
- <Match idRef="Keyword_Finland_European_Health_Insurance_Number"/>
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_finland_european_health_insurance_number
--- ehic#-- ehic-- finlandehicnumber#-- finska sjukförsäkringskort-- health card-- health insurance card-- health insurance number-- hälsokort-- sairaanhoitokortin-- sairausvakuutuskortti-- sairausvakuutusnumero-- sjukförsäkring nummer-- sjukförsäkringskort-- suomen sairausvakuutuskortti-- terveyskortti-
-## Finland national ID
-
-### Format
-
-six digits plus a character indicating a century plus three digits plus a check digit
-
-### Pattern
-
-Pattern must include all of the following:
--- six digits in the format DDMMYY, which are a date of birth-- century marker (either '-', '+' or 'a')-- three-digit personal identification number-- a digit or letter (case insensitive) which is a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- the function Func_finnish_national_id finds content that matches the pattern-- a keyword from Keyword_finnish_national_id is found-- the checksum passes-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- the function Func_finnish_national_id finds content that matches the pattern-- the checksum passes-
-```xml
- <!-- Finnish National ID-->
- <Entity id="338FD995-4CB5-4F87-AD35-79BD1DD926C1" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_finnish_national_id" />
- <Match idRef="Keyword_finnish_national_id" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_finnish_national_id" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
--- ainutlaatuinen henkilökohtainen tunnus-- henkilökohtainen tunnus-- henkilötunnus-- henkilötunnusnumero#-- henkilötunnusnumero-- hetu-- id no-- id number-- identification number-- identiteetti numero-- identity number-- idnumber-- kansallinen henkilötunnus-- kansallisen henkilökortin-- national id card-- national id no.-- personal id-- personal identity code-- personalidnumber#-- personbeteckning-- personnummer-- social security number-- sosiaaliturvatunnus-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- tunnistenumero-- tunnus numero-- tunnusluku-- tunnusnumero-- verokortti-- veronumero-- verotunniste-- verotunnus-
-## Finland passport number
-
-This entity is available in the EU Passport Number sensitive information type and is available as a stand-alone sensitive information type entity.
-
-### Format
-combination of nine letters and digits
-
-### Pattern
-
-combination of nine letters and digits:
--- two letters (not case-sensitive)-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_finland_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keyword_finland_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_finland_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keyword_finland_passport_number` is found.-
-```xml
- <!-- Finland Passport Number -->
- <Entity id="d1685ac3-1d3a-40f8-8198-32ef5669c7a5" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_finland_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keyword_finland_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_finland_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keyword_finland_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keyword_finland_passport_number
--- suomalainen passi-- passin numero-- passin numero.#-- passin numero#-- passin numero.-- passi#-- passi number-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Finland physical addresses
-
-This unbundled named entity detects patterns related to physical address from Finland. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## France driver's license number
-
-This entity is available in the EU Driver's License Number sensitive information type and is available as a stand-alone sensitive information type entity.
-
-### Format
-
-12 digits
-
-### Pattern
-
-12 digits with validation to discount similar patterns such as French telephone numbers
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- the function Func_french_drivers_license finds content that matches the pattern.-- a keyword from Keyword_french_drivers_license is found.-
-```xml
- <!-- France Driver's License Number -->
- <Entity id="18e55a36-a01b-4b0f-943d-dc10282a1824" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_french_drivers_license" />
- <Match idRef="Keyword_french_drivers_license" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_french_drivers_license
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-- permis de conduire-- licence number-- license number-- licence numbers-- license numbers-- numéros de licence-
-## France health insurance number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-21-digit number
-
-### Pattern
-
-21-digit number:
--- 10 digits-- an optional space-- 10 digits-- an optional space-- a digit-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- the regex Regex_France_Health_Insurance_Number finds content that matches the pattern.-- a keyword from Keyword_France_Health_Insurance_Number is found.-
-```xml
- <!-- France Health Insurance Number -->
- <Entity id="9bc2069e-76df-4ff9-ac02-2f519469e236" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_France_Health_Insurance_Number"/>
- <Match idRef="Keyword_France_Health_Insurance_Number"/>
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_France_health_insurance_number
--- insurance card-- carte vitale-- carte d'assuré social-
-## France national id card (CNI)
-
-### Format
-
-12 digits
-
-### Pattern
-
-12 digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_france_cni finds content that matches the pattern.-- A keyword from Keywords_france_eu_national_id_card is found.-
-```xml
- <!-- France CNI -->
- <Entity id="f741ac74-1bc0-4665-b69b-f0c7f927c0c4" patternsProximity="300" recommendedConfidence="65">
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_france_cni" />
- <Match idRef="Keywords_france_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_france_eu_national_id_card
--- card number-- carte nationale d'identité-- carte nationale d'idenite no-- cni#-- cni-- compte bancaire-- national identification number-- national identity-- nationalidno#-- numéro d'assurance maladie-- numéro de carte vitale-
-## France passport number
-
-This entity is available in the EU Passport Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
-
-### Format
-
-nine digits and letters
-
-### Pattern
-
-nine digits and letters:
--- two digits-- two letters (not case-sensitive)-- five digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_fr_passport` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_france_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_fr_passport` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_france_eu_passport_number` is found.-
-```xml
- <!-- France Passport Number -->
- <Entity id="3008b884-8c8c-4cd8-a289-99f34fc7ff5d" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_fr_passport" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_france_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date3" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_fr_passport" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_france_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_france_eu_passport_number
--- numéro de passeport-- passeport n °-- passeport non-- passeport #-- passeport#-- passeportnon-- passeportn °-- passeport français-- passeport livre-- passeport carte-- numéro passeport-- passeport n°-- n° du passeport-- n° passeport-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## France physical addresses
-
-This unbundled named entity detects patterns related to physical address from France. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## France social security number (INSEE)
-
-### Format
-
-15 digits
-
-### Pattern
-
-Must match one of two patterns:
--- 13 digits followed by a space followed by two digits-
- or
--- 15 consecutive digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_french_insee` finds content that matches the pattern.-- A keyword from Keyword_fr_insee is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_french_insee or Func_fr_insee finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- France INSEE -->
- <Entity id="71f62b97-efe0-4aa1-aa49-e14de253619d" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_french_insee" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keyword_fr_insee" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_french_insee" />
- <Match idRef="Keyword_fr_insee" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_fr_insee
--- code sécu-- d'identité nationale-- insee-- fssn#-- le numéro d'identification nationale-- le code de la sécurité sociale-- national id-- national identification-- no d'identité-- no. d'identité-- numéro d'assurance-- numéro d'identité-- numero d'identite-- numéro de sécu-- numéro de sécurité sociale-- no d'identite-- no. d'identite-- ssn-- ssn#-- sécurité sociale-- securité sociale-- securite sociale-- socialsecuritynumber-- social security number-- social security code-- social insurance number-
-## France tax identification number
-
-### Format
-
-13 digits
-
-### Pattern
-
-13 digits
--- One digit that must be 0, 1, 2, or 3-- One digit-- A space (optional)-- Two digits-- A space (optional)-- Three digits-- A space (optional)-- Three digits-- A space (optional)-- Three check digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_france_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_france_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_france_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- France Tax Identification Number (numéro SPI.) -->
- <Entity id="ed59e77e-171d-442c-9ec1-88e2ebcb5b0a" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_france_eu_tax_file_number" />
- <Match idRef="Keywords_france_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_france_eu_tax_file_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_france_eu_telephone_number" />
- <Match idRef="Keywords_france_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-
-```
-
-### Keywords
-
-#### Keywords_france_eu_tax_file_number
--- numéro d'identification fiscale-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## France value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13 character alphanumeric pattern
-
-### Pattern
-
-13 character alphanumeric pattern:
--- two letters - FR (case insensitive)-- an optional space or hyphen-- two letters or digits-- an optional space, dot, hyphen, or comma-- three digits-- an optional space, dot, hyphen, or comma-- three digits-- an optional space, dot, hyphen, or comma-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_france_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_france_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_france_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- France Value Added Tax Number -->
- <Entity id="949121e6-ad9f-4379-8731-710342baea78" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_france_value_added_tax_number" />
- <Match idRef="Keywords_france_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_france_value_added_tax_number" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_France_value_added_tax_number
--- vat number-- vat no-- vat#-- value added tax-- siren identification no numéro d'identification taxe sur valeur ajoutée-- taxe valeur ajoutée-- taxe sur la valeur ajoutée-- n° tva-- numéro de tva-- numéro d'identification siren-
-## Generic medication names
-
-This unbundled named entity detects names of generic medications, such as *acetaminophen*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Germany driver's license number
-
-This sensitive information type entity is included in the EU Driver's License Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
-
-### Format
-
-combination of 11 digits and letters
-
-### Pattern
-
-11 digits and letters (not case-sensitive):
--- a digit or letter-- two digits-- six digits or letters-- a digit-- a digit or letter-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_german_drivers_license finds content that matches the pattern.-- A keyword from Keyword_german_drivers_license_number is found.-- The checksum passes.-
-```xml
- <!-- German Driver's License Number -->
- <Entity id="91da9335-1edb-45b7-a95f-5fe41a16c63c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_german_drivers_license" />
- <Match idRef="Keyword_german_drivers_license" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_german_drivers_license_number
--- ausstellungsdatum-- ausstellungsort-- ausstellende beh├╢de-- ausstellende behorde-- ausstellende behoerde-- f├╝hrerschein-- fuhrerschein-- fuehrerschein-- f├╝hrerscheinnummer-- fuhrerscheinnummer-- fuehrerscheinnummer-- f├╝hrerschein--- fuhrerschein--- fuehrerschein--- f├╝hrerscheinnummernr-- fuhrerscheinnummernr-- fuehrerscheinnummernr-- f├╝hrerscheinnummerklasse-- fuhrerscheinnummerklasse-- fuehrerscheinnummerklasse-- nr-f├╝hrerschein-- nr-fuhrerschein-- nr-fuehrerschein-- no-f├╝hrerschein-- no-fuhrerschein-- no-fuehrerschein-- n-f├╝hrerschein-- n-fuhrerschein-- n-fuehrerschein-- permis de conduire-- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dlno-
-## Germany identity card number
-
-### Format
-
-since 1 November 2010: Nine to 11 letters and digits
-
-from 1 April 1987 until 31 October 2010: 10 digits
-
-### Pattern
-
-since 1 November 2010: 9 to 11 characters alphanumeric pattern
-- one L, M, N, P, R, T, V, W, X, Y (case insensitive)-- eight digits or letters in C, F, G, H, J, K, L, M, N, P, R, T, V, W, X, Y and Z (case insensitive)-- optional check digit-- Optional d/D-
-from 1 April 1987 until 31 October 2010:
--- 10 digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_german_id_card_with_check` finds content that matches the pattern.-- A keyword from `Keyword_germany_id_card` is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_germany_id_card` finds content that matches the pattern (9 characters without check digit issued pre-2010 or 10 digits pattern issued posy 2010).-- A keyword from Keyword_germany_id_card is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_german_id_card_with_check` finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- Germany Identity Card Number -->
- <Entity id="e577372f-c42e-47a0-9d85-bebed1c237d4" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_germany_id_card" />
- <Match idRef="Keyword_germany_id_card" />
- </Pattern>
- <Version minEngineVersion="15.20.4545.000">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_german_id_card_with_check" />
- <Match idRef="Keyword_germany_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_german_id_card_with_check" />
- </Pattern>
- </Version>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_germany_id_card
--- ausweis-- gpid-- identification-- identifikation-- identifizierungsnummer-- identity card-- identity number-- id-nummer-- personal id-- personalausweis-- persönliche id nummer-- persönliche identifikationsnummer-- persönliche-id-nummer-
-## Germany passport number
-
-### Format
-
-9 to 11 characters
-
-### Pattern
--- one letter in C, F, G, H, J, K (case insensitive)-- eight digits or letters in C, F, G, H, J, K, L, M, N, P, R, T, V, W, X, Y and Z (case insensitive)-- optional check digit-- Optional d/D-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_german_passport_checksum` finds content that matches the pattern.-- A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_german_passport` finds content that matches the nine characters pattern (without check digit and optional d/D).-- A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_german_passport_checksum` finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- German Passport Number -->
- <Entity id="2e3da144-d42b-47ed-b123-fbf78604e52c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_german_passport" />
- <Any minMatches="1">
- <Match idRef="Keyword_german_passport" />
- <Match idRef="Keywords_eu_passport_number_common" />
- </Any>
- </Pattern>
- <Version minEngineVersion="15.20.4570.0">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_german_passport_checksum" />
- <Any minMatches="1">
- <Match idRef="Keyword_german_passport" />
- <Match idRef="Keywords_eu_passport_number_common" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_german_passport_checksum" />
- </Pattern>
- </Version>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_german_passport
--- reisepasse-- reisepassnummer-- No-Reisepass-- Nr-Reisepass-- Reisepass-Nr-- Passnummer-- reisepässe-- passeport no.-- passeport no-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-## Germany physical addresses
-
-This unbundled named entity detects patterns related to physical address from Germany. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Germany tax identification number
-
-### Format
-
-11 digits without spaces and delimiters
-
-### Pattern
-
-11 digits
--- Two digits-- An optional space-- Three digits-- An optional space-- Three digits-- An optional space-- Two digits-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_germany_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Germany Tax Identification Number -->
- <Entity id="43316a89-9880-40cf-b980-04bc7eefcec5" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_germany_eu_tax_file_number" />
- <Match idRef="Keywords_germany_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_germany_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_germany_eu_tax_file_number
--- identifikationsnummer-- steuer id-- steueridentifikationsnummer-- steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- zinn#-- zinn-- zinnnummer-
-## Germany value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 character alphanumeric pattern
-
-### Pattern
-
-11-character alphanumeric pattern:
--- a letter D or d-- a letter E or e-- an optional space-- three digits-- an optional space or comma-- three digits-- an optional space or comma-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_germany_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_germany_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_germany_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- Germany Value Added Tax Number -->
- <Entity id="db177eb2-8811-4842-bffc-128c14aa219f" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_germany_value_added_tax_number" />
- <Match idRef="Keywords_germany_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_germany_value_added_tax_number" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keyword_germany_value_added_tax_number
--- vat number-- vat no-- vat#-- vat# mehrwertsteuer-- mwst-- mehrwertsteuer identifikationsnummer-- mehrwertsteuer nummer-
-## Greece driver's license number
-
-This entity is included in the EU Driver's License Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_greece_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_greece_eu_driver's_license_number` is found.-
-```xml
- <!-- Greece Driver's License Number -->
- <Entity id="7a2200b5-aacf-4e3c-ab36-136d3e68b7da" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_greece_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_greece_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_greece_eu_driver's_license_number
--- δεια οδήγησης-- Adeia odigisis-- Άδεια οδήγησης-- Δίπλωμα οδήγησης-
-## Greece national ID card
-
-### Format
-
-Combination of 7-8 letters and numbers plus a dash
-
-### Pattern
-
-Seven letters and numbers (old format):
--- One letter (any letter of the Greek alphabet)-- A dash-- Six digits-
-Eight letters and numbers (new format):
--- Two letters whose uppercase character occurs in both the Greek and Latin alphabets (ABEZHIKMNOPTYX)-- A dash-- Six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_greece_id_card finds content that matches the pattern.-- A keyword from Keyword_greece_id_card is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_greece_id_card finds content that matches the pattern.-
-```xml
- <!-- Greece National ID Card -->
- <Entity id="82568215-1da1-46d3-874a-d2294d81b5ac" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_greece_id_card" />
- <Match idRef="Keyword_greece_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_greece_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_greece_id_card
--- greek id-- greek national id-- greek personal id card-- greek police id-- identity card-- tautotita-- ταυτότητα-- ταυτότητας-
-## Greece passport number
-
-### Format
-
-Two letters followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-Two letters followed by seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.-- The regular expression `Regex_greece_eu_passport_date` finds date in the format DD MMM YY (Example - 28 Aug 19) or a keyword from `Keywords_greece_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.-
-```xml
- <!-- Greece Passport Number -->
- <Entity id="7e65eb47-cdf9-4f52-8f90-2a27d5ee67e3" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_greece_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_greece_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_greece_eu_passport_date" />
- <Match idRef="Keywords_greece_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_greece_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_greece_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_greece_eu_passport_number
--- αριθμός διαβατηρίου-- αριθμούς διαβατηρίου-- αριθμός διαβατηριο-
-## Greece physical addresses
-
-This unbundled named entity detects patterns related to physical address from Greece. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Greece Social Security Number (AMKA)
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits without spaces and delimiters
-
-### Pattern
--- Six digits as date of birth YYMMDD-- Four digits-- a check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_greece_eu_ssn` finds content that matches the pattern.-- A keyword from `Keywords_greece_eu_ssn_or_equivalent` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_greece_eu_ssn` finds content that matches the pattern.-
-```xml
- <!-- Greece Social Security Number (AMKA) -->
- <Entity id="e39b03f4-50ea-41ae-af7a-a4b9539596ad" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_greece_eu_ssn" />
- <Match idRef="Keywords_greece_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_greece_eu_ssn" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_greece_eu_ssn_or_equivalent
--- ssn-- ssn#-- social security no-- socialsecurityno#-- social security number-- amka-- a.m.k.a.-- Αριθμού Μητρώου Κοινωνικής Ασφάλισης-
-## Greece tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-Nine digits without spaces and delimiters
-
-### Pattern
-
-Nine digits
-
-### Checksum
-
-Not applicable
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_greece_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_greece_eu_tax_file_number` is found.-
-```xml
- <!-- Greek Tax Identification Number -->
- <Entity id="15a54a5a-53d4-4080-ad43-a2a4fe1d3bf7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_greece_eu_tax_file_number" />
- <Match idRef="Keywords_greece_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_greece_eu_tax_file_number
--- afm#-- afm-- aφμ|aφμ αριθμός-- aφμ-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- tax registry no-- tax registry number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- taxregistryno#-- tin id-- tin no-- tin#-- αριθμός φορολογικού μητρώου-- τον αριθμό φορολογικού μητρώου-- φορολογικού μητρώου νο-
-## Hong Kong identity card (HKID) number
-
-### Format
-
-Combination of 8-9 letters and numbers plus optional parentheses around the final character
-
-### Pattern
-
-Combination of 8-9 letters:
--- 1-2 letters (not case-sensitive)-- Six digits-- optional space-- a check character (any digit or the letter A) which is optionally enclosed in parentheses-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_hong_kong_id_card finds content that matches the pattern.-- A keyword from Keyword_hong_kong_id_card is found.-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_hong_kong_id_card finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Hong Kong Identity Card (HKID) number -->
-<Entity id="e63c28a7-ad29-4c17-a41a-3d2a0b70fd9c" recommendedConfidence="75" patternsProximity="300">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_hong_kong_id_card"/>
- <Match idRef="Keyword_hong_kong_id_card"/>
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_hong_kong_id_card"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_hong_kong_id_card
--- hkid-- hong kong identity card-- HKIDC-- id card-- identity card-- hk identity card-- hong kong id-- 香港身份證-- 香港永久性居民身份證-- 身份證-- 身份証-- 身分證-- 身分証-- 香港身份証-- 香港身分證-- 香港身分証-- 香港身份證-- 香港居民身份證-- 香港居民身份証-- 香港居民身分證-- 香港居民身分証-- 香港永久性居民身份証-- 香港永久性居民身分證-- 香港永久性居民身分証-- 香港永久性居民身份證-- 香港非永久性居民身份證-- 香港非永久性居民身份証-- 香港非永久性居民身分證-- 香港非永久性居民身分証-- 香港特別行政區永久性居民身份證-- 香港特別行政區永久性居民身份証-- 香港特別行政區永久性居民身分證-- 香港特別行政區永久性居民身分証-- 香港特別行政區非永久性居民身份證-- 香港特別行政區非永久性居民身份証-- 香港特別行政區非永久性居民身分證-- 香港特別行政區非永久性居民身分証-
-## Hungary driver's license number
-
-### Format
-
-Two letters followed by six digits
-
-### Pattern
-
-Two letters and six digits:
--- Two letters (not case-sensitive)-- Six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_hungary_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_hungary_eu_driver's_license_number` is found.-
-```xml
- <Entity id="9d31c46b-6e6b-444c-aeb1-6dd7e604bb24" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_hungary_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_hungary_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_hungary_eu_driver's_license_number
--- vezetoi engedely-- vezetői engedély-- vezetői engedélyek-
-## Hungary passport number
-
-### Format
-
-Two letters followed by six or seven digits with no spaces or delimiters
-
-### Pattern
-
-Two letters followed by six or seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.-- The regular expression `Regex_hungary_eu_passport_date` finds date in the format DD MMM/MMM YY (Example - 01 MÁR/MAR 12) or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.-
-```xml
- <!-- Hungary Passport Number -->
- <Entity id="5b483910-9aa7-4c99-9917-f4001464bda7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_hungary_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_hungary_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_hungary_eu_passport_date" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_hungary_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_hungary_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_hungary_eu_passport_number
--- útlevél száma-- Útlevelek száma-- útlevél szám-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Hungary personal identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits
-
-### Pattern
-
-11 digits:
--- One digit that corresponds to gender, 1 for male, 2 for female. Other numbers are also possible for citizens born before 1900 or citizens with double citizenship.-- Six digits that correspond to birth date (YYMMDD)-- Three digits that correspond to a serial number-- One check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_hungary_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Hungary Personal Identification Number -->
- <Entity id="7b5cc218-7046-47d9-80c9-f325b50896ca" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_hungary_eu_national_id_card" />
- <Match idRef="Keywords_hungary_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_hungary_eu_national_id_card" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_hungary_eu_telephone_number" />
- <Match idRef="Keywords_hungary_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_hungary_eu_national_id_card
--- id number-- identification number-- sz ig-- sz. ig.-- sz.ig.-- személyazonosító igazolvány-- személyi igazolvány-
-## Hungary physical addresses
-
-This unbundled named entity detects patterns related to physical address from Hungary. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Hungary social security number (TAJ)
-
-### Format
-
-Nine digits without spaces and delimiters
-
-### Pattern
-
-Nine digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.-- A keyword from `Keywords_hungary_eu_ssn_or_equivalent` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.-
-```xml
- <!-- Hungarian Social Security Number (TAJ) -->
- <Entity id="0de78315-9537-47f5-95ab-b3e77eba3993" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_hungary_eu_ssn_or_equivalent" />
- <Match idRef="Keywords_hungary_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_hungary_eu_ssn_or_equivalent" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_hungary_eu_ssn_or_equivalent
--- hungarian social security number-- social security number-- socialsecuritynumber#-- hssn#-- socialsecuritynno-- hssn-- taj-- taj#-- ssn-- ssn#-- social security no-- áfa-- közösségi adószám-- általános forgalmi adó szám-- hozzáadottérték adó-- áfa szám-- magyar áfa szám-
-## Hungary tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10 digits with no spaces or delimiters
-
-### Pattern
-
-10 digits:
--- One digit that must be "8"-- Eight digits-- One check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_hungary_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Hungary Tax Identification Number -->
- <Entity id="ede42eb4-59d9-49eb-9603-d7853fbda91d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_hungary_eu_tax_file_number" />
- <Match idRef="Keywords_hungary_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_hungary_eu_tax_file_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_hungary_eu_telephone_number" />
- <Match idRef="Keywords_hungary_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_hungary_eu_tax_file_number
--- adóazonosító szám-- adóhatóság szám-- adószám-- hungarian tin-- hungatiantin#-- tax authority no-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- vat number-
-## Hungary value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10 character alphanumeric pattern
-
-### Pattern
-
-10 character alphanumeric pattern:
--- two letters - HU or hu-- optional space-- eight digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_hungarian_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_hungarian_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_hungarian_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- Hungarian Value Added Tax Number -->
- <Entity id="976349a0-683b-477a-90f8-ff0a220d5592" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_hungarian_value_added_tax_number" />
- <Match idRef="Keywords_hungarian_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_hungarian_value_added_tax_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_Hungary_value_added_tax_number
--- vat-- value added tax number-- vat#-- vatno#-- hungarianvatno#-- tax no.-- value added tax áfa-- közösségi adószám-- általános forgalmi adó szám-- hozzáadottérték adó-- áfa szám-
-## Iceland physical addresses
-
-This unbundled named entity detects patterns related to physical address from Iceland. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Impairments Listed In The U.S. Disability Evaluation Under Social Security
-
-This unbundled named entity detects names of impairments listed in the U.S. Disability Evaluation Under Social Security, such as *muscular dystrophy*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## India Driver's License Number
-
-### Format
-
-15 character alphanumeric pattern
-
-### Pattern
-
-15 letters or digits:
--- two letters indicating state code-- optional space or dash-- two digits indicating city code-- optional space or dash-- four digits indicating year of issue-- optional space or dash-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_india_driving_license` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number_common` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_india_driving_license` finds content that matches the pattern.-
-```xml
- <!-- India Driver's License Number -->
- <Entity id="680788a3-53b6-455a-b891-c38cd76dc917" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_india_driving_license" />
- <Match idRef="Keywords_eu_driver's_license_number_common" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_india_driving_license" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number_common
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-## India GST Number
-
-### Format
-
-15 character alphanumeric pattern
-
-### Pattern
-
-15 letters or digits:
--- two digits representing valid state code-- an optional space or dash-- ten characters representing Permanent Account Number (PAN)-- one letter or digit-- an optional space or dash-- one letter 'z' or 'Z'-- an optional space or dash-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_india_gst_number` finds content that matches the pattern.-- A keyword from `Keyword_india_gst_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_india_gst_number` finds content that matches the pattern.-
-```xml
- <!-- India GST number -->
- <Entity id="9f5a721c-2fd2-446a-a27e-0c02fbe4630c" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_india_gst_number" />
- <Match idRef="Keyword_india_gst_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_india_gst_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_india_gst_number
--- gst-- gstin-- goods and services tax-- goods and service tax-
-## India permanent account number (PAN)
-
-### Format
-
-10 letters or digits
-
-### Pattern
-
-10 letters or digits:
--- Three letters (not case-sensitive)-- A letter in C, P, H, F, A, T, B, L, J, G (not case-sensitive)-- A letter-- Four digits-- A letter that is an alphabetic check digit-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_india_permanent_account_number finds content that matches the pattern.-- A keyword from Keyword_india_permanent_account_number is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_india_permanent_account_number finds content that matches the pattern.-
-```xml
- <!-- India Permanent Account Number -->
- <Entity id="2602bfee-9bb0-47a5-a7a6-2bf3053e2804" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_india_permanent_account_number" />
- <Match idRef="Keyword_india_permanent_account_number" />
- </Pattern>
- <Version minEngineVersion="15.20.3520.000">
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_india_permanent_account_number" />
- </Pattern>
- </Version>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_india_permanent_account_number
--- Permanent Account Number-- PAN-
-## India unique identification (Aadhaar) number
-
-### Format
-
-12 digits containing optional spaces or dashes
-
-### Pattern
-
-12 digits:
--- A digit that isn't 0 or 1-- Three digits-- An optional space or dash-- Four digits-- An optional space or dash-- The final digit, which is the check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_india_aadhaar finds content that matches the pattern.-- A keyword from Keyword_india_aadhar is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_india_aadhaar finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- India Unique Identification (Aadhaar) number -->
-<Entity id="1ca46b29-76f5-4f46-9383-cfa15e91048f" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_india_aadhaar"/>
- <Match idRef="Keyword_india_aadhar"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_india_aadhaar"/>
- </Pattern>
-</Entity>
-```
-### Keywords
-
-#### Keyword_india_aadhar
-- aadhaar-- aadhar-- aadhar#-- uid-- आधार-- uidai-
-## India Voter Id Card
-
-### Format
-
-10 character alphanumeric pattern
-
-### Pattern
-
-10 letters or digits:
--- three letters-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_india_voter_id_card` finds content that matches the pattern.-- A keyword from `Keyword_india_voter_id_card` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_india_voter_id_card` finds content that matches the pattern.-
-```xml
- <!-- India Voter Id Card -->
- <Entity id="646d643f-5228-4408-acc8-f2e81a6df897" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_india_voter_id_card" />
- <Match idRef="Keyword_india_voter_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_india_voter_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_india_voter_id_card
--- voter-- voterid-- votercard-- voteridcard-- electoral photo identity card-- EPIC-- ECI-- election commmision-
-## Indonesia identity card (KTP) number
-
-### Format
-
-16 digits containing optional periods
-
-### Pattern
-
-16 digits:
--- Two-digit province code-- A period (optional)-- Two-digit regency or city code-- Two-digit subdistrict code-- A period (optional)-- Six digits in the format DDMMYY, which are the date of birth-- A period (optional)-- Four digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_indonesia_id_card finds content that matches the pattern.-- A keyword from Keyword_indonesia_id_card is found.-
-```xml
-<!-- Indonesia Identity Card (KTP) Number -->
-<Entity id="da68fdb0-f383-4981-8c86-82689d3b7d55" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_indonesia_id_card"/>
- <Match idRef="Keyword_indonesia_id_card"/>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_indonesia_id_card
--- KTP-- Kartu Tanda Penduduk-- Nomor Induk Kependudukan-
-## International banking account number (IBAN)
-
-### Format
-
-Country code (two letters) plus check digits (two digits) plus bban number (up to 30 characters)
-
-### Pattern
-
-Pattern must include all of the following:
--- Two-letter country code-- Two check digits (followed by an optional space)-- 1-7 groups of four letters or digits (can be separated by spaces)-- 1-3 letters or digits-
-The format for each country is slightly different. The IBAN sensitive information type covers these 60 countries:
--- ad-- ae-- al-- at-- az-- ba-- be-- bg-- bh-- ch-- cr-- cy-- cz-- de-- dk-- do-- ee-- es-- fi-- fo-- fr-- gb-- ge-- gi-- gl-- gr-- hr-- hu-- ie-- il-- is-- it-- kw-- kz-- lb-- li-- lt-- lu-- lv-- mc-- md-- me-- mk-- mr-- mt-- mu-- nl-- no-- pl-- pt-- ro-- rs-- sa-- se-- si-- sk-- sm-- tn-- tr-- vg-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_iban finds content that matches the pattern.-- The checksum passes.-
-```xml
-<Entity id="e7dc4711-11b7-4cb0-b88b-2c394a771f0e" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_iban" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-None
-
-## International classification of diseases (ICD-10-CM)
-
-### Format
-
-Dictionary
-
-### Pattern
-
-Keyword
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- A keyword from Dictionary_icd_10_updated is found.-- A keyword from Dictionary_icd_10_codes is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- A keyword from Dictionary_icd_10_ updated is found.-
-```xml
- <!-- ICD-10 CM -->
- <Entity id="3356946c-6bb7-449b-b253-6ffa419c0ce7" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Dictionary_icd_10_updated" />
- <Match idRef="Dictionary_icd_10_codes" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Dictionary_icd_10_updated" />
- </Pattern>
-
-```
-
-### Keywords
-
-Any term from the Dictionary_icd_10_updated keyword dictionary, which is based on the [International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM)](https://icd10cmtool.cdc.gov/). This type looks only for the term, not the insurance codes.
-
-Any term from the Dictionary_icd_10_codes keyword dictionary, which is based on the [International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM)](https://icd10cmtool.cdc.gov/). This type looks only for insurance codes, not the description.
-
-## International classification of diseases (ICD-9-CM)
-
-### Format
-
-Dictionary
-
-### Pattern
-
-Keyword
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- A keyword from Dictionary_icd_9_updated is found.-- A keyword from Dictionary_icd_9_codes is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- A keyword from Dictionary_icd_9_updated is found.-
-```xml
- <Entity id="fa3f9c74-ee07-4c52-b5f2-085d6b2c0ec4" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Dictionary_icd_9_updated" />
- <Match idRef="Dictionary_icd_9_codes" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Dictionary_icd_9_updated" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-Any term from the Dictionary_icd_9_updated keyword dictionary, which is based on the [International Classification of Diseases,Ninth Revision, Clinical Modification (ICD-9-CM)](https://go.microsoft.com/fwlink/?linkid=852605). This type looks only for the term, not the insurance codes.
-
-Any term from the Dictionary_icd_9_codes keyword dictionary, which is based on the [International Classification of Diseases,Ninth Revision, Clinical Modification (ICD-9-CM)](https://go.microsoft.com/fwlink/?linkid=852605). This type looks only for insurance codes, not the description.
-
-## IP address
-
-### Format
-
-#### IPv4:
-Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses
-
-#### IPv6:
-Complex pattern that accounts for formatted IPv6 numbers (which include colons)
-
-### Pattern
-
-### Checksum
-
-No
-
-### Definition
-
-For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_ipv6_address finds content that matches the pattern.-- No keyword from Keyword_ipaddress is found.-
-For IPv4, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_ipv4_address finds content that matches the pattern.-- A keyword from Keyword_ipaddress is found.-
-For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_ipv6_address finds content that matches the pattern.-- No keyword from Keyword_ipaddress is found.-
-```xml
- <!-- IP Address -->
- <Entity id="1daa4ad5-e2dd-4ca4-a788-54722c09efb2" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_ipv6_address" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keyword_ipaddress" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="95">
- <IdMatch idRef="Regex_ipv4_address" />
- <Any minMatches="1">
- <Match idRef="Keyword_ipaddress" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="95">
- <IdMatch idRef="Regex_ipv6_address" />
- <Any minMatches="1">
- <Match idRef="Keyword_ipaddress" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_ipaddress
--- IP (this keyword is case-sensitive)-- ip address-- ip addresses-- internet protocol-- IP-כתובת ה-
-## IP Address v4
-
-### Format
-
-Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses
-
-### Pattern
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ipv4_address` finds content that matches the pattern.-- A keyword from `Keyword_ipaddress` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ipv4_address` finds content that matches the pattern.-
-```xml
- <!-- IP Address v4-->
- <Entity id="a7dd5e5f-e7f9-4626-a2c6-86a8cb6830d2" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_ipv4_address" />
- <Match idRef="Keyword_ipaddress" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_ipv4_address" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_ipaddress
--- IP (case sensitive)-- ip address-- ip addresses-- internet protocol-- IP-כתובת ה-
-## IP Address v6
-
-### Format
-
-Complex pattern that accounts for formatted IPv6 numbers (which include colons)
-
-### Pattern
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ipv6_address` finds content that matches the pattern.-- A keyword from `Keyword_ipaddress` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ipv6_address` finds content that matches the pattern.-
-```xml
- <!-- IP Address v6-->
- <Entity id="3f691089-7413-4926-ab3b-3c5ea8a1c17e" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_ipv6_address" />
- <Match idRef="Keyword_ipaddress" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_ipv6_address" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_ipaddress
--- IP (case sensitive)-- ip address-- ip addresses-- internet protocol-- IP-כתובת ה-
-## Ireland driver's license number
-
-### Format
-
-Six digits followed by four letters
-
-### Pattern
-
-Six digits and four letters:
--- Six digits-- Four letters (not case-sensitive)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ireland_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_ireland_eu_driver's_license_number` is found.-
-```xml
- <!-- Ireland Driver's License Number -->
- <Entity id="e01bccd9-eb4d-414f-ace1-e9b6a4c4a2ca" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_ireland_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_ireland_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_ireland_eu_driver's_license_number
--- ceadúnas tiomána-- ceadúnais tiomána-
-## Ireland passport number
-
-### Format
-
-Two letters or digits followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-Two letters or digits followed by seven digits:
--- Two digits or letters (not case-sensitive)-- Seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.-- The regular expression `Regex_ireland_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 BEA/MAY 1988) or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.-
-```xml
- <!-- Ireland Passport Number -->
- <Entity id="a2130f27-9ee2-4103-84f9-a6b1ee7d0cbf" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_ireland_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_ireland_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_ireland_eu_passport_date" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_ireland_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_ireland_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_ireland_eu_passport_number
--- passeport numero-- uimhreacha pasanna-- uimhir pas-- uimhir phas-- uimhreacha pas-- uimhir cárta-- uimhir chárta-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Ireland personal public service (PPS) number
-
-### Format
-
-Old format (until 31 December 2012):
--- seven digits followed by 1-2 letters-
-New format (1 January 2013 and after):
--- seven digits followed by two letters-
-### Pattern
-
-Old format (until 31 December 2012):
--- seven digits-- one to two letters (not case-sensitive)-
-New format (1 January 2013 and after):
--- seven digits-- a letter (not case-sensitive) which is an alphabetic check digit-- An optional letter in the range A-I, or "W"-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_ireland_pps finds content that matches the pattern.-- A keyword from Keywords_ireland_eu_national_id_card is found.-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_ireland_pps finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- Ireland Personal Public Service (PPS) Number -->
- <Entity id="1cdb674d-c19a-4fcf-9f4b-7f56cc87345a" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_ireland_pps" />
- <Match idRef="Keywords_ireland_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_ireland_pps" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_ireland_eu_national_id_card
--- client identity service-- identification number-- personal id number-- personal public service number-- personal service no-- phearsanta seirbhíse poiblí-- pps no-- pps number-- pps num-- pps service no-- ppsn-- ppsno#-- ppsno-- psp-- public service no-- publicserviceno#-- publicserviceno-- revenue and social insurance number-- rsi no-- rsi number-- rsin-- seirbhís aitheantais cliant-- uimh-- uimhir aitheantais chánach-- uimhir aitheantais phearsanta-- uimhir phearsanta seirbhíse poiblí-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Ireland physical addresses
-
-This unbundled named entity detects patterns related to physical address from Ireland. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Israel bank account number
-
-### Format
-
-13 digits
-
-### Pattern
-
-Formatted:
--- two digits-- a dash-- three digits-- a dash-- eight digits-
-Unformatted:
--- 13 consecutive digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_israel_bank_account_number finds content that matches the pattern.-- A keyword from Keyword_israel_bank_account_number is found.-
-```xml
-<!-- Israel Bank Account Number -->
-<Entity id="7d08b2ff-a0b9-437f-957c-aeddbf9b2b25" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_israel_bank_account_number" />
- <Any minMatches="1">
- <Match idRef="Keyword_israel_bank_account_number" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_israel_bank_account_number
--- Bank Account Number-- Bank Account-- Account Number-- מספר חשבון בנק-
-## Israel national identification number
-
-### Format
-
-nine digits
-
-### Pattern
-
-nine consecutive digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_israeli_national_id_number finds content that matches the pattern.-- A keyword from Keyword_Israel_National_ID is found.-- The checksum passes.-
-```xml
-<!-- Israel National ID Number -->
-<Entity id="e05881f5-1db1-418c-89aa-a3ac5c5277ee" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_israeli_national_id_number" />
- <Any minMatches="1">
- <Match idRef="Keyword_Israel_National_ID" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_Israel_National_ID
--- מספר זהות-- מספר זיה וי-- מספר זיהוי ישר אלי-- זהותישר אלית-- هو ية اسرائيل ية عدد-- هوية إسرائ يلية-- رقم الهوية-- عدد هوية فريدة من نوعها-- idnumber#-- id number-- identity no-- identitynumber#-- identity number-- israeliidentitynumber-- personal id-- unique id-
-## Italy driver's license number
-
-This type entity is included in the EU Driver's License Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
-
-### Format
-
-a combination of 10 letters and digits
-
-### Pattern
-
-a combination of 10 letters and digits:
--- one letter (not case-sensitive)-- the letter "A" or "V" (not case-sensitive)-- seven digits-- one letter (not case-sensitive)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_italy_drivers_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keyword_italy_drivers_license_number` is found.-
-```xml
- <!-- Italy Driver's license Number -->
- <Entity id="97d6244f-9157-41bd-8e0c-9d669a5c4d71" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_italy_drivers_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keyword_italy_drivers_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keyword_italy_drivers_license_number
--- numero di patente-- patente di guida-- patente guida-- patenti di guida-- patenti guida-
-## Italy fiscal code
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-a 16-character combination of letters and digits in the specified pattern
-
-### Pattern
-
-A 16-character combination of letters and digits:
--- three letters that correspond to the first three consonants in the family name-- three letters that correspond to the first, third, and fourth consonants in the first name-- two digits that correspond to the last digits of the birth year-- one letter that corresponds to the letter for the month of birthΓÇöletters are used in alphabetical order, but only the letters A to E, H, L, M, P, R to T are used (so, January is A and October is R)-- two digits that correspond to the day of the month of birth in order to differentiate between genders, 40 is added to the day of birth for women-- four digits that correspond to the area code specific to the municipality where the person was born (country-wide codes are used for foreign countries)-- one parity digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_italy_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_italy_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_italy_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Italy Fiscal Code -->
- <Entity id="4cd79172-8da9-4ff5-9188-98b1e7e2eca6" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_italy_eu_national_id_card" />
- <Match idRef="Keywords_italy_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_italy_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_italy_eu_national_id_card
--- codice fiscal-- codice fiscale-- codice id personale-- codice personale-- fiscal code-- numero certificato personale-- numero di identificazione fiscale-- numero id personale-- numero personale-- personal certificate number-- personal code-- personal id code-- personal id number-- personalcodeno#-- tax code-- tax id-- tax identification no-- tax identification number-- tax identity number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Italy passport number
-
-### Format
-
-two letters or digits followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-two letters or digits followed by seven digits:
--- two digits or letters (not case-sensitive)-- seven digits-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.-- The regular expression `Regex_italy_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 GEN/JAN 1988) or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.-
-```xml
- <!-- Italy Passport Number -->
- <Entity id="39811019-4750-445f-b26d-4c0e6c431544" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_italy_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_italy_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_italy_eu_passport_date" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_italy_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_italy_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_italy_eu_passport_number
--- italiana passaporto-- passaporto italiana-- passaporto numero-- numéro passeport-- numero di passaporto-- numeri del passaporto-- passeport italien-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Italy physical addresses
-
-This unbundled named entity detects patterns related to physical address from Italy. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Italy value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13 character alphanumeric pattern with optional delimiters
-
-### Pattern
-
-13 character alphanumeric pattern with optional delimiters:
--- I or i-- T or t-- optional space, dot, hyphen, or comma-- 11 digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_italy_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_italy_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_italy_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- Italy Value Added Tax -->
- <Entity id="26a8cc07-2283-4a2a-ab1d-4ab643c4c67f" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_italy_value_added_tax_number" />
- <Match idRef="Keywords_italy_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_italy_value_added_tax_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_italy_value_added_tax_number
--- vat number-- vat no-- vat#-- iva-- iva#-
-## Japan bank account number
-
-### Format
-
-seven or eight digits
-
-### Pattern
-
-bank account number:
--- seven or eight digits-- bank account branch code:--- four digits-- a space or dash (optional)-- three digits-
-Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_bank_account finds content that matches the pattern.-- A keyword from Keyword_jp_bank_account is found.-- One of the following is true:--- The function Func_jp_bank_account_branch_code finds content that matches the pattern.-- A keyword from Keyword_jp_bank_branch_code is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_bank_account finds content that matches the pattern.-- A keyword from Keyword_jp_bank_account is found.-
-```xml
-<!-- Japan Bank Account Number -->
-<Entity id="d354f95b-96ee-4b80-80bc-4377312b55bc" patternsProximity="300" recommendedConfidence="75">
- <Version minEngineVersion="15.01.0131.000">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_jp_bank_account" />
- <Match idRef="Keyword_jp_bank_account" />
- <Any minMatches="1">
- <Match idRef="Func_jp_bank_account_branch_code" />
- <Match idRef="Keyword_jp_bank_branch_code" />
- </Any>
- </Pattern>
- </Version>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_jp_bank_account" />
- <Match idRef="Keyword_jp_bank_account" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_bank_account
--- Checking Account Number-- Checking Account-- Checking Account #-- Checking Acct Number-- Checking Acct #-- Checking Acct No.-- Checking Account No.-- Bank Account Number-- Bank Account-- Bank Account #-- Bank Acct Number-- Bank Acct #-- Bank Acct No.-- Bank Account No.-- Savings Account Number-- Savings Account-- Savings Account #-- Savings Acct Number-- Savings Acct #-- Savings Acct No.-- Savings Account No.-- Debit Account Number-- Debit Account-- Debit Account #-- Debit Acct Number-- Debit Acct #-- Debit Acct No.-- Debit Account No.-- 口座番号-- 銀行口座-- 銀行口座番号-- 総合口座-- 普通預金口座-- 普通口座-- 当座預金口座-- 当座口座-- 預金口座-- 振替口座-- 銀行-- バンク-
-#### Keyword_jp_bank_branch_code
--- 支店番号-- 支店コード-- 店番号-
-## Japan driver's license number
-
-### Format
-
-12 digits
-
-### Pattern
-
-12 consecutive digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_drivers_license_number finds content that matches the pattern.-- A keyword from Keyword_jp_drivers_license_number is found.-
-```xml
-<!-- Japan Driver's License Number -->
-<Entity id="c6011143-d087-451c-8313-7f6d4aed2270" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_jp_drivers_license_number" />
- <Match idRef ="Keyword_jp_drivers_license_number" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_drivers_license_number
--- driverlicense-- driverslicense-- driver'slicense-- driverslicenses-- driver'slicenses-- driverlicenses-- dl#-- dls#-- lic#-- lics#-- 運転免許証-- 運転免許-- 免許証-- 免許-- 運転免許証番号-- 運転免許番号-- 免許証番号-- 免許番号-- 運転免許証ナンバー-- 運転免許ナンバー-- 免許証ナンバー-- 運転免許証no-- 運転免許no-- 免許証no-- 免許no-- 運転経歴証明書番号-- 運転経歴証明書-- 運転免許証No.-- 運転免許No.-- 免許証No.-- 免許No.-- 運転免許証#-- 運転免許#-- 免許証#-- 免許#-
-## Japan My Number - Corporate
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13-digit number
-
-### Pattern
-
-13-digit number:
--- one digit from one to nine-- 12 digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_japanese_my_number_corporate finds content that matches the pattern.-- A keyword from Keywords_japanese_my_number_corporate is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_japanese_my_number_corporate finds content that matches the pattern.-
-```xml
- <!-- Japanese My Number ΓÇô Corporate -->
- <Entity id="9e0eaf79-ff20-4ffb-b3e4-e7368d5db6ff" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_japanese_my_number_corporate" />
- <Match idRef="Keywords_japanese_my_number_corporate" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_japanese_my_number_corporate" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_japan_my_number_corporate
--- corporate number-- マイナンバー-- 共通番号-- マイナンバーカード-- マイナンバーカード番号-- 個人番号カード-- 個人識別番号-- 個人識別ナンバー-- 法人番号-- 指定通知書-
-## Japan My Number - Personal
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-12-digit number
-
-### Pattern
-
-12-digit number:
--- four digits-- an optional space, dot, or hyphen-- four digits-- an optional space, dot, or hyphen-- four digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_japanese_my_number_personal finds content that matches the pattern.-- A keyword from Keywords_japanese_my_number_personal is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_japanese_my_number_personal finds content that matches the pattern.-
-```xml
- <!-- Japanese My Number ΓÇô Personal -->
- <Entity id="98da8e66-7299-4ebd-9f82-c871ab37d3ef" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_japanese_my_number_personal" />
- <Match idRef="Keywords_japanese_my_number_personal" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_japanese_my_number_personal" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_japan_my_number_personal
--- my number-- マイナンバー-- 個人番号-- 共通番号-- マイナンバーカード-- マイナンバーカード番号-- 個人番号カード-- 個人識別番号-- 個人識別ナンバー-- 通知カード-
-## Japan passport number
-
-### Format
-
-two letters followed by seven digits
-
-### Pattern
-
-two letters (not case-sensitive) followed by seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_passport finds content that matches the pattern.-- A keyword from Keyword_jp_passport is found.-
-```xml
-<!-- Japan Passport Number -->
-<Entity id="75177310-1a09-4613-bf6d-833aae3743f8" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_jp_passport" />
- <Match idRef="Keyword_jp_passport" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_passport
--- Passport-- Passport Number-- Passport No.-- Passport #-- パスポート-- パスポート番号-- パスポートナンバー-- パスポート#-- パスポート#-- パスポートNo.-- 旅券番号-- 旅券番号#-- 旅券番号♯-- 旅券ナンバー-
-## Japan residence card number
-
-### Format
-
-12 letters and digits
-
-### Pattern
-
-12 letters and digits:
--- two letters (not case-sensitive)-- eight digits-- two letters (not case-sensitive)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_jp_residence_card_number finds content that matches the pattern.-- A keyword from Keyword_jp_residence_card_number is found.-
-```xml
-<!--Japan Residence Card Number-->
--<Entity id="ac36fef2-a289-4e2c-bb48-b02366e89fc0" recommendedConfidence="75" patternsProximity="300">
- -<Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_jp_residence_card_number"/>
- <Match idRef="Keyword_jp_residence_card_number"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_residence_card_number
--- Residence card number-- Residence card no-- Residence card #-- 在留カード番号-- 在留カード-- 在留番号-
-## Japan resident registration number
-
-### Format
-
-11 digits
-
-### Pattern
-
-11 consecutive digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_resident_registration_number finds content that matches the pattern.-- A keyword from Keyword_jp_resident_registration_number is found.-
-```xml
-<!-- Japan Resident Registration Number -->
-<Entity id="01c1209b-6389-4faf-a5f8-3f7e13899652" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_jp_resident_registration_number" />
- <Match idRef ="Keyword_jp_resident_registration_number" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_resident_registration_number
--- Resident Registration Number-- Residents Basic Registry Number-- Resident Registration No.-- Resident Register No.-- Residents Basic Registry No.-- Basic Resident Register No.-- 外国人登録証明書番号-- 証明書番号-- 登録番号-- 外国人登録証-
-## Japan social insurance number (SIN)
-
-### Format
-
-7-12 digits
-
-### Pattern
-
-7-12 digits:
--- four digits-- a hyphen (optional)-- six digits
-OR
-- 7-12 consecutive digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_sin finds content that matches the pattern.-- A keyword from Keyword_jp_sin is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_jp_sin_pre_1997 finds content that matches the pattern.-- A keyword from Keyword_jp_sin is found.-
-```xml
-<!-- Japan Social Insurance Number -->
-<Entity id="c840e719-0896-45bb-84fd-1ed5c95e45ff" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_jp_sin" />
- <Match idRef="Keyword_jp_sin" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_jp_sin_pre_1997" />
- <Match idRef="Keyword_jp_sin" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_jp_sin
--- Social Insurance No.-- Social Insurance Num-- Social Insurance Number-- 健康保険被保険者番号-- 健保番号-- 基礎年金番号-- 雇用保険被保険者番号-- 雇用保険番号-- 保険証番号-- 社会保険番号-- 社会保険No.-- 社会保険-- 介護保険-- 介護保険被保険者番号-- 健康保険被保険者整理番号-- 雇用保険被保険者整理番号-- 厚生年金-- 厚生年金被保険者整理番号-
-## Lab test terms
-
-This unbundled named entity detects terms related to lab tests, such as *Insulin C-peptide*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Latvia driver's license number
-
-### Format
-
-three letters followed by six digits
-
-### Pattern
-
-three letters and six digits:
--- three letters (not case-sensitive)-- six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_latvia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_latvia_eu_driver's_license_number` is found.-
-```xml
- <!-- Latvia Driver's License Number -->
- <Entity id="ec996de0-30f2-46b1-b192-4d2ff8805fa7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_latvia_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_latvia_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_latvia_eu_driver's_license_number
--- autovad─½t─üja apliec─½ba-- autovad─½t─üja apliec─½bas-- vad─½t─üja apliec─½ba-
-## Latvia passport number
-
-### Format
-
-two letters or digits followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-two letters or digits followed by seven digits:
--- two digits or letters (not case-sensitive)-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.-
-```xml
- <!-- Latvia Passport Number -->
- <Entity id="23ae25ec-cc28-421b-b77a-3054eadf1ede" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_latvia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_latvia_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_latvia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_latvia_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number_common
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_latvia_eu_passport_number
--- pase numurs-- pase numur-- pases numuri-- pases nr-- passeport no-- n┬░ du Passeport-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Latvia personal code
-
-### Format
-
-11 digits and an optional hyphen
-
-### Pattern
-
-Old format
-
-11 digits and a hyphen:
--- six digits that correspond to the birth date (DDMMYY)-- a hyphen-- one digit that corresponds to the century of birth ("0" for 19th century, "1" for 20th century, and "2" for 21st century)-- four digits, randomly generated-
-New format
-
-11 digits
--- Two digits "32"-- Nine digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern.-- A keyword from `Keywords_latvia_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern.-
-```xml
- <!-- Latvia Personal Code -->
- <Entity id="03fcf763-27c2-49ed-9422-2641c6c895c9" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_latvia_eu_national_id_card" />
- <Match idRef="Keywords_latvia_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_latvia_eu_national_id_card" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_latvia_eu_telephone_number" />
- <Match idRef="Keywords_latvia_eu_mobile_number" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_latvia_eu_national_id_card_new_format" />
- <Match idRef="Keywords_latvia_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_latvia_eu_national_id_card_new_format" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_latvia_eu_telephone_number" />
- <Match idRef="Keywords_latvia_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-
-```
-
-### Keywords
-
-#### Keywords_latvia_eu_national_id_card
--- administrative number-- alvas n─ô-- birth number-- citizen number-- civil number-- electronic census number-- electronic number-- fiscal code-- healthcare user number-- id#-- id-code-- identification number-- identifik─ücijas numurs-- id-number-- individual number-- latvija alva-- nacion─ülais id-- national id-- national identifying number-- national identity number-- national insurance number-- national register number-- nodok─╝a numurs-- nodok─╝u id-- nodok─╝u identifik─ücija numurs-- personal certificate number-- personal code-- personal id code-- personal id number-- personal identification code-- personal identifier-- personal identity number-- personal number-- personal numeric code-- personalcodeno#-- personas kods-- population identification code-- public service number-- registration number-- revenue number-- social insurance number-- social security number-- state tax code-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- voter's number-
-## Latvia physical addresses
-
-This unbundled named entity detects patterns related to physical address from Latvia. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Liechtenstein physical addresses
-
-This unbundled named entity detects patterns related to physical address from Liechtenstein. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Lifestyles that relate to medical conditions
-
-This unbundled named entity detects terms related to lifestyles that might result in a medical condition, such as *smoking*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Lithuania driver's license number
-
-### Format
-
-eight digits without spaces and delimiters
-
-### Pattern
-
-eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_lithuania_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_lithuania_eu_driver's_license_number` is found.-
-```xml
- <!-- Lithuania Driver's License Number -->
- <Entity id="86f7628b-e0f4-4dc3-9fbc-e4300e4c7d78" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_lithuania_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_lithuania_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_lithuania_eu_driver's_license_number
--- vairuotojo pa┼╛ym─ùjimas-- vairuotojo pa┼╛ym─ùjimo numeris-- vairuotojo pa┼╛ym─ùjimo numeriai-
-## Lithuania personal code
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits without spaces and delimiters
-
-### Pattern
-
-11 digits without spaces and delimiters:
--- one digit (1-6) that corresponds to the person's gender and century of birth-- six digits that correspond to birth date (YYMMDD)-- three digits that correspond to the serial number of the date of birth-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_lithuania_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Lithuania Personal Code -->
- <Entity id="cd6d3786-8ec3-4524-a2cf-1e0095379171" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_lithuania_eu_tax_file_number" />
- <Match idRef="Keywords_lithuania_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_lithuania_eu_tax_file_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_lithuania_eu_telephone_number" />
- <Match idRef="Keywords_lithuania_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_lithuania_eu_national_id_card
--- asmeninis skaitmeninis kodas-- asmens kodas-- citizen service number-- mokes─ìi┼│ id-- mokes─ìi┼│ identifikavimas numeris-- mokes─ìi┼│ identifikavimo numeris-- mokes─ìi┼│ numeris-- national identification number-- personal code-- personal numeric code-- pilie─ìio paslaugos numeris-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- unikalus identifikavimo kodas-- unikalus identifikavimo numeris-- unique identification number-- unique identity number-- uniqueidentityno#-
-## Lithuania physical addresses
-
-This unbundled named entity detects patterns related to physical address from Lithuania. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Lithuania passport number
-
-### Format
-
-eight digits or letters with no spaces or delimiters
-
-### Pattern
-
-eight digits or letters (not case-sensitive)
-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.-
-```xml
- <!-- Lithuania Passport Number -->
- <Entity id="1b79900f-047b-4c3f-846f-7d73b5534bce" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_lithuania_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_lithuania_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date3" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_lithuania_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_lithuania_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_lithuania_eu_passport_number
--- paso numeris-- paso numeriai-- paso nr-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Luxemburg driver's license number
-
-### Format
-
-six digits without spaces and delimiters
-
-### Pattern
-
-six digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_luxemburg_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_luxemburg_eu_driver's_license_number` is found.-
-```xml
- <!-- Luxemburg Driver's License Number -->
- <Entity id="89daf717-1544-4860-9a2e-fc9166dd8852" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_luxemburg_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_luxemburg_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_luxemburg_eu_driver's_license_number
--- fahrerlaubnis-- Führerschäin-
-## Luxemburg national identification number (natural persons)
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13 digits with no spaces or delimiters
-
-### Pattern
-
-13 digits:
--- 11 digits-- two check digits-
-### Checksum
-
-yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_luxemburg_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Luxemburg National Identification Number (Natural persons) -->
- <Entity id="aaf661ed-29ec-426d-8bf9-880cad298ebb" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_luxemburg_eu_tax_file_number" />
- <Match idRef="Keywords_luxemburg_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_luxemburg_eu_tax_file_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_luxemburg_eu_telephone_number" />
- <Match idRef="Keywords_luxemburg_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_luxemburg_eu_national_id_card
--- eindeutige id-- eindeutige id-nummer-- eindeutigeid#-- id personnelle-- idpersonnelle#-- idpersonnelle-- individual code-- individual id-- individual identification-- individual identity-- numéro d'identification personnel-- personal id-- personal identification-- personal identity-- personalidno#-- personalidnumber#-- persönliche identifikationsnummer-- unique id-- unique identity-- uniqueidkey#-
-## Luxemburg national identification number (non-natural persons)
-
-### Format
-
-11 digits
-
-### Pattern
-
-11 digits
--- two digits-- an optional space-- three digits-- an optional space-- three digits-- an optional space-- two digits-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern.-- A keyword from `Keywords_luxemburg_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern.-
-```xml
- <!-- Luxemburg National Identification Number (Non-natural persons) -->
- <Entity id="84bffa3a-d805-4788-a613-b1e4df3804cf" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_luxemburg_eu_tax_file_number_non_natural" />
- <Match idRef="Keywords_luxemburg_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_luxemburg_eu_tax_file_number_non_natural" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_luxemburg_eu_telephone_number" />
- <Match idRef="Keywords_luxemburg_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_luxemburg_eu_tax_file_number
--- carte de sécurité sociale-- étain non-- étain#-- identifiant d'impôt-- luxembourg tax identifikatiounsnummer-- numéro d'étain-- numéro d'identification fiscal luxembourgeois-- numéro d'identification fiscale-- social security-- sozialunterstützung-- sozialversécherung-- sozialversicherungsausweis-- steier id-- steier identifikatiounsnummer-- steier nummer-- steuer id-- steueridentifikationsnummer-- steuernummer-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- zinn#-- zinn-- zinnzahl-
-## Luxemburg passport number
-
-### Format
-
-eight digits or letters with no spaces or delimiters
-
-### Pattern
-
-eight digits or letters (not case-sensitive)
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.-
-```xml
- <!-- Luxemburg Passport Number -->
- <Entity id="81d5c027-bed9-4421-91a0-3b2e55b3eb85" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_luxemburg_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_luxemburg_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date3" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_luxemburg_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_luxemburg_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_luxemburg_eu_passport_number
-- ausweisnummer-- luxembourg pass-- luxembourg passeport-- luxembourg passport-- no de passeport-- no-reisepass-- nr-reisepass-- numéro de passeport-- pass net-- pass nr-- passnummer-- passeport nombre-- reisepässe-- reisepass-nr-- reisepassnummer-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Luxemburg physical addresses
-
-This unbundled named entity detects patterns related to physical address from Luxemburg. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Malaysia identification card number
-
-### Format
-
-12 digits containing optional hyphens
-
-### Pattern
-
-12 digits:
--- six digits in the format YYMMDD, which are the date of birth-- a dash (optional)-- two-letter place-of-birth code-- a dash (optional)-- three random digits-- one-digit gender code-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_malaysia_id_card_number finds content that matches the pattern.-- A keyword from Keyword_malaysia_id_card_number is found.-
-```xml
-<!-- Malaysia ID Card Number -->
-</Entity>
- <Entity id="7f0e921c-9677-435b-aba2-bb8f1013c749" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_malaysia_id_card_number" />
- <Match idRef="Keyword_malaysia_id_card_number" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_malaysia_id_card_number
--- digital application card-- i/c-- i/c no-- ic-- ic no-- id card-- identification Card-- identity card-- k/p-- k/p no-- kad akuan diri-- kad aplikasi digital-- kad pengenalan malaysia-- kp-- kp no-- mykad-- mykas-- mykid-- mypr-- mytentera-- malaysia identity card-- malaysian identity card-- nric-- personal identification card-
-## Malta driver's license number
-
-### Format
-
-Combination of two characters and six digits in the specified pattern
-
-### Pattern
-
-combination of two characters and six digits:
--- two characters (digits or letters, not case-sensitive)-- a space (optional)-- three digits-- a space (optional)-- three digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_malta_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_malta_eu_driver's_license_number` is found.-
-```xml
- <!-- Malta Driver's License Number -->
- <Entity id="a3bdaa4a-8371-4735-8fa5-56ee0fb4afc4" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_malta_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_malta_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_malta_eu_driver's_license_number
--- li─ïenzja tas-sewqan-- li─ïenzji tas-sewwieq-
-## Malta identity card number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-seven digits followed by one letter
-
-### Pattern
-
-seven digits followed by one letter:
--- seven digits-- one letter in "M, G, A, P, L, H, B, Z" (case insensitive)-
-### Checksum
-
-Not applicable
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_malta_eu_national_id_card` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Malta Identity Card Number -->
- <Entity id="854b36b3-a388-4ac8-a4ec-677c2b5e4356" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_malta_eu_national_id_card" />
- <Match idRef="Keywords_malta_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_malta_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_malta_eu_national_id_card
--- citizen service number-- id tat-taxxa-- identifika numru tal-biljett-- kodiċi numerali personali-- numru ta 'identifikazzjoni personali-- numru ta 'identifikazzjoni tat-taxxa-- numru ta 'identifikazzjoni uniku-- numru ta' identità uniku-- numru tas-servizz taċ-ċittadin-- numru tat-taxxa-- personal numeric code-- unique identification number-- unique identity number-- uniqueidentityno#-
-## Malta passport number
-
-### Format
-
-seven digits without spaces or delimiters
-
-### Pattern
-
-seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.-- A keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.-
-```xml
- <!-- Malta Passport Number -->
- <Entity id="b2b21198-48f9-4d13-b2a5-03969bff0fb8" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_malta_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_malta_eu_passport_number" />
- </Any>
- <Match idRef="Keywords_eu_passport_date" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_malta_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_malta_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_malta_eu_passport_number
--- numru tal-passaport-- numri tal-passaport-- Nru tal-passaport-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Malta physical addresses
-
-This unbundled named entity detects patterns related to physical address from Malta. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Malta tax identification number
-
-### Format
-
-For Maltese nationals:
--- seven digits and one letter in the specified pattern-
-Non-Maltese nationals and Maltese entities:
--- nine digits-
-### Pattern
-
-Maltese nationals: seven digits and one letter
--- seven digits-- one letter (not case-sensitive)-
-Non-Maltese nationals and Maltese entities: nine digits
--- nine digits-
-### Checksum
-
-Not applicable
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern.-- A keyword from `Keywords_malta_eu_tax_file_number` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern.-
-```xml
- <!-- Malta Tax ID Number -->
- <Entity id="ec830c63-65f4-45d0-9d8c-910dc8334b20" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_malta_eu_tax_file_number" />
- <Match idRef="Keywords_malta_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_malta_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_malta_eu_tax_file_number_non_maltese_national" />
- <Match idRef="Keywords_malta_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Regex_malta_eu_tax_file_number_non_maltese_national" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_malta_eu_tax_file_number
--- citizen service number-- id tat-taxxa-- identifika numru tal-biljett-- kodiċi numerali personali-- numru ta 'identifikazzjoni personali-- numru ta 'identifikazzjoni tat-taxxa-- numru ta 'identifikazzjoni uniku-- numru ta' identità uniku-- numru tas-servizz taċ-ċittadin-- numru tat-taxxa-- personal numeric code-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- unique identification number-- unique identity number-- uniqueidentityno#-
-## Medical specialities
-
-This unbundled named entity detects terms related to medical specialties, such as *dermatology*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Medicare Beneficiary Identifier (MBI) card
-
-### Format
-
-11 character alphanumeric pattern
-
-### Pattern
--- one digit between 1 to 9-- one letter excluding S, L, O, I, B, Z-- one digit or letter excluding S, L, O, I, B, Z-- one digit-- an optional Hyphen-- one letter excluding S, L, O, I, B, Z-- one digit or letter excluding S, L, O, I, B, Z-- one digit-- an optional Hyphen-- two letters excluding S, L, O, I, B, Z-- two digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_mbi_card` finds content that matches the pattern.-- A keyword from `Keyword_mbi_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_mbi_card` finds content that matches the pattern.-
-```xml
- <!-- Medicare Beneficiary Identifier (MBI) card -->
- <Entity id="f753a286-f5cc-47e6-a592-4be25fd02591" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_mbi_card" />
- <Match idRef="Keyword_mbi_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_mbi_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_mbi_card
--- mbi-- mbi#-- medicare beneficiary #-- medicare beneficiary identifier-- medicare beneficiary no-- medicare beneficiary number-- medicare beneficiary#-
-## Mexico Unique Population Registry Code (CURP)
-
-### Format
-
-18 character alphanumeric pattern
-
-### Pattern
--- four letters (case insensitive)-- six digits indicating a valid date-- a letter - H/h or M/m-- two letters indicating a valid Mexican state code-- three letters-- one letter or digit-- one digit-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_mexico_population_registry_code` finds content that matches the pattern.-- A keyword from `Keyword_mexico_population_registry_code` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_mexico_population_registry_code` finds content that matches the pattern.-
-```xml
- <!-- Mexico Unique Population Registry Code (CURP) -->
- <Entity id="e905ad4d-5a74-406d-bf36-b1efca798af4" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_mexico_population_registry_code" />
- <Match idRef="Keyword_mexico_population_registry_code" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_mexico_population_registry_code" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_mexico_population_registry_code
--- Clave Única de Registro de Población-- Clave Unica de Registro de Poblacion-- Unique Population Registry Code-- unique population code-- CURP-- Personal ID-- Unique ID-- personalid-- personalidnumber-- uniqueidkey-- uniqueidnumber-- clave única-- clave unica-- clave personal Identidad-- personal Identidad Clave-- ClaveÚnica-- claveunica-- clavepersonalIdentidad-
-## Netherlands citizen's service (BSN) number
-
-### Format
-
-eight or nine digits containing optional spaces
-
-### Pattern
-
-eight-nine digits:
--- three digits-- a space (optional)-- three digits-- a space (optional)-- two-three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_netherlands_bsn finds content that matches the pattern.-- A keyword from Keyword_netherlands_bsn is found.-- The checksum passes.-
-```xml
- <!-- Netherlands Citizen's Service (BSN) Number -->
- <Entity id="c5f54253-ef7e-44f6-a578-440ed67e946d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_netherlands_bsn" />
- <Match idRef="Keywords_netherlands_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_netherlands_eu_national_id_card
--- bsn#-- bsn-- burgerservicenummer-- citizen service number-- person number-- personal number-- personal numeric code-- person-related number-- persoonlijk nummer-- persoonlijke numerieke code-- persoonsgebonden-- persoonsnummer-- sociaal-fiscaal nummer-- social-fiscal number-- sofi-- sofinummer-- uniek identificatienummer-- uniek identiteitsnummer-- unique identification number-- unique identity number-- uniqueidentityno#-
-## Netherlands driver's license number
-
-### Format
-
-10 digits without spaces and delimiters
-
-### Pattern
-
-10 digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_netherlands_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_netherlands_eu_driver's_license_number` is found.-
-```xml
- <!-- Netherlands Driver's License Number -->
- <Entity id="6247fbea-ab80-4be5-8233-308b7c031401" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_netherlands_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_netherlands_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_netherlands_eu_driver's_license_number
--- permis de conduire-- rijbewijs-- rijbewijsnummer-- rijbewijzen-- rijbewijs nummer-- rijbewijsnummers-
-## Netherlands passport number
-
-### Format
-
-nine letters or digits with no spaces or delimiters
-
-### Pattern
-
-nine letters or digits
-
-### Checksum
-
-not applicable
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.-- The regular expression `Regex_netherlands_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 26 MAA/MAR 2012)-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.-
-```xml
- <!-- Netherlands Passport Number -->
- <Entity id="61786727-bafd-45f6-94d9-888d815e228e" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_netherlands_eu_passport_number" />
- <Match idRef="Regex_netherlands_eu_passport_date" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_netherlands_eu_passport_number" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_netherlands_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_netherlands_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_netherlands_eu_passport_number
--- paspoort nummer-- paspoortnummers-- paspoortnummer-- paspoort nr-
-## Netherlands physical addresses
-
-This unbundled named entity detects patterns related to physical address from the Netherlands. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Netherlands tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-nine digits without spaces or delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_netherlands_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_netherlands_eu_tax_file_number` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_netherlands_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Netherlands Tax Identification Number -->
- <Entity id="01f42a64-eba7-4892-a67b-398237e4ade2" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_netherlands_eu_tax_file_number" />
- <Match idRef="Keywords_netherlands_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_netherlands_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_netherlands_eu_tax_file_number
--- btw nummer-- hollânske tax identification-- hulandes impuesto id number-- hulandes impuesto identification-- identificatienummer belasting-- identificatienummer van belasting-- impuesto identification number-- impuesto number-- nederlands belasting id nummer-- nederlands belasting identificatie-- nederlands belasting identificatienummer-- nederlands belastingnummer-- nederlandse belasting identificatie-- netherlands tax identification-- netherland's tax identification-- netherlands tin-- netherland's tin-- tax id-- tax identification no-- tax identification number-- tax identification tal-- tax no#-- tax no-- tax number-- tax registration number-- tax tal-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Netherlands value added tax number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-14 character alphanumeric pattern
-
-### Pattern
-
-14-character alphanumeric pattern:
--- N or n-- L or l-- optional space, dot, or hyphen-- nine digits-- optional space, dot, or hyphen-- B or b-- two digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_netherlands_value_added_tax_number finds content that matches the pattern.-- A keyword from Keywords_netherlands_value_added_tax_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_netherlands_value_added_tax_number finds content that matches the pattern.-
-```xml
- <!-- Netherlands Value Added Tax Number -->
- <Entity id="4f320d9b-4972-41ae-b337-88d499bb1ade" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_netherlands_value_added_tax_number" />
- <Match idRef="Keywords_netherlands_value_added_tax_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_netherlands_value_added_tax_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_netherlands_value_added_tax_number
--- vat number-- vat no-- vat#-- wearde tafoege tax getal-- btw n├╗mer-- btw-nummer-
-## New Zealand bank account number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-14-digit to 16-digit pattern with optional delimiter
-
-### Pattern
-
-14-digit to 16-digit pattern with optional delimiter:
--- two digits-- an optional hyphen or space-- three to four digits-- an optional hyphen or space-- seven digits-- an optional hyphen or space-- two to three digits-- an options hyphen or space-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_new_zealand_bank_account_number finds content that matches the pattern.-- A keyword from Keywords_new_zealand_bank_account_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_new_zealand_bank_account_number finds content that matches the pattern.-
-```xml
- <!-- New Zealand Bank Account Number -->
- <Entity id="1a97fc2b-dd2f-48f1-bc4e-2ddf25813956" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_new_zealand_bank_account_number" />
- <Match idRef="Keywords_new_zFealand_bank_account_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_new_zealand_bank_account_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_new_zealand_bank_account_number
--- account number-- bank account-- bank_acct_id-- bank_acct_branch-- bank_acct_nbr-
-## New Zealand driver's license number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-eight character alphanumeric pattern
-
-### Pattern
-
-eight character alphanumeric pattern
--- two letters-- six digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_newzealand_driver_license_number finds content that matches the pattern.-- A keyword from Keywords_newzealand_driver_license_number is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_newzealand_driver_license_number finds content that matches the pattern.-
-```xml
- <!-- New Zealand Driver License Number -->
- <Entity id="1924b377-d287-49c9-a737-cfe7a8a2615a" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_newzealand_driver_license_number" />
- <Match idRef="Keywords_newzealand_driver_license_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_newzealand_driver_license_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_new_zealand_drivers_license_number
--- driverlicence-- driverlicences-- driver lic-- driver licence-- driver licences-- driverslic-- driverslicence-- driverslicences-- drivers lic-- drivers lics-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's licence-- driver's licences-- driverlic#-- driverlics#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver licence#-- driver licences#-- driverslic#-- driverslics#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's licence#-- driver's licences#-- international driving permit-- international driving permits-- nz automobile association-- new zealand automobile association-
-## New Zealand inland revenue number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-eight or nine digits with optional delimiters
-
-### Pattern
-
-eight or nine digits with optional delimiters
--- two or three digits-- an optional space or hyphen-- three digits-- an optional space or hyphen-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_new_zealand_inland_revenue_number finds content that matches the pattern.-- A keyword from Keywords_new_zealand_inland_revenue_number is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_new_zealand_inland_revenue_number finds content that matches the pattern.-
-```xml
- <!-- New Zealand Inland Revenue Number -->
- <Entity id="dd0fe2bc-7bcf-455f-bac1-83b1e3eb25fd" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_new_zealand_inland_revenue_number" />
- <Match idRef="Keywords_new_zealand_inland_revenue_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_new_zealand_inland_revenue_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_new_zealand_inland_revenue_number
--- ird no.-- ird no#-- nz ird-- new zealand ird-- ird number-- inland revenue number-
-## New Zealand ministry of health number
-
-### Format
-
-three letters and four digits
-
-### Pattern
--- three letters (not case-sensitive) except 'I' and 'O'-- four digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_new_zealand_ministry_of_health_number finds content that matches the pattern.-- A keyword from Keyword_nz_terms is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_new_zealand_ministry_of_health_number finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- New Zealand Health Number -->
- <Entity id="2b71c1c8-d14e-4430-82dc-fd1ed6bf05c7" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_new_zealand_ministry_of_health_number" />
- <Match idRef="Keyword_nz_terms" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_new_zealand_ministry_of_health_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_nz_terms
--- NHI-- New Zealand-- National Health Index-- NHI#-- National Health Index#-
-## New Zealand physical addresses
-
-This unbundled named entity detects patterns related to physical address from New Zealand. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## New Zealand social welfare number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-nine digits
-
-### Pattern
-
-nine digits
--- three digits-- an optional hyphen-- three digits-- an optional hyphen-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_newzealand_social_welfare_number finds content that matches the pattern.-- A keyword from Keywords_newzealand_social_welfare_number is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_newzealand_social_welfare_number finds content that matches the pattern.-
-```xml
- <!-- Newzealand Social Welfare Number -->
- <Entity id="20f3c48d-4ac1-4cd2-86bd-34ecc1826e9d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_newzealand_social_welfare_number" />
- <Match idRef="Keywords_newzealand_social_welfare_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_newzealand_social_welfare_number" />
- </Pattern>
- </Entity>
- </Version>
-```
-
-### Keywords
-
-#### Keyword_new_zealand_social_welfare_number
--- social welfare #-- social welfare#-- social welfare No.-- social welfare number-- swn#-
-## Norway identification number
-
-### Format
-
-11 digits
-
-### Pattern
-
-11 digits:
--- six digits in the format DDMMYY, which are the date of birth-- three-digit individual number-- two check digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_norway_id_number finds content that matches the pattern.-- A keyword from Keyword_norway_id_number is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_norway_id_numbe finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Norway Identification Number -->
-<Entity id="d4c8a798-e9f2-4bd3-9652-500d24080fc3" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_norway_id_number"/>
- <Match idRef="Keyword_norway_id_number"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_norway_id_number"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_norway_id_number
--- Personal identification number-- Norwegian ID Number-- ID Number-- Identification-- Personnummer-- F├╕dselsnummer-
-## Norway physical addresses
-
-This unbundled named entity detects patterns related to physical address from Norway. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Philippines unified multi-purpose identification number
-
-### Format
-
-12 digits separated by hyphens
-
-### Pattern
-
-12 digits:
--- four digits-- a hyphen-- seven digits-- a hyphen-- one digit-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_philippines_unified_id finds content that matches the pattern.-- A keyword from Keyword_philippines_id is found.-
-```xml
-<!-- Philippines Unified Multi-Purpose ID number -->
-<Entity id="019b39dd-8c25-4765-91a3-d9c6baf3c3b3" recommendedConfidence="75" patternsProximity="300">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_philippines_unified_id"/>
- <Match idRef="Keyword_philippines_id"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_philippines_id
--- Unified Multi-Purpose ID-- UMID-- Identity Card-- Pinag-isang Multi-Layunin ID-
-## Poland driver's license number
-
-### Format
-
-14 digits containing two forward slashes
-
-### Pattern
-
-14 digits and two forward slashes:
--- five digits-- a forward slash-- two digits-- a forward slash-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_poland_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_poland_eu_driver's_license_number` is found.-
-```xml
- <!-- Poland Driver's License Number -->
- <Entity id="24d51f99-ee9e-4060-a077-cae58cab1ee4" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_poland_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_poland_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_poland_eu_driver's_license_number
--- prawo jazdy-- prawa jazdy-
-## Poland identity card
-
-### Format
-
-three letters and six digits
-
-### Pattern
-
-three letters (not case-sensitive) followed by six digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_polish_national_id finds content that matches the pattern.-- A keyword from Keyword_polish_national_id_passport_number is found.-- The checksum passes.-
-```xml
-<!-- Poland Identity Card-->
-<Entity id="25E64989-ED5D-40CA-A939-6C14183BB7BF" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_polish_national_id" />
- <Match idRef="Keyword_polish_national_id_passport_number" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_poland_national_id_passport_number
--- Dowód osobisty-- Numer dowodu osobistego-- Nazwa i numer dowodu osobistego-- Nazwa i nr dowodu osobistego-- Nazwa i nr dowodu tożsamości-- Dowód Tożsamości-- dow. os.-
-## Poland national ID (PESEL)
-
-### Format
-
-11 digits
-
-### Pattern
--- six digits representing date of birth in the format YYMMDD-- four digits-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_pesel_identification_number finds content that matches the pattern.-- A keyword from Keyword_pesel_identification_number is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_pesel_identification_number finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- Poland National ID (PESEL) -->
- <Entity id="E3AAF206-4297-412F-9E06-BA8487E22456" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_pesel_identification_number" />
- <Match idRef="Keyword_pesel_identification_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_pesel_identification_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_pesel_identification_number
--- dowód osobisty-- dowódosobisty-- niepowtarzalny numer-- niepowtarzalnynumer-- nr.-pesel-- nr-pesel-- numer identyfikacyjny-- pesel-- tożsamości narodowej-
-## Poland passport number
-
-This sensitive information type entity is included in the EU Passport Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
-
-### Format
-
-two letters and seven digits
-
-### Pattern
-
-Two letters (not case-sensitive) followed by seven digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_polish_passport_number_v2` finds content that matches the pattern.-- The checksum passes.-- A keyword from `Keywords_eu_passport_number` or `Keyword_polish_national_passport_number` is found.-- A keyword from `Keywords_eu_passport_date` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_polish_passport_number_v2` finds content that matches the pattern.-- The checksum passes.-- A keyword from `Keywords_eu_passport_number` or `Keyword_polish_national_passport_number` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_polish_passport_number_v2` finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- Poland Passport Number -->
- <Entity id="03937FB5-D2B6-4487-B61F-0F8BFF7C3517" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_polish_passport_number_v2" />
- <Match idRef="Keywords_eu_passport_date" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keyword_polish_national_passport_number" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_polish_passport_number_v2" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keyword_polish_national_passport_number" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_polish_passport_number_v2" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keyword_polish_national_passport_number
--- numer paszportu-- numery paszport├│w-- numery paszportowe-- nr paszportu-- nr. paszportu-- nr paszport├│w-- n┬░ passeport-- passeport n┬░-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Poland physical addresses
-
-This unbundled named entity detects patterns related to physical address from Poland. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Poland REGON number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-9-digit or 14-digit number
-
-### Pattern
-
-nine digit or 14-digit number:
--- nine digits
-or
-- nine digits-- hyphen-- five digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_polish_regon_number finds content that matches the pattern.-- A keyword from Keywords_polish_regon_number is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_polish_regon_number finds content that matches the pattern.-
-```xml
- <!-- Polish REGON Number -->
- <Entity id="fc87b421-f437-4f8b-b739-29a735ead0d9" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_polish_regon_number" />
- <Match idRef="Keywords_polish_regon_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_polish_regon_number" />
- </Pattern>
- </Entity>
-```
-### Keywords
-
-#### Keywords_poland_regon_number
--- regon id-- statistical number-- statistical id-- statistical no-- regon number-- regonid#-- regonno#-- company id-- companyid#-- companyidno#-- numer statystyczny-- numeru regon-- numerstatystyczny#-- numeruregon#-
-## Poland tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-11 digits with no spaces or delimiters
-
-### Pattern
-
-11 digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_poland_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_poland_eu_tax_file_number` is found.-
-```xml
- <!-- Poland Tax Identification Number -->
- <Entity id="1ff28b4d-40f2-49e9-b677-9606a88e2bca" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_poland_eu_tax_file_number" />
- <Match idRef="Keywords_poland_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_poland_eu_tax_file_number
--- nip#-- nip-- numer identyfikacji podatkowej-- numeridentyfikacjipodatkowej#-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- vat id#-- vat id-- vat no-- vat number-- vatid#-- vatid-- vatno#-
-## Portugal citizen card number
-
-### Format
-
-eight digits
-
-### Pattern
-
-eight digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_portugal_citizen_card finds content that matches the pattern.-- A keyword from Keyword_portugal_citizen_card is found.-
-```xml
-<!-- Portugal Citizen Card Number -->
-<Entity id="91a7ece2-add4-4986-9a15-c84544d81ecd" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_portugal_citizen_card"/>
- <Match idRef="Keyword_portugal_citizen_card"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_portugal_citizen_card
--- bilhete de identidade-- cartão de cidadão-- citizen card-- document number-- documento de identificação-- id number-- identification no-- identification number-- identity card no-- identity card number-- national id card-- nic-- número bi de portugal-- número de identificação civil-- número de identificação fiscal-- número do documento-- portugal bi number-
-## Portugal driver's license number
-
-### Format
-
-two patterns - two letters followed by 5-8 digits with special characters
-
-### Pattern
-
-Pattern 1:
-Two letters followed by 5/6 with special characters:
--- Two letters (not case-sensitive)-- A hyphen-- Five or Six digits-- A space-- One digit-
-Pattern 2:
-One letter followed by 6/8 digits with special characters:
--- One letter (not case-sensitive)-- A hyphen-- Six or eight digits-- A space-- One digit-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_portugal_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_portugal_eu_driver's_license_number` is found.-
-```xml
- <!-- Portugal Driver's License Number -->
- <Entity id="977f1e5a-2c33-4bcc-b516-95bb275cff23" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_portugal_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_portugal_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_portugal_eu_driver's_license_number
--- carteira de motorista-- carteira motorista-- carteira de habilitação-- carteira habilitação-- número de licença-- número licença-- permissão de condução-- permissão condução-- Licença condução Portugal-- carta de condução-
-## Portugal passport number
-
-### Format
-
-one letter followed by six digits with no spaces or delimiters
-
-### Pattern
-
-one letter followed by six digits:
--- one letter (not case-sensitive)-- six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.-
-```xml
- <!-- Portugal Passport Number -->
- <Entity id="080a52fd-a7bc-431e-b54d-51f08f59db11" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_portugal_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_portugal_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_portugal_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_portugal_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_portugal_eu_passport_number
--- n├║mero do passaporte-- portuguese passport-- portuguese passeport-- portuguese passaporte-- passaporte n┬║-- passeport n┬║-- n├║meros de passaporte-- portuguese passports-- n├║mero passaporte-- n├║meros passaporte-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Portugal physical addresses
-
-This unbundled named entity detects patterns related to physical address from Portugal. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Portugal tax identification number
-
-### Format
-
-nine digits with optional spaces
-
-### Pattern
--- three digits-- an optional space-- three digits-- an optional space-- three digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_portugal_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_portugal_eu_tax_file_number` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_portugal_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Portugal Tax Identification Number -->
- <Entity id="65372402-3131-4f1e-9983-4439841d1f15" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_portugal_eu_tax_file_number" />
- <Match idRef="Keywords_portugal_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_portugal_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_portugal_eu_tax_file_number
--- cpf#-- cpf-- nif#-- nif-- número de identificação fisca-- numero fiscal-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Romania driver's license number
-
-### Format
-
-one character followed by eight digits
-
-### Pattern
-
-one character followed by eight digits:
--- one letter (not case-sensitive) or digit-- eight digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_romania_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_romania_eu_driver's_license_number` is found.-
-```xml
- <!-- Romania Driver's License Number -->
- <Entity id="b5511ace-2fd8-4ae4-b6fc-c7c6e4689e3c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_romania_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_romania_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_romania_eu_driver's_license_number
--- permis de conducere-- permisului de conducere-- permisului conducere-- permisele de conducere-- permisele conducere-- permis conducere-
-## Romania passport number
-
-### Format
-
-eight or nine digits without spaces and delimiters
-
-### Pattern
-
-eight or nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.-- The regular expression `Regex_romania_eu_passport_date` finds date in the format DD MMM/MMM YY (Example- 01 FEB/FEB 10) or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.-
-```xml
- <!-- Romania Passport Number -->
- <Entity id="5d31b90c-7fe2-4a76-a14b-767b8fd19d6c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_romania_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_romania_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_romania_eu_passport_date" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_romania_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_romania_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_romania_eu_passport_number
-
-numărul pașaportului
-numarul pasaportului
-numerele pașaportului
-Pașaport nr
-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Romania personal numeric code (CNP)
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13 digits without spaces and delimiters
-
-### Pattern
--- one digit from 1-9-- six digits representing date of birth (YYMMDD)-- two digits, which can be 01-52 or 99-- four digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_romania_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_romania_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_romania_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Romania Personal Numerical Code (CNP) -->
- <Entity id="eb5fa399-fe28-4c67-8188-d63a616ed89c" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_romania_eu_national_id_card" />
- <Match idRef="Keywords_romania_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_romania_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_romania_eu_national_id_card
--- cnp#-- cnp-- cod identificare personal-- cod numeric personal-- cod unic identificare-- codnumericpersonal#-- codul fiscal nr.-- identificarea fiscală nr#-- id-ul taxei-- insurance number-- insurancenumber#-- national id#-- national id-- national identification number-- număr identificare personal-- număr identitate-- număr personal unic-- număridentitate#-- număridentitate-- numărpersonalunic#-- numărpersonalunic-- număru de identificare fiscală-- numărul de identificare fiscală-- personal numeric code-- pin#-- pin-- tax file no-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-- unique identification number-- unique identity number-- uniqueidentityno#-- uniqueidentityno-
-## Romania physical addresses
-
-This unbundled named entity detects patterns related to physical address from Romania. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Russia passport number domestic
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10-digit number
-
-### Pattern
-
-10-digit number:
--- two digits-- an optional space or hyphen-- two digits-- an optional space-- six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regex Regex_Russian_Passport_Number_Domestic finds content that matches the pattern.-- A keyword from Keyword_Russian_Passport_Number is found.-
-```xml
- <!-- Russian Passport Number Domestic -->
- <Entity id="76ec2f5d-cedb-48e1-8070-1998794af445" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_Russian_Passport_Number_Domestic" />
- <Match idRef="Keyword_Russian_Passport_Number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_russia_passport_number_domestic
--- passport number-- passport no-- passport #-- passport id-- passportno#-- passportnumber#-- паспорт нет-- паспорт id-- pоссийской паспорт-- pусский номер паспорта-- паспорт#-- паспортid#-- номер паспорта-- номерпаспорта#-
-## Russia passport number international
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-nine-digit number
-
-### Pattern
-
-nine-digit number:
--- two digits-- an optional space or hyphen-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regex Regex_Russian_Passport_Number_International finds content that matches the pattern.-- A keyword from Keyword_Russian_Passport_Number is found.-
-```xml
- <!-- Russian Passport Number International -->
- <Entity id="ac5f4878-75e4-4b82-af2d-02e13ea9f411" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_Russian_Passport_Number_International" />
- <Match idRef="Keyword_Russian_Passport_Number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_russia_passport_number_international
--- passport number-- passport no-- passport #-- passport id-- passportno#-- passportnumber#-- паспорт нет-- паспорт id-- pоссийской паспорт-- pусский номер паспорта-- паспорт#-- паспортid#-- номер паспорта-- номерпаспорта#-
-## Saudi Arabia National ID
-
-### Format
-
-10 digits
-
-### Pattern
-
-10 consecutive digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_saudi_arabia_national_id finds content that matches the pattern.-- A keyword from Keyword_saudi_arabia_national_id is found.-
-```xml
-<!-- Saudi Arabia National ID -->
-<Entity id="8c5a0ba8-404a-41a3-8871-746aa21ee6c0" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_saudi_arabia_national_id" />
- <Any minMatches="1">
- <Match idRef="Keyword_saudi_arabia_national_id" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_saudi_arabia_national_id
--- Identification Card-- I card number-- ID number-- الوطنية الهوية بطاقة رقم-
-## Singapore national registration identity card (NRIC) number
-
-### Format
-
-nine letters and digits
-
-### Pattern
--- nine letters and digits:--- the letter "F", "G", "M", "S", or "T" (not case-sensitive)-- seven digits-- an alphabetic check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_singapore_nric finds content that matches the pattern.-- A keyword from Keyword_singapore_nric is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_singapore_nric finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Singapore National Registration Identity Card (NRIC) Number -->
-<Entity id="cead390a-dd83-4856-9751-fb6dc98c34da" recommendedConfidence="75" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_singapore_nric"/>
- <Match idRef="Keyword_singapore_nric"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_singapore_nric"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_singapore_nric
--- National Registration Identity Card-- Identity Card Number-- NRIC-- IC-- Foreign Identification Number-- FIN-- 身份证-- 身份證-
-## Slovakia driver's license number
-
-### Format
-
-one character followed by seven digits
-
-### Pattern
-
-one character followed by seven digits
--- one letter (not case-sensitive) or digit-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_slovakia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_slovakia_eu_driver's_license_number` is found.-
-```xml
- <!-- Slovakia Driver's License Number -->
- <Entity id="14240c22-b6de-4ce5-a90b-137f74252513" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_slovakia_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_slovakia_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_slovakia_eu_driver's_license_number
--- vodičský preukaz-- vodičské preukazy-- vodičského preukazu-- vodičských preukazov-
-## Slovakia passport number
-
-### Format
-
-eight or nine character alphanumeric pattern
-
-### Pattern
-
-one letter (not case-sensitive) followed by seven digits
-or
-two letters (not case-sensitive) followed by six or seven digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.-
-```xml
- <!-- Slovakia Passport Number -->
- <Entity id="238e1f08-d80e-4793-af33-9b57918335b7" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_slovakia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_slovakia_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_slovakia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_slovakia_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_slovakia_eu_passport_number
--- číslo pasu-- čísla pasov-- pas č.-- Passeport n°-- n° Passeport-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Slovakia personal number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-nine or 10 digits containing optional backslash
-
-### Pattern
--- six digits representing date of birth-- optional slash (/)-- three digits-- one optional check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_slovakia_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_slovakia_eu_national_id_card` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_slovakia_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Slovakia Personal Number -->
- <Entity id="951c26b7-3b35-4f73-924b-15dd599cb9ab" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_slovakia_eu_national_id_card" />
- <Match idRef="Keywords_slovakia_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_slovakia_eu_national_id_card" />
- </Pattern>
- </Entity>
- </Version>
-```
-
-### Keywords
-
-#### Keywords_slovakia_eu_national_id_card
--- azonosító szám-- birth number-- číslo národnej identifikačnej karty-- číslo občianského preukazu-- daňové číslo-- id number-- identification no-- identification number-- identifikačná karta č-- identifikačné číslo-- identity card no-- identity card number-- národná identifikačná značka č-- national number-- nationalnumber#-- nemzeti személyazonosító igazolvány-- personalidnumber#-- rč-- rodne cislo-- rodné číslo-- social security number-- ssn#-- ssn-- személyi igazolvány szám-- személyi igazolvány száma-- személyigazolvány szám-- tax file no-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Slovakia physical addresses
-
-This unbundled named entity detects patterns related to physical address from Slovakia. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Slovenia driver's license number
-
-### Format
-
-nine digits without spaces and delimiters
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_slovenia_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_slovenia_eu_driver's_license_number` is found.-
-```xml
- <!-- Slovenia Driver's License Number -->
- <Entity id="d5bc089a-f2ee-433d-a6b1-5c253051d6f2" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_slovenia_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_slovenia_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_slovenia_eu_driver's_license_number
--- vozniško dovoljenje-- vozniška številka licence-- vozniških dovoljenj-- številka vozniškega dovoljenja-- številke vozniških dovoljenj-
-## Slovenia passport number
-
-### Format
-
-two letters followed by seven digits with no spaces or delimiters
-
-### Pattern
-
-two letters followed by seven digits:
--- the letter "P"-- one uppercase letter-- seven digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.-- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.-
-```xml
- <!-- Slovenia Passport Number -->
- <Entity id="235b7976-7bbe-4df5-bb40-08678e749d1a" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_slovenia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_slovenia_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_eu_passport_date1" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_slovenia_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_slovenia_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_slovenia_eu_passport_number
--- številka potnega lista-- potek veljavnosti-- potni list#-- datum rojstva-- potni list-- številke potnih listov-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Slovenia physical addresses
-
-This unbundled named entity detects patterns related to physical address from Slovenia. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Slovenia tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-eight digits with no spaces or delimiters
-
-### Pattern
--- one digit from 1-9-- six digits-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_slovenia_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_slovenia_eu_tax_file_number` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_slovenia_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Slovenia Tax Identification Number -->
- <Entity id="e47b071e-c352-4d70-8241-8c215ad65505" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_slovenia_eu_tax_file_number" />
- <Match idRef="Keywords_slovenia_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_slovenia_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_slovenia_eu_tax_file_number
--- davčna številka-- identifikacijska številka davka-- številka davčne datoteke-- tax file no-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## Slovenia Unique Master Citizen Number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13 digits without spaces or delimiters
-
-### Pattern
-
-13 digits in the specified pattern:
--- seven digits that correspond to the birth date (DDMMLLL) where "LLL" corresponds to the last three digits of the birth year-- two digits that correspond to the area of birth "50"-- three digits that correspond to a combination of gender and serial number for persons born on the same day. 000-499 for male and 500-999 for female.-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_slovenia_eu_national_id_card` finds content that matches the pattern.-- A keyword from `Keywords_slovenia_eu_national_id_card` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_slovenia_eu_national_id_card` finds content that matches the pattern.-
-```xml
- <!-- Slovenia Unique Master Citizen Number -->
- <Entity id="68948b27-803d-41e4-adf1-13e05eb541bb" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_slovenia_eu_national_id_card" />
- <Match idRef="Keywords_slovenia_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_slovenia_eu_national_id_card" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_slovenia_eu_national_id_card
--- edinstvena številka glavnega državljana-- emšo-- enotna maticna številka obcana-- id card-- identification number-- identifikacijska številka-- identity card-- nacionalna id-- nacionalni potni list-- national id-- osebna izkaznica-- osebni koda-- osebni ne-- osebni številka-- personal code-- personal number-- personal numeric code-- številka državljana-- unique citizen number-- unique id number-- unique identity number-- unique master citizen number-- unique registration number-- uniqueidentityno #-- uniqueidentityno#-
-## South Africa identification number
-
-### Format
-
-13 digits that may contain spaces
-
-### Pattern
-
-13 digits:
--- six digits in the format YYMMDD, which are the date of birth-- four digits-- a single-digit citizenship indicator-- the digit "8" or "9"-- one digit, which is a checksum digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_south_africa_identification_number finds content that matches the pattern.-- A keyword from Keyword_south_africa_identification_number is found.-- The checksum passes.-
-```xml
-<!-- South Africa Identification Number -->
-<Entity id="e2adf7cb-8ea6-4048-a2ed-d89eb65f2780" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_south_africa_identification_number"/>
- <Match idRef="Keyword_south_africa_identification_number"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_south_africa_identification_number
--- Identity card-- ID-- Identification-
-## South Korea resident registration number
-
-### Format
-
-13 digits containing a hyphen
-
-### Pattern
-
-13 digits:
--- six digits in the format YYMMDD, which are the date of birth-- a hyphen-- one digit determined by the century and gender-- four-digit region-of-birth code-- one digit used to differentiate people for whom the preceding numbers are identical-- a check digit.-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_south_korea_resident_number finds content that matches the pattern.-- A keyword from Keyword_south_korea_resident_number is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_south_korea_resident_number finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- South Korea Resident Registration Number -->
-<Entity id="5b802e18-ba80-44c4-bc83-bf2ad36ae36a" recommendedConfidence="85" patternsProximity="300">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_south_korea_resident_number"/>
- <Match idRef="Keyword_south_korea_resident_number"/>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_south_korea_resident_number"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_south_korea_resident_number
--- National ID card-- Citizen's Registration Number-- Jumin deungnok beonho-- RRN-- 주민등록번호-
-## Spain DNI
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-eight digits followed by one character
-
-### Pattern
-
-seven digits followed by one character
--- eight digits-- An optional space or hyphen-- one check letter (not case-sensitive)-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.-- A keyword from `Keywords_spain_eu_national_id_card"` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.-
-```xml
- <!-- Spain DNI -->
- <Entity id="8e6251b9-47b4-40e8-a42b-0f80876be192" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
- <Match idRef="Keywords_spain_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
- </Pattern>
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_spain_eu_DL_and_NI_number_foreigner" />
- <Match idRef="Keywords_spain_eu_national_id_card" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_spain_eu_DL_and_NI_number_foreigner" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_spain_eu_national_id_card
--- carné de identidad-- dni#-- dni-- dninúmero#-- documento nacional de identidad-- identidad único-- identidadúnico#-- insurance number-- national identification number-- national identity-- nationalid#-- nationalidno#-- nie#-- nie-- nienúmero#-- número de identificación-- número nacional identidad-- personal identification number-- personal identity no-- unique identity number-- uniqueid#-
-## Spain driver's license number
-
-### Format
-
-eight digits followed by one character
-
-### Pattern
-
-eight digits followed by one character:
--- eight digits-- one digit or letter (not case-sensitive)-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_spain_eu_driver's_license_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.-
-```xml
- <!-- Spain Driver's License Number -->
- <Entity id="d5a82922-b501-4f40-8868-341321146aa2" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_spain_eu_driver's_license_number" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
- </Pattern>
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_spain_eu_DL_and_NI_number_foreigner" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_spain_eu_driver's_license_number" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_spain_eu_DL_and_NI_number_foreigner" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_spain_eu_driver's_license_number
--- permiso de conducci├│n-- permiso conducci├│n-- licencia de conducir-- licencia conducir-- permiso conducir-- permiso de conducir-- permisos de conducir-- permisos conducir-- carnet conducir-- carnet de conducir-- licencia de manejo-- licencia manejo-
-## Spain passport number
-
-### Format
-
-an eight- or nine-character combination of letters and numbers with no spaces or delimiters
-
-### Pattern
-
-an eight- or nine-character combination of letters and numbers:
--- two digits or letters-- one digit or letter (optional)-- six digits-
-### Checksum
-
-Not applicable
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.-- The regular expression `Regex_spain_eu_passport_date` finds date in the format DD-MM-YYYY or a keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.-
-```xml
- <!-- Spain Passport Number -->
- <Entity id="d17a57de-9fa5-4e9f-85d3-85c26d89686e" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_spain_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_spain_eu_passport_number" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_spain_eu_passport_date" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_spain_eu_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_spain_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_spain_eu_passport_number
--- libreta pasaporte-- n├║mero pasaporte-- espa├▒a pasaporte-- n├║meros de pasaporte-- n├║mero de pasaporte-- n├║meros pasaporte-- pasaporte no-- Passeport n┬░-- n┬░ Passeport-- pasaporte no.-- pasaporte n┬░-- spain passport-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Spain physical addresses
-
-This unbundled named entity detects patterns related to physical address from Spain. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Spain social security number (SSN)
-
-### Format
-
-11-12 digits
-
-### Pattern
-
-11-12 digits:
--- two digits-- a forward slash (optional)-- seven to eight digits-- a forward slash (optional)-- two digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_spanish_social_security_number finds content that matches the pattern.-- The checksum passes.--
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_spanish_social_security_number finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- Spain SSN -->
- <Entity id="5df987c0-8eae-4bce-ace7-b316347f3070" patternsProximity="300" recommendedConfidence="85" relaxProximity="true" >
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_spanish_social_security_number" />
- <Match idRef="Keywords_spain_eu_ssn_or_equivalent" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_spanish_social_security_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_spain_eu_passport_number
--- ssn-- ssn#-- socialsecurityno-- social security no-- social security number-- n├║mero de la seguridad social-
-## Spain tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-seven or eight digits and one or two letters in the specified pattern
-
-### Pattern
-
-Spanish Natural Persons with a Spain National Identity Card:
--- eight digits-- one uppercase letter (case-sensitive)-
-Non-resident Spaniards without a Spain National Identity Card
--- one uppercase letter "L" (case-sensitive)-- seven digits-- one uppercase letter (case-sensitive)-
-Resident Spaniards under the age of 14 years without a Spain National Identity Card:
--- one uppercase letter "K" (case-sensitive)-- seven digits-- one uppercase letter (case-sensitive)-
-Foreigners with a Foreigner's Identification Number
--- one uppercase letter that is "X", "Y", or "Z" (case-sensitive)-- seven digits-- one uppercase letter (case-sensitive)-
-Foreigners without a Foreigner's Identification Number
--- one uppercase letter that is "M" (case-sensitive)-- seven digits-- one uppercase letter (case-sensitive)-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_spain_eu_tax_file_number` or `Func_spain_eu_DL_and_NI_number_citizen` finds content that matches the pattern.-- A keyword from `Keywords_spain_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_spain_eu_tax_file_number` or `Func_spain_eu_DL_and_NI_number_citizen` finds content that matches the pattern.-
-```xml
- <!-- Spain Tax Identification Number -->
- <Entity id="10f0d113-b0e1-47dc-872a-a4f45b9376a3" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_spain_eu_tax_file_number" />
- <Match idRef="Keywords_spain_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_spain_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
- <Match idRef="Keywords_spain_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_spain_eu_tax_file_number
--- cif-- cifid#-- cifn├║mero#-- n├║mero de contribuyente-- n├║mero de identificaci├│n fiscal-- n├║mero de impuesto corporativo-- spanishcifid#-- spanishcifid-- spanishcifno#-- spanishcifno-- tax file no-- tax file number-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## SQL Server connection string
-
-### Format
-
-The string "User Id", "User ID", "uid", or "UserId" followed by the characters and strings outlined in the pattern below.
-
-### Pattern
--- the string "User Id", "User ID", "uid", or "UserId"-- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces-- the string "Password" or "pwd" where "pwd" isn't preceded by a lowercase letter-- an equal sign (=)-- any character that isn't a dollar sign ($), percent symbol (%), greater than symbol (>), at symbol (@), quotation mark ("), semicolon (;), left brace([), or left bracket ({)-- any combination of 7-128 characters that aren't a semicolon (;), forward slash (/), or quotation mark (")-- a semicolon (;) or quotation mark (")-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression CEP_Regex_SQLServerConnectionString finds content that matches the pattern.-- A keyword from CEP_GlobalFilter isn't found.-- The regular expression CEP_PasswordPlaceHolder doesn't find content that matches the pattern.-- The regular expression CEP_CommonExampleKeywords doesn't find content that matches the pattern.-
-```sql
-<!SQL Server Connection String>
-<Entity id="e76b6205-d3cb-46f2-bd63-c90153f2f97d" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="CEP_Regex_SQLServerConnectionString" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="CEP_GlobalFilter" />
- <Match idRef="CEP_PasswordPlaceHolder" />
- <Match idRef="CEP_CommonExampleKeywords" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### CEP_GlobalFilter
--- some-password-- somepassword-- secretPassword-- sample-
-#### CEP_PasswordPlaceHolder
-
-This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
--- Password or pwd followed by 0-2 spaces, an equal sign (=), 0-2 spaces, and an asterisk (*)--OR--- Password or pwd followed by:
- - Equal sign (=)
- - Less than symbol (<)
- - Any combination of 1-200 characters that are upper- or lowercase letters, digits, an asterisk (*), hyphen (-), underline (_), or whitespace character
- - Greater than symbol (>)
-
-#### CEP_CommonExampleKeywords
-
-This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
--- contoso-- fabrikam-- northwind-- sandbox-- onebox-- localhost-- 127.0.0.1-- testacs.<!--no-hyperlink-->com-- s-int.<!--no-hyperlink-->net-
-## Surgical procedures
-
-This unbundled named entity detects terms related to surgical procedures, such as *appendectomy*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## Sweden driver's license number
-
-### Format
-
-10 digits containing a hyphen
-
-### Pattern
-
-10 digits containing a hyphen:
--- six digits-- a hyphen-- four digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression `Regex_sweden_eu_driver's_license_number` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_sweden_eu_driver's_license_number` is found.-
-```xml
- <!-- Sweden Driver's License Number -->
- <Entity id="70088720-90dd-47f5-805e-5525f3567391" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_sweden_eu_driver's_license_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_driver's_license_number" />
- <Match idRef="Keywords_sweden_eu_driver's_license_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-#### Keywords_sweden_eu_driver's_license_number
--- ajokortti-- permis de conducere-- ajokortin numero-- kuljettajat lic.-- drivere lic.-- körkort-- numărul permisului de conducere-- שאָפער דערלויבעניש נומער-- förare lic.-- דריווערס דערלויבעניש-- körkortsnummer-
-## Sweden national ID
-
-### Format
-
-10 or 12 digits and an optional delimiter
-
-### Pattern
-
-10 or 12 digits and an optional delimiter:
--- two digits (optional)-- Six digits in date format YYMMDD-- delimiter of "-" or "+" (optional)-- four digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_swedish_national_identifier` finds content that matches the pattern.-- A keyword from `Keywords_swedish_national_identifier` is found-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_swedish_national_identifier` finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- Sweden National ID -->
- <Entity id="f69aaf40-79be-4fac-8f05-fd1910d272c8" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_swedish_national_identifier" />
- <Match idRef="Keywords_swedish_national_identifier" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_swedish_national_identifier" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_swedish_national_identifier
--- id no-- id number-- id#-- identification no-- identification number-- identifikationsnumret#-- identifikationsnumret-- identitetshandling-- identity document-- identity no-- identity number-- id-nummer-- personal id-- personnummer#-- personnummer-- skatteidentifikationsnummer-
-## Sweden passport number
-
-### Format
-
-eight digits
-
-### Pattern
-
-eight consecutive digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- the regular expression Regex_sweden_passport_number finds content that matches the pattern.-- a keyword from `Keywords_eu_passport_number` or `Keyword_sweden_passport` is found.-- the regular expression `Regex_sweden_eu_passport_date` finds a date in the format DD MMM/MMM YY (01 JAN/JAN 12) or a keyword from `Keywords_eu_passport_date` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- the regular expression Regex_sweden_passport_number finds content that matches the pattern.-- a keyword from `Keywords_eu_passport_number` or `Keyword_sweden_passport` is found.-
-```xml
- <!-- Sweden Passport Number -->
- <Entity id="ba4e7456-55a9-4d89-9140-c33673553526" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Regex_sweden_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keyword_sweden_passport" />
- </Any>
- <Any minMatches="1">
- <Match idRef="Regex_sweden_eu_passport_date" />
- <Match idRef="Keywords_eu_passport_date" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_sweden_passport_number" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keyword_sweden_passport" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keyword_sweden_passport
--- alien registration card-- g3 processing fees-- multiple entry-- Numéro de passeport-- passeport n °-- passeport non-- passeport #-- passeport#-- passeportnon-- passeportn °-- passnummer-- pass nr-- schengen visa-- schengen visas-- single entry-- sverige pass-- visa requirements-- visa processing-- visa type-
-#### Keywords_eu_passport_date
--- date of issue-- date of expiry-
-## Sweden physical addresses
-
-This unbundled named entity detects patterns related to physical address from Sweden. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Sweden tax identification number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10 digits and a symbol in the specified pattern
-
-### Pattern
-
-10 digits and a symbol:
--- six digits that correspond to the birth date (YYMMDD)-- a plus sign or minus sign-- three digits that make the identification number unique where:
- - for numbers issued before 1990, the seventh and eighth digit identify the county of birth or foreign-born people
- - the digit in the ninth position indicates gender by either odd for male or even for female
-- one check digit-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_sweden_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_sweden_eu_tax_file_number` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_sweden_eu_tax_file_number` finds content that matches the pattern.-
-```xml
- <!-- Sweden Tax Identification Number -->
- <Entity id="139acba0-a5bc-4fbb-876d-f7a493ae8a40" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_sweden_eu_tax_file_number" />
- <Match idRef="Keywords_sweden_eu_tax_file_number" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_sweden_eu_tax_file_number" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keywords_sweden_eu_telephone_number" />
- <Match idRef="Keywords_sweden_eu_mobile_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_sweden_eu_tax_file_number
--- personal id number-- personnummer-- skatt id nummer-- skatt identifikation-- skattebetalarens identifikationsnummer-- sverige tin-- tax file-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax number-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## SWIFT code
-
-### Format
-
-four letters followed by 5-31 letters or digits
-
-### Pattern
-
-four letters followed by 5-31 letters or digits:
--- four-letter bank code (not case-sensitive)-- an optional space-- 4-28 letters or digits (the Basic Bank Account Number (BBAN))-- an optional space-- one to three letters or digits (remainder of the BBAN)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_swift finds content that matches the pattern.-- A keyword from Keyword_swift is found.-
-```xml
-<Entity id="cb2ab58c-9cb8-4c81-baf8-a4e106791df4" patternsProximity="300" recommendedConfidence="75">
-<Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_swift" />
- <Match idRef="Keyword_swift" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_swift
--- international organization for standardization 9362-- iso 9362-- iso9362-- swift#-- swiftcode-- swiftnumber-- swiftroutingnumber-- swift code-- swift number #-- swift routing number-- bic number-- bic code-- bic #-- bic#-- bank identifier code-- Organisation internationale de normalisation 9362-- rapide #-- code SWIFT-- le numéro de swift-- swift numéro d'acheminement-- le numéro BIC-- \# BIC-- code identificateur de banque-- SWIFTコード-- SWIFT番号-- BIC番号-- BICコード-- SWIFT コード-- SWIFT 番号-- BIC 番号-- BIC コード-- 金融機関識別コード-- 金融機関コード-- 銀行コード-
-## Switzerland physical addresses
-
-This unbundled named entity detects patterns related to physical address from Switzerland. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Switzerland SSN AHV number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-13-digit number
-
-### Pattern
-
-13-digit number:
--- three digits - 756-- an optional dot-- four digits-- an optional dot-- four digits-- an optional dot-- two digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_swiss_social_security_number_ahv finds content that matches the pattern.-- A keyword from Keywords_swiss_social_security_number_ahv is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_swiss_social_security_number_ahv finds content that matches the pattern.-
-```xml
- <!-- Swiss SSN AHV Number -->
- <Entity id="277cfa4b-6eaa-4a1b-9492-099dec849971" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_swiss_social_security_number_ahv" />
- <Match idRef="Keywords_swiss_social_security_number_ahv" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_swiss_social_security_number_ahv" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_swiss_ssn_AHV_number
--- ahv-- ssn-- pid-- insurance number-- personalidno#-- social security number-- personal id number-- personal identification no.-- insuranceno#-- uniqueidno#-- unique identification no.-- avs number-- personal identity no versicherungsnummer-- identifikationsnummer-- einzigartige identität nicht-- sozialversicherungsnummer-- identification personnelle id-- numéro de sécurité sociale-
-## Taiwan national identification number
-
-### Format
-
-one letter (in English) followed by nine digits
-
-### Pattern
-
-one letter (in English) followed by nine digits:
--- one letter (in English, not case-sensitive)-- the digit "1" or "2"-- eight digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_taiwanese_national_id finds content that matches the pattern.-- A keyword from Keyword_taiwanese_national_id is found.-- The checksum passes.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_taiwanese_national_id finds content that matches the pattern.-- The checksum passes.-
-```xml
-<!-- Taiwanese National ID -->
-<Entity id="4C7BFC34-8DD1-421D-8FB7-6C6182C2AF03" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_taiwanese_national_id" />
- <Match idRef="Keyword_taiwanese_national_id" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_taiwanese_national_id" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_taiwan_national_id
--- 身份證字號-- 身份證-- 身份證號碼-- 身份證號-- 身分證字號-- 身分證-- 身分證號碼-- 身份證號-- 身分證統一編號-- 國民身分證統一編號-- 簽名-- 蓋章-- 簽名或蓋章-- 簽章-
-## Taiwan passport number
-
-### Format
--- biometric passport number: nine digits-- non-biometric passport number: nine digits-
-### Pattern
-biometric passport number:
--- the character "3"-- eight digits-
-non-biometric passport number:
--- nine digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_taiwan_passport finds content that matches the pattern.-- A keyword from Keyword_taiwan_passport is found.-
-```xml
-<!-- Taiwan Passport Number -->
-<Entity id="e7251cb4-4c2c-41df-963e-924eb3dae04a" recommendedConfidence="75" patternsProximity="300">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_taiwan_passport"/>
- <Match idRef="Keyword_taiwan_passport"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_taiwan_passport
--- ROC passport number-- Passport number-- Passport no-- Passport Num-- Passport #-- 护照-- 中華民國護照-- Zhōnghuá Mínguó hùzhào-
-## Taiwan-resident certificate (ARC/TARC) number
-
-### Format
-
-10 letters and digits
-
-### Pattern
-
-10 letters and digits:
--- two letters (not case-sensitive)-- eight digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_taiwan_resident_certificate finds content that matches the pattern.-- A keyword from Keyword_taiwan_resident_certificate is found.-
-```xml
-<!-- Taiwan Resident Certificate (ARC/TARC) -->
-<Entity id="48269fec-05ea-46ea-b326-f5623a58c6e9" recommendedConfidence="75" patternsProximity="300">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_taiwan_resident_certificate"/>
- <Match idRef="Keyword_taiwan_resident_certificate"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_taiwan_resident_certificate
--- Resident Certificate-- Resident Cert-- Resident Cert.-- Identification card-- Alien Resident Certificate-- ARC-- Taiwan Area Resident Certificate-- TARC-- 居留證-- 外僑居留證-- 台灣地區居留證-
-## Thai population identification code
-
-### Format
-
-13 digits
-
-### Pattern
-
-13 digits:
--- first digit isn't zero or nine-- 12 digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Thai_Citizen_Id finds content that matches the pattern.-- A keyword from Keyword_Thai_Citizen_Id is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Thai_Citizen_Id finds content that matches the pattern.-
-```xml
-<!-- Thai Citizen ID -->
--<Entity id="44ca9e86-ead7-4c5d-884a-e2eaa401515e" recommendedConfidence="75" patternsProximity="300">
- -<Pattern confidenceLevel="85">
- <IdMatch idRef="Func_Thai_Citizen_Id"/>
- <Match idRef="Keyword_Thai_Citizen_Id"/>
- </Pattern>
- -<Pattern confidenceLevel="75">
- <IdMatch idRef="Func_Thai_Citizen_Id"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_thai_citizen_Id
--- ID Number-- Identification Number-- บัตรประชาชน-- รหัสบัตรประชาชน-- บัตรประชาชน-- รหัสบัตรประชาชน-
-## Turkey national identification number
-
-### Format
-
-11 digits
-
-### Pattern
-
-11 digits
-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Turkish_National_Id finds content that matches the pattern.-- A keyword from Keyword_Turkish_National_Id is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_Turkish_National_Id finds content that matches the pattern.-
-```xml
-<!-- Turkish National Identity -->
--<Entity id="fb621f20-3876-4cfc-acec-8c8e73ca32c7" recommendedConfidence="75" patternsProximity="300">
- -<Pattern confidenceLevel="85">
- <IdMatch idRef="Func_Turkish_National_Id"/>
- <Match idRef="Keyword_Turkish_National_Id"/>
- </Pattern>
- -<Pattern confidenceLevel="75">
- <IdMatch idRef="Func_Turkish_National_Id"/>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_turkish_national_id
--- TC Kimlik No-- TC Kimlik numarası-- Vatandaşlık numarası-- Vatandaşlık no-
-## Turkey physical addresses
-
-This unbundled named entity detects patterns related to physical address from Turkey. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## Types of medication
-
-This unbundled named entity detects medication names, such as *insulin*. It supports English terms only. It's also included in the [All medical terms and conditions](#all-medical-terms-and-conditions) bundled named entity SIT.
-
-### Confidence level
-
-High
-
-## U.K. driver's license number
-
-### Format
-
-Combination of 18 letters and digits in the specified format
-
-### Pattern
-
-18 letters and digits:
--- Five letters (not case-sensitive) or the digit "9" in place of a letter.-- One digit.-- Five digits in the date format MMDDY for date of birth. The seventh character is incremented by 50 if driver is female; for example, 51 to 62 instead of 01 to 12.-- Two letters (not case-sensitive) or the digit "9" in place of a letter.-- Five digits.-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_uk_drivers_license` finds content that matches the pattern.-- A keyword from `Keywords_eu_driver's_license_number` is found.-- The checksum passes.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_uk_drivers_license` finds content that matches the pattern.-- The checksum passes.-
-```xml
- <!-- U.K. Driver's License Number -->
- <Entity id="f93de4be-d94c-40df-a8be-461738047551" patternsProximity="300" recommendedConfidence="75" relaxProximity="true" >
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_uk_drivers_license" />
- <Match idRef="Keywords_eu_driver's_license_number" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_uk_drivers_license" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_driver's_license_number
--- driverlic-- driverlics-- driverlicense-- driverlicenses-- driverlicence-- driverlicences-- driver lic-- driver lics-- driver license-- driver licenses-- driver licence-- driver licences-- driverslic-- driverslics-- driverslicence-- driverslicences-- driverslicense-- driverslicenses-- drivers lic-- drivers lics-- drivers license-- drivers licenses-- drivers licence-- drivers licences-- driver'lic-- driver'lics-- driver'license-- driver'licenses-- driver'licence-- driver'licences-- driver' lic-- driver' lics-- driver' license-- driver' licenses-- driver' licence-- driver' licences-- driver'slic-- driver'slics-- driver'slicense-- driver'slicenses-- driver'slicence-- driver'slicences-- driver's lic-- driver's lics-- driver's license-- driver's licenses-- driver's licence-- driver's licences-- dl#-- dls#-- driverlic#-- driverlics#-- driverlicense#-- driverlicenses#-- driverlicence#-- driverlicences#-- driver lic#-- driver lics#-- driver license#-- driver licenses#-- driver licences#-- driverslic#-- driverslics#-- driverslicense#-- driverslicenses#-- driverslicence#-- driverslicences#-- drivers lic#-- drivers lics#-- drivers license#-- drivers licenses#-- drivers licence#-- drivers licences#-- driver'lic#-- driver'lics#-- driver'license#-- driver'licenses#-- driver'licence#-- driver'licences#-- driver' lic#-- driver' lics#-- driver' license#-- driver' licenses#-- driver' licence#-- driver' licences#-- driver'slic#-- driver'slics#-- driver'slicense#-- driver'slicenses#-- driver'slicence#-- driver'slicences#-- driver's lic#-- driver's lics#-- driver's license#-- driver's licenses#-- driver's licence#-- driver's licences#-- driving licence-- driving license-- dlno#-- driv lic-- driv licen-- driv license-- driv licenses-- driv licence-- driv licences-- driver licen-- drivers licen-- driver's licen-- driving lic-- driving licen-- driving licenses-- driving licence-- driving licences-- driving permit-- dl no-- dlno-- dl number-
-## U.K. electoral roll number
-
-### Format
-
-two letters followed by 1-4 digits
-
-### Pattern
-
-two letters (not case-sensitive) followed by 1-4 numbers
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_uk_electoral finds content that matches the pattern.-- A keyword from Keyword_uk_electoral is found.-
-```xml
-<!-- U.K. Electoral Number -->
-<Entity id="a3eea206-dc0c-4f06-9e22-aa1be3059963" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_uk_electoral" />
- <Any minMatches="1">
- <Match idRef="Keyword_uk_electoral" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_uk_electoral
--- council nomination-- nomination form-- electoral register-- electoral roll-
-## U.K. national health service number
-
-### Format
-
-10-17 digits separated by spaces
-
-### Pattern
-
-10-17 digits:
--- either 3 or 10 digits-- a space-- three digits-- a space-- four digits-
-### Checksum
-
-Yes
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_uk_nhs_number finds content that matches the pattern.-- One of the following is true:
- - A keyword from Keyword_uk_nhs_number is found.
- - A keyword from Keyword_uk_nhs_number1 is found.
- - A keyword from Keyword_uk_nhs_number_dob is found.
-- The checksum passes.-
-```xml
-<!-- U.K. NHS Number -->
-<Entity id="3192014e-2a16-44e9-aa69-4b20375c9a78" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_uk_nhs_number" />
- <Any minMatches="1">
- <Match idRef="Keyword_uk_nhs_number" />
- <Match idRef="Keyword_uk_nhs_number1" />
- <Match idRef="Keyword_uk_nhs_number_dob" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_uk_nhs_number
--- national health service-- nhs-- health services authority-- health authority-
-#### Keyword_uk_nhs_number1
--- patient id-- patient identification-- patient no-- patient number-
-#### Keyword_uk_nhs_number_dob
--- GP-- DOB-- D.O.B-- Date of Birth-- Birth Date-
-## U.K. national insurance number (NINO)
-
-This sensitive information type entity is included in the EU National Identification Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
-
-### Format
-
-seven characters or nine characters separated by spaces or dashes
-
-### Pattern
-
-two possible patterns:
--- two letters (valid NINOs use only certain characters in this prefix, which this pattern validates; not case-sensitive)-- six digits-- either 'A', 'B', 'C', or 'D' (like the prefix, only certain characters are allowed in the suffix; not case-sensitive)-
-OR
--- two letters-- a space or dash-- two digits-- a space or dash-- two digits-- a space or dash-- two digits-- a space or dash-- either 'A', 'B', 'C', or 'D'-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_uk_nino finds content that matches the pattern.-- A keyword from Keyword_uk_nino is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_uk_nino finds content that matches the pattern.-
-```xml
- <!-- U.K. NINO -->
- <Entity id="16c07343-c26f-49d2-a987-3daf717e94cc" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_uk_nino" />
- <Match idRef="Keyword_uk_nino" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_uk_nino" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_uk_nino
--- national insurance number-- national insurance contributions-- protection act-- insurance-- social security number-- insurance application-- medical application-- social insurance-- medical attention-- social security-- great britain-- NI Number-- NI No.-- NI #-- NI#-- insurance#-- insurancenumber-- nationalinsurance#-- nationalinsurancenumber-
-## U.K. physical addresses
-
-This unbundled named entity detects patterns related to physical address from the U.K.. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## U.K. Unique Taxpayer Reference Number
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-10 digits without spaces and delimiters
-
-### Pattern
-
-10 digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_uk_eu_tax_file_number` finds content that matches the pattern.-- A keyword from `Keywords_uk_eu_tax_file_number` is found.-
-```xml
- <!-- U.K. Unique Taxpayer Reference Number -->
- <Entity id="ad4a8116-0db8-439a-b545-6d967642f0ec" patternsProximity="300" recommendedConfidence="85">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_uk_eu_tax_file_number" />
- <Match idRef="Keywords_uk_eu_tax_file_number" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_uk_eu_tax_file_number
--- tax number-- tax file-- tax id-- tax identification no-- tax identification number-- tax no#-- tax no-- tax registration number-- taxid#-- taxidno#-- taxidnumber#-- taxno#-- taxnumber#-- taxnumber-- tin id-- tin no-- tin#-
-## U.S. bank account number
-
-### Format
-
-6-17 digits
-
-### Pattern
-
-6-17 consecutive digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regular expression Regex_usa_bank_account_number finds content that matches the pattern.-- A keyword from Keyword_usa_Bank_Account is found.-
-```xml
-<!-- U.S. Bank Account Number -->
-<Entity id="a2ce32a8-f935-4bb6-8e96-2a5157672e2c" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_usa_bank_account_number" />
- <Match idRef="Keyword_usa_Bank_Account" />
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_usa_Bank_Account
--- Checking Account Number-- Checking Account-- Checking Account #-- Checking Acct Number-- Checking Acct #-- Checking Acct No.-- Checking Account No.-- Bank Account Number-- Bank Account #-- Bank Acct Number-- Bank Acct #-- Bank Acct No.-- Bank Account No.-- Savings Account Number-- Savings Account.-- Savings Account #-- Savings Acct Number-- Savings Acct #-- Savings Acct No.-- Savings Account No.-- Debit Account Number-- Debit Account-- Debit Account #-- Debit Acct Number-- Debit Acct #-- Debit Acct No.-- Debit Account No.-
-## U.S. driver's license number
-
-### Format
-
-Depends on the state
-
-### Pattern
-
-depends on the state - for example, New York:
--- nine digits formatted like ddd ddd ddd will match.-- nine digits like ddddddddd won't match.-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_new_york_drivers_license_number finds content that matches the pattern.-- A keyword from Keyword_[state_name]_drivers_license_name is found.-- A keyword from Keyword_us_drivers_license is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_new_york_drivers_license_number finds content that matches the pattern.-- A keyword from Keyword_[state_name]_drivers_license_name is found.-- A keyword from Keyword_us_drivers_license_abbreviations is found.-- No keyword from Keyword_us_drivers_license is found.-
-```xml
-<Entity id="dfeb356f-61cd-459e-bf0f-7c6d28b458c6 patternsProximity="300">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_new_york_drivers_license_number" />
- <Match idRef="Keyword_new_york_drivers_license_name" />
- <Match idRef="Keyword_us_drivers_license" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_new_york_drivers_license_number" />
- <Match idRef="Keyword_new_york_drivers_license_name" />
- <Match idRef="Keyword_us_drivers_license_abbreviations" />
- <Any minMatches="0" maxMatches="0">
- <Match idRef="Keyword_us_drivers_license" />
- </Any>
- </Pattern>
-</Entity>
-```
-
-### Keywords
-
-#### Keyword_us_drivers_license_abbreviations
--- DL-- DLS-- CDL-- CDLS-- ID-- IDs-- DL#-- DLS#-- CDL#-- CDLS#-- ID#-- IDs#-- ID number-- ID numbers-- LIC-- LIC#-- DLN-
-#### Keyword_us_drivers_license
--- DriverLic-- DriverLics-- DriverLicense-- DriverLicenses-- Driver Lic-- Driver Lics-- Driver License-- Driver Licenses-- DriversLic-- DriversLics-- DriversLicense-- DriversLicenses-- Drivers Lic-- Drivers Lics-- Drivers License-- Drivers Licenses-- Driver'Lic-- Driver'Lics-- Driver'License-- Driver'Licenses-- Driver' Lic-- Driver' Lics-- Driver' License-- Driver' Licenses-- Driver'sLic-- Driver'sLics-- Driver'sLicense-- Driver'sLicenses-- Driver's Lic-- Driver's Lics-- Driver's License-- Driver's Licenses-- identification number-- identification numbers-- identification #-- id card-- id cards-- identification card-- identification cards-- DriverLic#-- DriverLics#-- DriverLicense#-- DriverLicenses#-- Driver Lic#-- Driver Lics#-- Driver License#-- Driver Licenses#-- DriversLic#-- DriversLics#-- DriversLicense#-- DriversLicenses#-- Drivers Lic#-- Drivers Lics#-- Drivers License#-- Drivers Licenses#-- Driver'Lic#-- Driver'Lics#-- Driver'License#-- Driver'Licenses#-- Driver' Lic#-- Driver' Lics#-- Driver' License#-- Driver' Licenses#-- Driver'sLic#-- Driver'sLics#-- Driver'sLicense#-- Driver'sLicenses#-- Driver's Lic#-- Driver's Lics#-- Driver's License#-- Driver's Licenses#-- id card#-- id cards#-- identification card#-- identification cards#-
-#### Keyword_[state_name]_drivers_license_name
--- state abbreviation (for example, "NY")-- state name (for example, "New York")-
-## U.S. individual taxpayer identification number (ITIN)
-
-### Format
-
-nine digits that start with a "9" and contain a "7" or "8" as the fourth digit, optionally formatted with spaces or dashes
-
-### Pattern
-
-formatted:
--- the digit "9"-- two digits-- a space or dash-- a "7" or "8"-- a digit-- a space, or dash-- four digits-
-unformatted:
--- the digit "9"-- two digits-- a "7" or "8"-- five digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_formatted_itin finds content that matches the pattern.-- A keyword from Keyword_itin is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_unformatted_itin finds content that matches the pattern.-- A keyword from Keyword_itin is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_formatted_itin or Func_unformatted_itin finds content that matches the pattern.-
-```xml
- <!-- U.S. Individual Taxpayer Identification Number (ITIN) -->
- <Entity id="e55e2a32-f92d-4985-a35d-a0b269eb687b" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_formatted_itin" />
- <Match idRef="Keyword_itin" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_unformatted_itin" />
- <Match idRef="Keyword_itin" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_formatted_itin" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_unformatted_itin" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_itin
--- taxpayer-- tax id-- tax identification-- itin-- i.t.i.n.-- ssn-- tin-- social security-- tax payer-- itins-- taxid-- individual taxpayer-
-## U.S. physical addresses
-
-This unbundled named entity detects patterns related to physical address from the U.S.. It's also included in the [All Physical Addresses](#all-physical-addresses) bundled named entity SIT.
-
-### Confidence level
-
-Medium
-
-## U.S. social security number (SSN)
-
-### Format
-
-nine digits, which may be in a formatted or unformatted pattern
-
-> [!NOTE]
-> If issued before mid-2011, an SSN has strong formatting where certain parts of the number must fall within certain ranges to be valid (but there's no checksum).
-
-### Pattern
-
-four functions look for SSNs in four different patterns:
--- Func_ssn finds SSNs with pre-2011 strong formatting that are formatted with dashes or spaces (ddd-dd-dddd OR ddd dd dddd)-- Func_unformatted_ssn finds SSNs with pre-2011 strong formatting that are unformatted as nine consecutive digits (ddddddddd)-- Func_randomized_formatted_ssn finds post-2011 SSNs that are formatted with dashes or spaces (ddd-dd-dddd OR ddd dd dddd)-- Func_randomized_unformatted_ssn finds post-2011 SSNs that are unformatted as nine consecutive digits (ddddddddd)-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_ssn` finds content that matches the pattern.-- A keyword from `Keyword_ssn` is found.-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_unformatted_ssn` finds content that matches the pattern.-- A keyword from `Keyword_ssn` is found.-
-A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function `Func_randomized_formatted_ssn` or `Func_randomized_unformatted_ssn` finds content that matches the pattern.-- A keyword from `Keyword_ssn` is found.-
-```xml
-<!-- U.S. Social Security Number (SSN) -->
- <Entity id="a44669fe-0d48-453d-a9b1-2cc83f2cba77" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_ssn" />
- <Match idRef="Keyword_ssn" />
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_unformatted_ssn" />
- <Match idRef="Keyword_ssn" />
- </Pattern>
- <Pattern confidenceLevel="65">
- <IdMatch idRef="Func_randomized_formatted_ssn" />
- <Match idRef="Keyword_ssn" />
- </Pattern>
- <Pattern confidenceLevel="55">
- <IdMatch idRef="Func_randomized_unformatted_ssn" />
- <Match idRef="Keyword_ssn" />
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_ssn
--- SSA Number-- social security number-- social security #-- social security#-- social security no-- Social Security#-- Soc Sec-- SSN-- SSNS-- SSN#-- SS#-- SSID-
-## U.S./U.K. passport number
-
-### Format
-
-nine digits
-
-### Pattern
--- one letter or digit-- eight digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_usa_uk_passport finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_uk_eu_passport_number` is found.-- A keyword from `Keywords_eu_passport_date` is found-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The function Func_usa_uk_passport finds content that matches the pattern.-- A keyword from `Keywords_eu_passport_number` or `Keywords_uk_eu_passport_number` is found.-
-```xml
- <!-- U.S. / U.K. Passport Number -->
- <Entity id="178ec42a-18b4-47cc-85c7-d62c92fd67f8" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="85">
- <IdMatch idRef="Func_usa_uk_passport" />
- <Match idRef="Keywords_eu_passport_date" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_uk_eu_passport_number" />
- </Any>
- </Pattern>
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Func_usa_uk_passport" />
- <Any minMatches="1">
- <Match idRef="Keywords_eu_passport_number" />
- <Match idRef="Keywords_uk_eu_passport_number" />
- </Any>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keywords_eu_passport_number
--- passport#-- passport #-- passportid-- passports-- passportno-- passport no-- passportnumber-- passport number-- passportnumbers-- passport numbers-
-#### Keywords_uk_eu_passport_number
--- british passport-- uk passport-
-## Ukraine passport domestic
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-nine digits
-
-### Pattern
-
-nine digits
-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regex Regex_Ukraine_Passport_Domestic finds content that matches the pattern.-- A keyword from Keyword_Ukraine_Passport_Domestic is found.-
-```xml
- <!-- Ukraine Passport Domestic -->
- <Entity id="1817a540-221f-4459-9202-3bd78b81d803" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_Ukraine_Passport_Domestic"/>
- <Match idRef="Keyword_Ukraine_Passport_Domestic"/>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_ukraine_passport_domestic
--- ukraine passport-- passport number-- passport no-- паспорт України-- номер паспорта-- персональний-
-## Ukraine passport international
-
-This sensitive information type is only available for use in:
--- data loss prevention policies-- communication compliance policies-- data lifecycle management-- records management-- Microsoft Defender for Cloud Apps-
-### Format
-
-eight-character alphanumeric pattern
-
-### Pattern
-
-eight-character alphanumeric pattern:
--- two letters or digits-- six digits-
-### Checksum
-
-No
-
-### Definition
-
-A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
--- The regex Regex_Ukraine_Passport_International finds content that matches the pattern.-- A keyword from Keyword_Ukraine_Passport_International is found.-
-```xml
- <!-- Ukraine Passport International -->
- <Entity id="cfbe032d-22e0-4f28-ab68-d66e9641f1e2" patternsProximity="300" recommendedConfidence="75">
- <Pattern confidenceLevel="75">
- <IdMatch idRef="Regex_Ukraine_Passport_International"/>
- <Match idRef="Keyword_Ukraine_Passport_International"/>
- </Pattern>
- </Entity>
-```
-
-### Keywords
-
-#### Keyword_ukraine_passport_international
--- ukraine passport-- passport number-- passport no-- паспорт України-- номер паспорта
compliance Sensitive Information Type Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-learn-about.md
Microsoft provides a large number of pre-configured SITs or you can create your
- [Auto-labelling policies](apply-sensitivity-label-automatically.md#how-to-configure-auto-labeling-for-office-apps) - [Microsoft Priva](/privacy/priva) ++ ## Categories of sensitive information types ### Built in sensitive information types
compliance Sensitivity Labels Aip https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-aip.md
Alternatively, you can interactively disable or remove the **Microsoft Azure Inf
Whichever method you choose, the changes take effect when Office apps restart.
-If, after making these changes, the **Sensitivity** button doesn't display on the Office ribbon, check whether sensitivity labeling has been [turned off](sensitivity-labels-office-apps.md#if-you-need-to-turn-off-built-in-labeling-in-office-apps-on-windows). Although this isn't the default configuration, an administrator might have explicitly set this configuration by using Group Policy or by directly editing the registry.
+If after making these changes the **Sensitivity** button doesn't display on the Office ribbon, check whether sensitivity labeling has been [turned off](sensitivity-labels-office-apps.md#if-you-need-to-turn-off-built-in-labeling-in-office-apps-on-windows). Although this isn't the default configuration, an administrator might have explicitly set this configuration by using Group Policy or by directly editing the registry.
> [!NOTE] > Built-in labels require a subscription edition of Office apps. If you have standalone editions of Office, sometimes called "Office Perpetual", we recommend you upgrade to Microsoft 365 Apps for Enterprise to benefit from the [latest labeling capabilities](sensitivity-labels-office-apps.md#support-for-sensitivity-label-capabilities-in-apps).
Use the following information to help you identify if you're using a feature fro
| **Category: Encryption** | | |Admin-defined permissions | ![Supported.](../medi#assign-permissions-now) | |User-defined permissions <br> - Do Not Forward for Outlook <br> - User and group custom permissions for Word, Excel, PowerPoint| ![Supported.](../medi#let-users-assign-permissions)|
-|User-defined permissions <br> - Organization-wide custom permissions by specifying domains for Word, Excel, PowerPoint | In planning or development |
+|User-defined permissions <br> - Organization-wide custom permissions by specifying domains for Word, Excel, PowerPoint | [In preview](encryption-sensitivity-labels.md#support-for-organization-wide-custom-permissions) |
|Co-authoring and AutoSave | ![Supported.](../medi) | |Double key encryption | In planning or development | |Document revocation for users | Under review |
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
The numbers listed are the minimum Office application versions required for each
|[Mark the content](sensitivity-labels.md#what-sensitivity-labels-can-do) | Current Channel: 1910+ <br /><br> Monthly Enterprise Channel: 1910+ <br /><br> Semi-Annual Enterprise Channel: 2002+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Dynamic markings with variables](#dynamic-markings-with-variables) | Current Channel: 2010+ <br /><br> Monthly Enterprise Channel: 2010+ <br /><br> Semi-Annual Enterprise Channel: 2102+ | 16.42+ | 2.42+ | 16.0.13328+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | Current Channel: 1910+ <br /><br> Monthly Enterprise Channel: 1910+ <br /><br> Semi-Annual Enterprise Channel: 2002+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
-|[Let users assign permissions: <br /> - Prompt users](encryption-sensitivity-labels.md#let-users-assign-permissions) |Current Channel: 2004+ <br /><br> Monthly Enterprise Channel: 2004+ <br /><br> Semi-Annual Enterprise Channel: 2008+ | 16.35+ | Under review | Under review | Under review |
+|[Let users assign permissions: <br /> - Prompt users for custom permissions (users and groups)](encryption-sensitivity-labels.md#let-users-assign-permissions) |Current Channel: 2004+ <br /><br> Monthly Enterprise Channel: 2004+ <br /><br> Semi-Annual Enterprise Channel: 2008+ | 16.35+ | Under review | Under review | Under review |
+|[Let users assign permissions: <br /> - Prompt users for custom permissions (users, groups, and organizations)](encryption-sensitivity-labels.md#let-users-assign-permissions) |Preview: Rolling out to [Beta Channel](https://office.com/insider) | Under review | Under review | Under review | Under review |
|[Audit label-related user activity](#auditing-labeling-activities) | Current Channel: 2011+ <br /><br> Monthly Enterprise Channel: 2011+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.43+ | 2.46+ | 16.0.13628+ | Yes | |[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Current Channel: 2101+ <br /><br> Monthly Enterprise Channel: 2101+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.45+ | 2.47+ | 16.0.13628+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /> - Using sensitive info types | Current Channel: 2009+ <br /><br> Monthly Enterprise Channel: 2009+ <br /><br> Semi-Annual Enterprise Channel: 2102+ | 16.44+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /> - Using trainable classifiers | Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.49+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Support co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for labeled and encrypted documents | Current Channel: 2107+ <br /><br> Monthly Enterprise Channel: 2107+ <br /><br> Semi-Annual Enterprise Channel: 2202+ | 16.51+ | Preview: 2.58+ when you [opt-in](sensitivity-labels-coauthoring.md#opt-in-to-the-preview-of-co-authoring-for-ios-and-android) | Preview: 16.0.14931+ when you [opt-in](sensitivity-labels-coauthoring.md#opt-in-to-the-preview-of-co-authoring-for-ios-and-android) | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
-|[PDF support](#pdf-support)| Preview: Rolling out to [Beta Channel](https://office.com/insider) | Under review | Under review | Under review | Under review |
+|[PDF support](#pdf-support)| Preview: [Beta Channel](https://office.com/insider) | Under review | Under review | Under review | Under review |
### Sensitivity label capabilities in Outlook
compliance Sensitivity Labels Sharepoint Default Label https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-sharepoint-default-label.md
+
+ Title: "Configure a default sensitivity label for a SharePoint document library"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+ms.localizationpriority: medium
+
+- M365-security-compliance
+- SPO_Content
+search.appverid:
+- MOE150
+- MET150
+description: "Configure a default sensitivity label for a SharePoint document library for new and unlabeled documents."
++
+# Configure a default sensitivity label for a SharePoint document library
+
+>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*
+
+> [!NOTE]
+> This feature is gradually rolling out in preview and subject to change. It is also a premium feature with licensing details to be provided when the feature becomes generally available (GA).
+>
+> To read the preview announcement, see the [Yammer post](https://www.yammer.com/askipteam/threads/1846702701985792).
+
+When SharePoint is [enabled for sensitivity labels](sensitivity-labels-sharepoint-onedrive-files.md), you can configure a default label for document libraries. Then, any new files uploaded to that library, or existing files edited in the library will have that label applied if they don't already have a sensitivity label, or they have a sensitivity label but with [lower priority](sensitivity-labels.md#label-priority-order-matters).
+
+For example, you configure the **Confidential** label as the default sensitivity label for a document library. A user who has **General** as their policy default label saves a new file in that library. SharePoint will label this file as **Confidential** because of that label's higher priority. For a quick summary of the possible outcomes, see [Will an existing label be overridden](#will-an-existing-label-be-overridden) on this page.
+
+A default label offers a baseline level of protection and a form of automatic labeling without content inspection. To help you distinguish between this feature's default label with the default label in label policies:
+
+- **Default sensitivity label for a document library**: Location-based labeling, applicable only for SharePoint. Overrides a lower-priority label unless manually applied.
+- **Default sensitivity label from a policy**: Always applicable for all locations. Never overrides an existing label.
+
+When you use Office on the web to create or edit a file, the default sensitivity label for a document library can be applied without delays. However, labeling is not immediate if you upload a file or create it using Microsoft 365 Apps on Windows, macOS, iOS or Android, and then save to SharePoint:
+
+- File upload: it can take a few minutes for the label to be applied.
+- Microsoft 365 Apps: the label is applied after the app is closed.
+
+## Will an existing label be overridden?
+
+Summary of outcomes:
+
+|Existing label |Override with library default label |
+|:--|:--|:--|
+|Manually applied, any priority| No |
+|Automatically applied, lower priority | Yes |
+|Automatically applied, higher priority | No |
+|Default label from policy, lower priority | Yes |
+|Default label from policy, higher priority | No |
+
+## Requirements
+
+- You have [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md).
+
+- [SharePoint Information Rights Management (IRM) is not enabled for the library](set-up-irm-in-sp-admin-center.md#irm-enable-sharepoint-document-libraries-and-lists). This older technology isn't compatible with using a default sensitivity label for a SharePoint document library. If a library is enabled for IRM, you won't be able to select a default sensitivity label.
+
+## Limitations
+
+- Doesn't apply to existing files at rest in SharePoint.
+
+- Unless you've [enabled co-authoring for files encrypted with sensitivity labels](sensitivity-labels-coauthoring.md), you'll see a delay in applying the default sensitivity label for a document library when users select the **File** \> **Save as** option.
+
+- As with sensitivity labels for Office for the web, some [label configurations that apply encryption](encryption-sensitivity-labels.md#configure-encryption-settings) aren't suitable for SharePoint, and so don't support a default sensitivity label for a SharePoint document library:
+ - **Let users assign permissions when they apply the label** and the checkbox **In Word, PowerPoint, and Excel, prompt users to specify permissions** is selected. This setting is sometimes referred to as "user-defined permissions".
+ - **User access to content expires** is set to a value other than **Never**.
+ - **Double Key Encryption** is selected.
+
+## How to configure a default sensitivity label for a SharePoint document library
+
+For an existing document library:
+
+1. In SharePoint, navigate to the document library > **Settings**.
+
+2. From the **Library settings** flyout pane, select **Default sensitivity labels**, and then select a label from the drop-down box. For example:
+
+ ![Screenshot that shows configuring a default sensitivity label for a SharePoint library.](../media/default-sensitivity-label-spo2.png)
+
+ Although you see the setting mentions support for PDF files, this file type isn't currently supported for this scenario.
+
+If you're creating a new document library, you can configure the same **Default sensitivity labels** setting from the **Create document library** flyout pane.
+
+> [!NOTE]
+> These new settings are gradually rolling out to tenants. If you don't see them, try again in a few days.
+
+## Monitoring application of library default sensitivity labels
+
+Use the SharePoint **Sensitivity** column to see the names of sensitivity labels applied to files. When the label has been applied by this features, the tooltip for the label name displays **This file has been automatically labeled**. However, this tooltip isn't exclusive to the default sensitivity label for a document library. It also displays when sensitivity labels are applied by using auto-labeling policies or as a result of a user's default label from sensitivity label policies.
+
+To specifically identify when the label was applied because of the library's default sensitivity label, use the [audit log in the compliance portal](search-the-audit-log-in-security-and-compliance.md) and the **Applied sensitivity label file** auditing event from the **Sensitivity label activities** group. Then:
+1. Select an entry to view the details in a flyout pane.
+
+2. From the details pane, scroll to the **SensitivityLabelEventData section**, and identify the value for **ActionScourceDetails**.
+
+3. A value of **6** is used for when the label was applied because of the default sensitivity label for the document library.
+
+To audit the configuration setting for this feature, use the **Updated list** auditing event from the **SharePoint list activities** group. In the details flyout pane for the document library, scroll to the **SensitivityLabelEventData** section where **OldSensitivityLabeld** and **SensitivityLabelId** can reflect three changes of states:
+
+- Sensitivity label applied
+- Sensitivity label changed from one label to another
+- Sensitivity label removed
+
+To map sensitivity label GUIDs to label names, use the [Get-Label](/powershell/module/exchange/get-label) cmdlet:
+
+1. First, [connect to Office 365 Security & Compliance Center PowerShell](/powershell/exchange/office-365-scc/connect-to-scc-powershell/connect-to-scc-powershell).
+
+2. Then run the following command, where you specify the GUID:
+
+ ```powershell
+ Get-Label -Identity "<GUID>" | Name
+
+## Next steps
+
+Default labeling ensures a minimum level of protection but doesn't take into account the file contents that might require a higher level of protection. Consider supplementing this labeling method with [automatic labeling](apply-sensitivity-label-automatically.md) that uses content inspection, and encourage [manual labeling](https://support.microsoft.com/office/apply-sensitivity-labels-to-your-files-and-email-in-office-2f96e7cd-d5a4-403b-8bd7-4cc636bae0f9) for users to replace the default label when needed.
compliance Sensitivity Labels Sharepoint Onedrive Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files.md
If you have Microsoft 365 Multi-Geo, you must run this command for each of your
## Next steps
-After you've enabled sensitivity labels for Office files in SharePoint and OneDrive, consider automatically labeling these files by using auto-labeling policies. For more information, see [Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md).
+After you've enabled sensitivity labels for Office files in SharePoint and OneDrive, consider automatically labeling files by using either, or both of the following labeling methods:
+
+- Applying a default sensitivity label for document libraries, for new and edited files in SharePoint. For more information, see [Configure a default sensitivity label for a SharePoint document library](sensitivity-labels-sharepoint-default-label.md).
+- Auto-labeling policies that use content inspection for files in SharePoint and OneDrive. For more information, see [Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md).
Need to share your labeled and encrypted documents with people outside your organization? See [Sharing encrypted documents with external users](sensitivity-labels-office-apps.md#sharing-encrypted-documents-with-external-users).
compliance Sensitivity Labels Teams Groups Sites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-teams-groups-sites.md
After you enable and configure sensitivity labels for containers, users can addi
![A sensitivity label when creating a team site from SharePoint.](../media/sensitivity-labels-new-team-site.png) > [!NOTE]
-> Sensitivity labels for containers support [Teams shared channels](/MicrosoftTeams/shared-channels), currently in preview. If a team has any shared channels, they automatically inherit sensitivity label settings from their parent team, and that label can't be removed or replaced with a different label.
+> Sensitivity labels for containers support [Teams shared channels](/MicrosoftTeams/shared-channels). If a team has any shared channels, they automatically inherit sensitivity label settings from their parent team, and that label can't be removed or replaced with a different label.
## How to enable sensitivity labels for containers and synchronize labels
compliance Set Up New Message Encryption Capabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-new-message-encryption-capabilities.md
For instructions, see [How to activate or confirm the status of the protection s
This is an optional step. Allowing Microsoft to manage the root key for Azure Information Protection is the default setting and recommended best practice for most organizations. If this is the case, you don't need to do anything.
-There are many reasons, for example compliance requirements, that may necessitate you generating and managing your own root key (also known as bring your own key (BYOK)). If this is the case, we recommend that you complete the required steps before setting up Microsoft Purview Message Encryption. See [Planning and implementing your Azure Information Protection tenant key](/information-protection/plan-design/plan-implement-tenant-key) for more.
+There are many reasons, for example compliance requirements, that may necessitate you generating and managing your own root key, also known as "bring your own key" (BYOK). If this is the case, we recommend that you complete the required steps before setting up Microsoft Purview Message Encryption. See [Planning and implementing your Azure Information Protection tenant key](/information-protection/plan-design/plan-implement-tenant-key) for more.
## Verify Microsoft Purview Message Encryption configuration in Exchange Online PowerShell
You can verify that your Microsoft 365 tenant is properly configured to use Micr
2. Run the Get-IRMConfiguration cmdlet.
- You should see a value of $True for the AzureRMSLicensingEnabled parameter, which indicates that Microsoft Purview Message Encryption is configured in your tenant. If it is not, use Set-IRMConfiguration to set the value of AzureRMSLicensingEnabled to $True to enable Microsoft Purview Message Encryption.
+ You should see a value of `$True` for the AzureRMSLicensingEnabled parameter, which indicates that Microsoft Purview Message Encryption is configured in your tenant. If it is not, use Set-IRMConfiguration to set the value of AzureRMSLicensingEnabled to `$True` to enable Microsoft Purview Message Encryption.
3. Run the Test-IRMConfiguration cmdlet using the following syntax:
compliance Sit Defn Aba Routing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-aba-routing.md
+
+ Title: "ABA routing number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "ABA routing number sensitive information type entity definition."
++
+# ABA routing number
+
+## Format
+
+nine digits that may be in a formatted or unformatted pattern
+
+## Pattern
+
+- two digits in the ranges 00-12, 21-32, 61-72, or 80
+- two digits
+- an optional hyphen
+- four digits
+- an optional hyphen
+- a digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_aba_routing finds content that matches the pattern.
+- A keyword from Keyword_ABA_Routing is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_aba_routing finds content that matches the pattern.
+
+```xml
+ <!-- ABA Routing Number -->
+ <Entity id="cb353f78-2b72-4c3c-8827-92ebe4f69fdf" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_aba_routing" />
+ <Match idRef="Keyword_ABA_Routing" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_aba_routing" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_aba_routing
+
+- aba number
+- aba#
+- aba
+- abarouting#
+- abaroutingnumber
+- americanbankassociationrouting#
+- americanbankassociationroutingnumber
+- bankrouting#
+- bankroutingnumber
+- routing #
+- routing no
+- routing number
+- routing transit number
+- routing#
+- RTN
compliance Sit Defn All Full Names https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-all-full-names.md
+
+ Title: "All full names entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "All full names sensitive information type entity definition."
++
+# All full names
+
+All full names is a bundled named entity. It detects full names for people from all supported countries/regions, which include Australia, China, Japan, U.S., and countries in the EU. Use this SIT to detect all possible matches of full names.
+
+## Format
+
+Various.
+
+## Pattern
+
+Various.
+
+## Checksum
+
+No.
+
+## Description
+
+This named entity SIT matches personal names that a human would identify as a name with high confidence. For example, if a string is found consisting of a given name and is followed by a family name then a match is made with high confidence. It uses three primary resources:
+
+- A dictionary of given names.
+- A dictionary of family names.
+- Patterns of how names are formed.
+
+The three resources are different for each country. The strings *Olivia Wilson* would trigger a match. Common given/family names are given a higher confidence than rarer names. However, the pattern also allows partial matches. If a given name from the dictionary is found and it's followed by a family name that isn't in the dictionary, then a partial match is triggered. For example, *Tomas Richard* would trigger a partial match. Partial matches are given lower confidence.
+
+In addition, patterns that a human would see as indicative of names are also matched with appropriate confidence. Like *O. Wilson*, *O.P. Wilson*, *Dr. O. P. Wilson*, *Wilson, O.P.* or *T. Richard, Jr.* would be matches.
+
+## Supported languages
+
+- English
+- Bulgarian
+- Croatian
+- Czech
+- Danish
+- Estonian
+- Finnish
+- French
+- German
+- Hungarian
+- Icelandic
+- Irish
+- Italian
+- Japanese
+- Latvian
+- Lithuanian
+- Maltese
+- Dutch
+- Norwegian
+- Polish
+- Portuguese
+- Romanian
+- Slovak
+- Slovenian
+- Spanish
+- Swedish
+- Turkish
compliance Sit Defn All Medical Terms Conditions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-all-medical-terms-conditions.md
+
+ Title: "All medical terms and conditions entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "All medical terms and conditions sensitive information type entity definition."
++
+# All medical terms and conditions
+
+All medical terms and conditions is a bundled named entity that detects medical terms and medical conditions. It detects English terms only. Use this SIT to detect all possible matches of medical terms and conditions.
+
+## Format
+
+Dictionary
+
+## Pattern
+
+Dictionary
+
+## Checksum
+
+No
+
+## Description
+
+This bundled named entity matches text that mentions medical conditions that are present in curated dictionaries. There's one curated dictionary per supported language. The dictionaries are from many international medical resources. The dictionaries include as many medical conditions as possible without risking a large number of false positives. Each entry contains the different forms that a single condition is commonly written in to ensure coverage, for example:
+
+- *TB*
+- *tuberculosis*
+- *phthisis pulmonalis*
+
+## Contains
+
+This bundled named entity SIT contains these individual SITs.
+
+- Blood test terms
+- Types of medication
+- Diseases
+- Generic medication names
+- Impairments listed in the U.S. Disability Evaluation Under Social Security
+- Lab test terms
+- Lifestyles that relate to medical conditions
+- Medical specialties
+- Surgical procedures
+- Brand medication names
+
compliance Sit Defn All Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-all-physical-addresses.md
+
+ Title: "All Physical Addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "All Physical Addresses sensitive information type entity definition."
++
+# All Physical Addresses
+
+All physical addresses is a bundled entity SIT, which detects patterns related to physical addresses from all supported countries/regions.
+
+## Format
+
+Various
+
+## Pattern
+
+Various
+
+## Checksum
+
+No
+
+## Description
+
+The matching of street addresses is designed to match strings that a human would identify as a street address. To do this, it uses several primary resources:
+
+- A dictionary of settlements, counties and regions.
+- A dictionary of street suffixes, like Road, Street, or Avenue.
+- Patterns of postal codes.
+- Patterns of address formats.
+
+The resources are different for each country. The primary resources are the patterns of address formats that are used in a given country. Different formats are chosen to make sure that as many addresses as possible are matched. These formats allow flexibility, for example, an address may omit the postal code or omit a town name or have a street with no street suffix. In all cases, such matches are used to increase the confidence of the match.
+
+The patterns are designed to match individual single addresses, not generic locations. So strings such as *Redmond, WA 98052* or *Main Street, Albuquerque* won't be matched.
+
+## Contains
+
+This bundled named entity SIT contains these individual SITs:
+
+- Australia physical addresses
+- Austria physical addresses
+- Belgium physical addresses
+- Brazil physical addresses
+- Bulgaria physical addresses
+- Canada physical addresses
+- Croatia physical addresses
+- Cyprus physical addresses
+- Czech Republic physical addresses
+- Denmark physical addresses
+- Estonia physical addresses
+- Finland physical addresses
+- France physical addresses
+- Germany physical addresses
+- Greece physical addresses
+- Hungary physical addresses
+- Iceland physical addresses
+- Ireland physical addresses
+- Italy physical addresses
+- Latvia physical addresses
+- Liechtenstein physical addresses
+- Lithuania physical addresses
+- Luxembourg physical addresses
+- Malta physical addresses
+- Netherlands physical addresses
+- New Zealand physical addresses
+- Norway physical addresses
+- Poland physical addresses
+- Portugal physical addresses
+- Romania physical addresses
+- Slovakia physical addresses
+- Slovenia physical addresses
+- Spain physical addresses
+- Sweden physical addresses
+- Switzerland physical addresses
+- Turkey physical addresses
+- United Kingdom physical addresses
+- United States physical addresses
+
+## Supported languages
+
+- English
+- Bulgarian
+- Chinese
+- Croatian
+- Czech
+- Danish
+- Estonian
+- Finnish
+- French
+- German
+- Hungarian
+- Icelandic
+- Irish
+- Italian
+- Japanese
+- Latvian
+- Lithuanian
+- Maltese
+- Dutch
+- Norwegian
+- Polish
+- Portuguese
+- Romanian
+- Slovak
+- Slovenian
+- Spanish
+- Swedish
+- Turkish
compliance Sit Defn Amazon S3 Client Secret Access Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-amazon-s3-client-secret-access-key.md
+
+ Title: "Amazon S3 client secret access key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Amazon S3 client secret access key sensitive information type entity definition."
++
+# Amazon S3 client secret access key (preview)
+
+## Format
+
+A combination of 40 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+13-digit number:
+
+A combination of 40 characters consisting of:
+
+- a-z (case insensitive)
+- 0-9
+- forward slash (/) or plus sign (+)
+
+for example:
+
+`abcdefghijklmnopqrst0123456789/+ABCDEFGH`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to access [Amazon Web Services.](/toolkit-for-eclipse/v1/user-guide/setup-credentials.html)
++
+It uses several primary resources:
+
+- Patterns of Base64 encoded 240-bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary words.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey240:
+
+- secret
+- key
compliance Sit Defn Argentina National Identity Numbers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-argentina-national-identity-numbers.md
+
+ Title: "Argentina national identity (DNI) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Argentina national identity (DNI) number sensitive information type entity definition."
++
+# Argentina national identity (DNI) number
+
+## Format
+
+Eight digits with or without periods
+
+## Pattern
+
+Eight digits:
+
+- two digits
+- an optional period
+- three digits
+- an optional period
+- three digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression Regex_argentina_national_id finds content that matches the pattern.
+- A keyword from Keyword_argentina_national_id is found.
+
+```xml
+<!-- Argentina National Identity (DNI) Number -->
+<Entity id="eefbb00e-8282-433c-8620-8f1da3bffdb2" recommendedConfidence="75" patternsProximity="300">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_argentina_national_id"/>
+ <Match idRef="Keyword_argentina_national_id"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_argentina_national_id
+
+- Argentina National Identity number
+- cedula
+- cédula
+- dni
+- documento nacional de identidad
+- documento n├║mero
+- documento numero
+- registro nacional de las personas
+- rnp
compliance Sit Defn Argentina Unique Tax Identification Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-argentina-unique-tax-identification-key.md
+
+ Title: "Argentina Unique Tax Identification Key (CUIT/CUIL) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Argentina Unique Tax Identification Key (CUIT/CUIL) sensitive information type entity definition."
++
+# Argentina Unique Tax Identification Key (CUIT/CUIL)
+
+## Format
+
+11 digits with dash
+
+## Pattern
+
+11 digits with a dash:
+
+- two digits in 20, 23, 24, 27, 30, 33 or 34
+- a hyphen (-)
+- eight digits
+- a hyphen (-)
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_Argentina_Unique_Tax_Key` finds content that matches the pattern.
+- A keyword from `Keyword_Argentina_Unique_Tax_Key` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_Argentina_Unique_Tax_Key` finds content that matches the pattern.
+
+```xml
+ <!-- Argentina Unique Tax Identification Key (CUIT/CUIL) -->
+ <Entity id="98da3da1-9199-4571-b7c4-b6522980b507" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_Argentina_Unique_Tax_Key" />
+ <Match idRef="Keyword_Argentina_Unique_Tax_Key" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_Argentina_Unique_Tax_Key" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_Argentina_Unique_Tax_Key
+
+- Clave Unica de Identificacion Tributaria
+- CUIT
+- unique code of labour identification
+- Clave Única de Identificación Tributaria
+- unique labour identification code
+- CUIL
+- Unique Tax Identification Key
+- Unique Labour Identification Key
+- Unique Key of Labour Identification
+- Unique Work Identification Code
+- Unique Code of Work Identification
+- Unique Work Identification Key
+- Unique Key of Work Identification
+- Unique Code of Tax Identification
+- Unique Key of Tax Identification
+- Unique Labor Identification Code
+- Unique Code of Labor Identification
+- Unique Labor Identification Key
+- Unique Key of Labor Identification
+- tax ID
+- taxID#
+- taxId
+- taxidnumber
+- tax number
+- tax no
+- tax #
+- tax#
+- taxpayer ID
+- taxpayer number
+- taxpayer no
+- taxpayer #
+- taxpayer#
+- tax identity
+- tax identification
+- N├║mero de Identificaci├│n Fiscal
+- n├║mero de contribuyente
compliance Sit Defn Asp Net Machine Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-asp-net-machine-key.md
+
+ Title: "ASP.NET machine key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "ASP.NET machine key sensitive information type entity definition."
++
+# ASP.NET machine key (preview)
+
+## Format
+
+Symmetric keys in XML configuration.
+
+## Pattern
+
+Various symmetric key formats in XML, for example:
+
+```xml
+<machineKey decryptionKey="******** </br>
+<machineKey validationKey="********
+```
+## Checksum
+
+No
+
+## Definition
++
+This SIT is designed to match the security information that's used to encrypt or hash data in [ASP.NET](/dotnet/api/system.web.security.machinekey?view=netframework-4.8) forms authentication and view state.
+
+It uses several primary resources:
+
+- Patterns of Symmetric key context in xml files.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
++
+## Keywords
+
+### Keyword_SymmetricKeyContextInXml:
+
+- password
+- key
+- connectionstring
+
compliance Sit Defn Australia Bank Account Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-australia-bank-account-number.md
+
+ Title: "Australia bank account number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Australia bank account number sensitive information type entity definition."
++
+# Australia bank account number
+
+## Format
+
+six to 10 digits with or without a bank state branch number
+
+## Pattern
+
+Account number is 6 to 10 digits.
+
+Australia bank state branch number:
+
+- three digits
+- a hyphen
+- three digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression Regex_australia_bank_account_number finds content that matches the pattern.
+- A keyword from Keyword_australia_bank_account_number is found.
+- The regular expression Regex_australia_bank_account_number_bsb finds content that matches the pattern.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression Regex_australia_bank_account_number finds content that matches the pattern.
+
+- A keyword from Keyword_australia_bank_account_number is found.
+
+```xml
+<!-- Australia Bank Account Number -->
+<Entity id="74a54de9-2a30-4aa0-a8aa-3d9327fc07c7" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_australia_bank_account_number" />
+ <Match idRef="Keyword_australia_bank_account_number" />
+ <Match idRef="Regex_australia_bank_account_number_bsb" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_australia_bank_account_number" />
+ <Match idRef="Keyword_australia_bank_account_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_australia_bank_account_number
+
+- swift bank code
+- correspondent bank
+- base currency
+- usa account
+- holder address
+- bank address
+- information account
+- fund transfers
+- bank charges
+- bank details
+- banking information
+- full names
+- iaea
compliance Sit Defn Australia Business Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-australia-business-number.md
+
+ Title: "Australia business number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Australia business number sensitive information type entity definition."
++
+# Australia business number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+11 digits with optional delimiters
+
+## Pattern
+
+11 digits with optional delimiters:
+
+- two digits
+- an optional hyphen or space
+- three digits
+- an optional hyphen or space
+- three digits
+- an optional hyphen or space
+- three digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_australian_business_number finds content that matches the pattern.
+- A keyword from Keywords_australian_business_number is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_australian_business_number finds content that matches the pattern.
+
+```xml
+ <!-- Australia Business Number -->
+ <Entity id="76e83b3b-01ee-4530-aced-e667a6609f49" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_australian_business_number" />
+ <Match idRef="Keywords_australian_business_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_australian_business_number" />
+ </Pattern>
+ </Entity>
+```
+## Keywords
+
+### Keyword_australia_business_number
+
+- australia business no
+- business number
+- abn#
+- businessid#
+- business ID
+- abn
+- businessno#
compliance Sit Defn Australia Company Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-australia-company-number.md
+
+ Title: "Australia company number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Australia company number sensitive information type entity definition."
++
+# Australia company number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+nine digits with delimiters
+
+## Pattern
+
+nine digits with delimiters:
+
+- three digits
+- a space
+- three digits
+- a space
+- three digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_Australian_Company_Number finds content that matches the pattern.
+- A keyword from Keyword_Australian_Company_Number is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_Australian_Company_Number finds content that matches the pattern.
+
+```xml
+ <!-- Australia Company Number -->
+ <Entity id="b1fba4f7-7b3e-4bb9-8f9a-9366df604dbb" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_Australian_Company_Number" />
+ <Match idRef="Keyword_Australian_Company_Number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_Australian_Company_Number" />
+ </Pattern>
+ </Entity>
+```
+## Keywords
+
+### Keyword_australia_company_number
+
+- acn
+- australia company no
+- australia company no#
+- australia company number
+- australian company no
+- australian company no#
+- australian company number
compliance Sit Defn Australia Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-australia-drivers-license-number.md
+
+ Title: "Australia drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Australia driver's license number sensitive information type entity definition."
++
+# Australia drivers license number
+
+## Format
+
+nine letters and digits
+
+## Pattern
+
+nine letters and digits:
+
+- two digits or letters (not case-sensitive)
+- two digits
+- five digits or letters (not case-sensitive)
+
+OR
+
+- one to two optional letters (not case-sensitive)
+- four to nine digits
+
+OR
+
+- nine digits or letters (not case-sensitive)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression Regex_australia_drivers_license_number finds content that matches the pattern.
+- A keyword from Keyword_australia_drivers_license_number is found.
+- No keyword from Keyword_australia_drivers_license_number_exclusions is found.
+
+```xml
+<!-- Australia Drivers License Number -->
+<Entity id="1cbbc8f5-9216-4392-9eb5-5ac2298d1356" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_australia_drivers_license_number" />
+ <Match idRef="Keyword_australia_drivers_license_number" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keyword_australia_drivers_license_number_exclusions" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_australia_drivers_license_number
+
+- international driving permits
+- australian automobile association
+- international driving permit
+- DriverLicence
+- DriverLicences
+- Driver Lic
+- Driver Licence
+- Driver Licences
+- DriversLic
+- DriversLicence
+- DriversLicences
+- Drivers Lic
+- Drivers Lics
+- Drivers Licence
+- Drivers Licences
+- Driver'Lic
+- Driver'Lics
+- Driver'Licence
+- Driver'Licences
+- Driver' Lic
+- Driver' Lics
+- Driver' Licence
+- Driver' Licences
+- Driver'sLic
+- Driver'sLics
+- Driver'sLicence
+- Driver'sLicences
+- Driver's Lic
+- Driver's Lics
+- Driver's Licence
+- Driver's Licences
+- DriverLic#
+- DriverLics#
+- DriverLicence#
+- DriverLicences#
+- Driver Lic#
+- Driver Lics#
+- Driver Licence#
+- Driver Licences#
+- DriversLic#
+- DriversLics#
+- DriversLicence#
+- DriversLicences#
+- Drivers Lic#
+- Drivers Lics#
+- Drivers Licence#
+- Drivers Licences#
+- Driver'Lic#
+- Driver'Lics#
+- Driver'Licence#
+- Driver'Licences#
+- Driver' Lic#
+- Driver' Lics#
+- Driver' Licence#
+- Driver' Licences#
+- Driver'sLic#
+- Driver'sLics#
+- Driver'sLicence#
+- Driver'sLicences#
+- Driver's Lic#
+- Driver's Lics#
+- Driver's Licence#
+- Driver's Licences#
+
+### Keyword_australia_drivers_license_number_exclusions
+
+- aaa
+- DriverLicense
+- DriverLicenses
+- Driver License
+- Driver Licenses
+- DriversLicense
+- DriversLicenses
+- Drivers License
+- Drivers Licenses
+- Driver'License
+- Driver'Licenses
+- Driver' License
+- Driver' Licenses
+- Driver'sLicense
+- Driver'sLicenses
+- Driver's License
+- Driver's Licenses
+- DriverLicense#
+- DriverLicenses#
+- Driver License#
+- Driver Licenses#
+- DriversLicense#
+- DriversLicenses#
+- Drivers License#
+- Drivers Licenses#
+- Driver'License#
+- Driver'Licenses#
+- Driver' License#
+- Driver' Licenses#
+- Driver'sLicense#
+- Driver'sLicenses#
+- Driver's License#
+- Driver's Licenses#
compliance Sit Defn Australia Medical Account Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-australia-medical-account-number.md
+
+ Title: "Australia medical account number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Australia medical account number sensitive information type entity definition."
++
+# Australia medical account number
+
+## Format
+
+10-11 digits
+
+## Pattern
+
+10-11 digits:
+
+- First digit is in the range 2-6
+- Ninth digit is a check digit
+- Tenth digit is the issue digit
+- 11th digit (optional) is the individual number
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_australian_medical_account_number finds content that matches the pattern.
+- A keyword from Keyword_Australia_Medical_Account_Number is found.
+- The checksum passes.
+
+```xml
+ <!-- Australia Medical Account Number -->
+<Entity id="104a99a0-3d3b-4542-a40d-ab0b9e1efe63" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_australian_medical_account_number"/>
+ <Match idRef="Keyword_Australia_Medical_Account_Number"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_Australia_Medical_Account_Number
+
+- bank account details
+- medicare payments
+- mortgage account
+- bank payments
+- information branch
+- credit card loan
+- department of human services
+- local service
+- medicare
compliance Sit Defn Australia Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-australia-passport-number.md
+
+ Title: "Australia passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Australia passport number sensitive information type entity definition."
++
+# Australia passport number
+
+## Format
+
+eight or nine alphanumeric characters
+
+## Pattern
+
+- one letter (N, E, D, F, A, C, U, X) followed by seven digits
+or
+- Two letters (PA, PB, PC, PD, PE, PF, PU, PW, PX, PZ) followed by seven digits.
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_australia_passport_number` finds content that matches the pattern.
+- A keyword from `Keyword_australia_passport_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_australia_passport_number` finds content that matches the pattern.
+
+```xml
+ <!-- Australia Passport Number -->
+ <Entity id="29869db6-602d-4853-ab93-3484f905df50" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_australia_passport_number" />
+ <Match idRef="Keyword_australia_passport_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Regex_australia_passport_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_australia_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+- passport details
+- immigration and citizenship
+- commonwealth of australia
+- department of immigration
+- national identity card
+- travel document
+- issuing authority
compliance Sit Defn Australia Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-australia-physical-addresses.md
+
+ Title: "Australia physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Australia physical addresses sensitive information type entity definition."
++
+# Australia physical addresses
+
+Unbundled named entity, detects patterns related to physical address from Australia. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+medium
+
compliance Sit Defn Australia Tax File Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-australia-tax-file-number.md
+
+ Title: "Australia tax file number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Australia tax file number sensitive information type entity definition."
++
+# Australia tax file number
+
+## Format
+
+eight to nine digits
+
+## Pattern
+
+eight to nine digits typically presented with spaces as follows:
+
+- three digits
+- an optional space
+- three digits
+- an optional space
+- two to three digits where the last digit is a check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_australian_tax_file_number finds content that matches the pattern.
+- No keyword from Keyword_Australia_Tax_File_Number or Keyword_number_exclusions is found.
+- The checksum passes.
+
+```xml
+ <!-- Australia Tax File Number -->
+ <Entity id="e29bc95f-ff70-4a37-aa01-04d17360a4c5" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_australian_tax_file_number" />
+ <Match idRef="Keyword_Australia_Tax_File_Number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_australia_tax_file_number
+
+- australian business number
+- marginal tax rate
+- medicare levy
+- portfolio number
+- service veterans
+- withholding tax
+- individual tax return
+- tax file number
+- tfn
compliance Sit Defn Austria Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-austria-drivers-license-number.md
+
+ Title: "Austria drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Austria drivers license number sensitive information type entity definition."
++
+# Austria drivers license number
+
+## Format
+
+eight digits without spaces and delimiters
+
+## Pattern
+
+eight digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_austria_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_austria_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Austria Driver's License Number -->
+ <Entity id="682f18ce-44eb-482b-8198-2bcb96a0761e" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_austria_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_austria_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_austria_eu_driver's_license_number
+
+- fuhrerschein
+- f├╝hrerschein
+- F├╝hrerscheine
+- F├╝hrerscheinnummer
+- F├╝hrerscheinnummern
+
compliance Sit Defn Austria Identity Card https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-austria-identity-card.md
+
+ Title: "Austria identity card entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Austria identity card sensitive information type entity definition."
++
+# Austria identity card
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+A 24-character combination of letters, digits, and special characters
+
+## Pattern
+
+24 characters:
+
+- 22 letters (not case-sensitive), digits, backslashes, forward slashes, or plus signs
+
+- two letters (not case-sensitive), digits, backslashes, forward slashes, plus signs, or equal signs
+
+## Checksum
+
+Not applicable
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_austria_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_austria_eu_national_id_card` is found.
+
+```xml
+ <!-- Austria Identity Card -->
+ <Entity id="5ec06c3b-007e-4820-8343-7ff73b889735" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_austria_eu_national_id_card" />
+ <Match idRef="Keywords_austria_eu_national_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_austria_eu_national_id_card
+
+- identity number
+- national id
+- personalausweis republik ├╢sterreich
compliance Sit Defn Austria Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-austria-passport-number.md
+
+ Title: "Austria passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Austria passport number sensitive information type entity definition."
++
+# Austria passport number
+
+## Format
+
+One letter followed by an optional space and seven digits
+
+## Pattern
+
+A combination of one letter, seven digits, and one space:
+
+- one letter (not case-sensitive)
+- one space (optional)
+- seven digits
+
+## Checksum
+
+not applicable
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_austria_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_austria_eu_passport_number` is found.
+
+```xml
+ <!-- Austria Passport Number -->
+ <Entity id="1c96ae4e-303b-447d-86c7-77113ac266bf" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_austria_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_austria_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_austria_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_austria_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_austria_eu_passport_number
+
+- reisepassnummer
+- reisepasse
+- No-Reisepass
+- Nr-Reisepass
+- Reisepass-Nr
+- Passnummer
+- reisepässe
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Austria Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-austria-physical-addresses.md
+
+ Title: "Austria physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Austria physical addresses sensitive information type entity definition."
++
+# Austria physical addresses
+
+This unbundled named entity detects patterns related to physical address from Austria. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Austria Social Security Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-austria-social-security-number.md
+
+ Title: "Austria social security number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Austria social security number sensitive information type entity definition."
++
+# Austria social security number
+
+## Format
+
+10 digits in the specified format
+
+## Pattern
+
+10 digits:
+
+- three digits that correspond to a serial number
+- one check digit
+- six digits that correspond to the birth date (DDMMYY)
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.
+- a keyword from `Keywords_austria_eu_ssn_or_equivalent` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_austria_eu_ssn_or_equivalent` finds content that matches the pattern.
+
+```xml
+ <!-- Austria Social Security Number -->
+ <Entity id="6896a906-86c9-4d19-a2da-6e43ccd19b7b" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_austria_eu_ssn_or_equivalent" />
+ <Match idRef="Keywords_austria_eu_ssn_or_equivalent" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_austria_eu_ssn_or_equivalent" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_austria_eu_telephone_number" />
+ <Match idRef="Keywords_austria_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_austria_eu_ssn_or_equivalent
+
+- austrian ssn
+- ehic number
+- ehic no
+- insurance code
+- insurancecode#
+- insurance number
+- insurance no
+- krankenkassennummer
+- krankenversicherung
+- socialsecurityno
+- socialsecurityno#
+- social security no
+- social security number
+- social security code
+- sozialversicherungsnummer
+- sozialversicherungsnummer#
+- soziale sicherheit kein
+- sozialesicherheitkein#
+- ssn#
+- ssn
+- versicherungscode
+- versicherungsnummer
+- zdravstveno zavarovanje
compliance Sit Defn Austria Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-austria-tax-identification-number.md
+
+ Title: "Austria tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Austria tax identification number sensitive information type entity definition."
++
+# Austria tax identification number
+
+## Format
+
+nine digits with optional hyphen and forward slash
+
+## Pattern
+
+nine digits with optional hyphen and forward slash:
+
+- two digits
+- a hyphen (optional)
+- three digits
+- a forward slash (optional)
+- four digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_austria_eu_tax_file_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_austria_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- Austria Tax Identification Number -->
+ <Entity id="4fd58d22-af28-4451-b18a-6f722430a56d" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_austria_eu_tax_file_number" />
+ <Match idRef="Keywords_austria_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_austria_eu_tax_file_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_austria_eu_tax_file_number
+
+- ├╢sterreich
+- st.nr.
+- steuernummer
+- tax ID
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin ID
+- tin no
+- tin#
+- tax number
compliance Sit Defn Austria Value Added Tax https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-austria-value-added-tax.md
+
+ Title: "Austria value added tax entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Austria value added tax sensitive information type entity definition."
++
+# Austria value added tax
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+11-character alphanumeric pattern
+
+## Pattern
+
+11-character alphanumeric pattern:
+
+- A or a
+- T or t
+- Optional space
+- U or u
+- optional space
+- two or three digits
+- optional space
+- four digits
+- optional space
+- one or two digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_Austria_Value_Added_Tax finds content that matches the pattern.
+- A keyword from Keyword_Austria_Value_Added_Tax is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_Austria_Value_Added_Tax finds content that matches the pattern.
+
+```xml
+ <!-- Austria Value Added Tax -->
+ <Entity id="b6a3eda2-c56c-4b69-a5f7-dca34db00f48" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_Austria_Value_Added_Tax" />
+ <Match idRef="Keyword_Austria_Value_Added_Tax" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_Austria_Value_Added_Tax" />
+ </Pattern>
+ </Entity>
+```
+## Keywords
+
+### Keyword_austria_value_added_tax
+
+- vat number
+- vat#
+- austrian vat number
+- vat no.
+- vatno#
+- value added tax number
+- austrian vat
+- mwst
+- umsatzsteuernummer
+- mwstnummer
+- ust.-identifikationsnummer
+- umsatzsteuer-identifikationsnummer
+- vat identification number
+- atu number
+- uid number
compliance Sit Defn Azure Ad Client Access Token https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-ad-client-access-token.md
+
+ Title: "Azure AD client access token entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure AD client access token sensitive information type entity definition."
++
+# Azure AD client access token (preview)
+
+## Format
+
+A combination of up to 10,000 characters consisting of letters, digits, and special characters.
+
+or
+
+A client secret or refresh token used in OAuth2.0 protocol.
+
+or
+
+A combination of up to 1,000 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of:
+
+- up to 10,000
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- Up to 2
+- equal signs (=)
+
+for example:
+
+`"VersionProfile": null, "TokenCache": { "CacheData":
+"AgAAAAIAAACZAWh0dHBzOi8vbG9naW4ubWljcm9zb2`
+
+or
+
+Variant client secret or refresh token formats e.g. <br>
+`ClientSecret:********` <br>
+`AppSecret=********` <br>
+`ConsumerKey:=********` <br>
+`Refresh_Token:********` <br>
+
+or
+
+3 letters: eyJ (case-sensitive)
+
+And
+
+A combination of up to 1,000 characters consisting
+
+- a-z (not case-sensitive)
+- 0-9
+- dashes (-)
+- underlines (_)
+- or dots (.)
+
+for example:
+
+`eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ing0Nzh4eU9wbHNNMUg3TlhrN1N4MTd4MXVwYyIsImtpZCI6Ing0Nzh4`
+++
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information that's contains claims that one can use in [Azure Active Directory B2C](/azure/active-directory-b2c/active-directory-b2c-access-tokens) (Azure AD B2C) to identify the granted permissions to Azure resources.
+
+It uses several primary resources:
+
+- Patterns of Azure PowerShell Token Cache
+- Patterns of Client secret context
+- Patterns of Json Web Token
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName
+- Patterns of mockup values, redactions, and placeholders
+- A dictionary of vocabulary
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+++
+## Keywords
+
+### Keyword_SymmetricKeyContextInXml:
+
+- tokencache
+
+### Keyword_ClientSecretContext:
+
+- secret
+- token
+- auth
+- securestring
+- key
+
+### Keyword_JsonWebToken:
+
+- eyJ
+
compliance Sit Defn Azure Ad Client Secret https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-ad-client-secret.md
+
+ Title: "Azure AD client secret entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure AD client secret sensitive information type entity definition."
++
+# Azure AD client secret (preview)
+
+## Format
+
+A combination of up to 40 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+A combination of up to 40 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- dashes (-)
+- underlines (_)
+- dots (.)
+- or tilde accents (~)
+
+for example:
+
+`abc7Q~defghijklmnopqrs0t123456789-_.~`
+
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information that's used to secure [Azure Active Directory service principals](/azure/active-directory/fundamentals/service-accounts-principal).
+
+It uses several primary resources:
+
+- Patterns of Client Secret with specific format.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_AppSecret:
+
+- secret
+- assword
+- key
+
compliance Sit Defn Azure Ad User Credentials https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-ad-user-credentials.md
+
+ Title: "Azure AD user credentials entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure AD user credentials sensitive information type entity definition."
++
+# Azure AD user credentials (preview)
+
+## Format
+
+A paired username and password related to *.onmicrosoft.com domain.
+
+or
+
+Plain-text password used in code snippets.
+
+or
+
+Plain-text password used in XML configuration.
+
+## Pattern
+
+Various username and password formats, for example:
+
+`username=...password=********` <br>
+`/user:.../pass:********` <br>
+`SharePointOnlineAuthenticatedContext` <br>
+`sign_in`<br>
++
+or
+
+Various password formats in code snippets, for example:
+
+`new X509Certificates2( ...` <br>
+`ConvertTo-SecureString -String ********...`<br>
+`password = "********"...` <br>
+`"password" : "********"...` <br>
+`UserPasswordCredential( ...` <br>
+
+or
+
+Various password formats in XML, for example:
++
+```xml
+... <secret>********</secret> ...
+... <password>********</password> ...
+... <setting name="password" value="********" > ...
+... <setting name="password">********</setting> ...
+... <setting name="password"><value>********</value></setting> ...
+```
++
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used as individual user passwords to authenticate against [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-reset-password-azure-portal).
+
+It uses several primary resources:
+
+- Patterns of Plain-text username and password for Azure AD tenant.
+- Patterns of Password context in code.
+- Patterns of Password context in XML.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
++
+## Keywords
+
+### Keyword_AzureActiveDirectoryLoginCredentials:
+
+- password
+- pw
+- userpass
+- credentials
+- cmdkey
+- Authenti
+- sign_in
+
+### Keyword_PasswordContextInCode:
+
+- key
+- x509c
+- credential
+- password
+- pw
+- securestring
+
+### Keyword_PasswordContextInXml:
+
+- userpass
+- password
+- pw
+- connectionstring
+- key
+- credential
+- token
+- sas
+- secret
+
compliance Sit Defn Azure App Service Deployment Password https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-app-service-deployment-password.md
+
+ Title: "Azure App Service Deployment Password entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure App Service Deployment Password sensitive information type entity definition."
++
+# Azure App Service deployment password (preview)
+
+## Format
+
+A combination of 60 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of 60 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEFGHIJKLMNOPQRSTUV`
+++
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to secure [Azure App Service deployment](/azure/app-service/deploy-configure-credentials) from a local computer.
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 360 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey360:
+
+- password
+- pw
compliance Sit Defn Azure Batch Shared Access Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-batch-shared-access-key.md
+
+ Title: "Azure Batch Shared Access Key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Batch Shared Access Key sensitive information type entity definition."
++
+# Azure Batch Shared Access Key (preview)
+
+## Format
+
+A combination of 43 characters consisting of letters, digits, and special characters ending in an equals (=) sign that is not part of the pattern.
+
+## Pattern
+
+A combination of 43 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to access [Azure Batch accounts.](/azure/batch/security-best-practices)
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
++
+## Keywords
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
+
compliance Sit Defn Azure Bot Framework Secret Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-bot-framework-secret-key.md
+
+ Title: "Azure Bot Framework secret key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Bot Framework secret key sensitive information type entity definition."
++
+# Azure Bot Framework secret key (preview)
+
+## Format
+
+A combination of 55 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of 63 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+A combination of 55 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- underlines (_)
+- or dots (.)
++
+`abcdefghijklmnopqrstuvwxyz.0123456789_ABCDEabcdefghijkl`
+
+or for the 63 characters
+
+A combination of 11 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- dashes (-)
+- or underlines (_)
+- a dot
+
+A combination of 3 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- dashes (-)
+- or underlines (_)
+- a dot
+
+A combination of 3 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- dashes (-)
+- or underlines (_)
+- a dot
+
+A combination of 43 characters
+
+- a-z (not case-sensitive)
+- 0-9
+- dashes (-)
+- or underlines (_)
+
+for example:
+
+`abcdefghijk.lmn.opq.rstuvwxyz0123456789-_ABCDEFGHIJKLMNOPQRSTUV`
++
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to connect to [WebChat channels from Azure Bot services.](/azure/bot-service/bot-service-channel-connect-webchat?view=azure-bot-service-4.0)
+
+It uses several primary resources:
+
+- Patterns of Base64 URL encoded 328 bits symmetric key.
+- Patterns of Base64 URL encoded 360 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey328Url:
+
+- botframework
+- key
+
+### Keyword_SymmetricKey360Url:
+
+- botframework
+- key
compliance Sit Defn Azure Bot Service App Secret https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-bot-service-app-secret.md
+
+ Title: "Azure Bot service app secret entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Bot service app secret sensitive information type entity definition."
++
+# Azure Bot service app secret (preview)
+
+## Format
+
+A combination of up to 40 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+A combination of up to 40 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- dashes (-)
+- underlines (_)
+- dots (.)
+- or tilde accents (~)
+
+for example:
+
+`abc7Q~defghijklmnopqrs0t123456789-_.~`
+
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information that's used to establish secure communication between an [Azure Bot, WebChat channels and client applications](/azure/bot-service/bot-builder-concept-authentication-types?view=azure-bot-service-4.0).
+
+It uses several primary resources:
+
+- Patterns of Client Secret with specific format.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
++
+## Keywords
+
+### Keyword_AppSecret:
+
+- secret
+- password
+- key
compliance Sit Defn Azure Cognitive Search Api Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-cognitive-search-api-key.md
+
+ Title: "Azure Cognitive search API key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Cognitive search API key sensitive information type entity definition."
++
+# Azure Cognitive Search API key (preview)
+
+## Format
+
+A combination of 32 characters consisting of letters and digits.
+
+## Pattern
+
+A combination of 32 characters consisting of:
+
+- a-f or A-F (case-sensitive)
+- or 0-9
+
+for example:
+
+`abcdef0123456789abcdef0123456789`
++
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to authenticate inbound requests to [Azure Cognitive Search APIs.](/azure/search/search-security-api-keys)
+
+It uses several primary resources:
+
+Patterns of Hex encoded 128 bits symmetric key.
+Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+Patterns of mockup values, redactions, and placeholders.
+A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey128Hex:
+
+- dapi
+- key
+- secret
+- token
+- password
+- pw
compliance Sit Defn Azure Cognitive Service Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-cognitive-service-key.md
+
+ Title: "Azure Cognitive Service key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Cognitive Service key sensitive information type entity definition."
++
+# Azure Cognitive Service key (preview)
+
+## Format
+
+A combination of 32 characters consisting of letters and digits.
+
+## Pattern
+
+Any combination of 32 characters consisting of:
+
+- a-f or A-F (case-sensitive)
+- or 0-9
+
+for example:
+
+`abcdef0123456789abcdef0123456789`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to authenticate requests to [Azure Cognitive Services.](/azure/search/search-security-api-keys)
+
+It uses several primary resources:
+
+- Patterns of Hex encoded 128 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+Keywords
+
+## Keywords
+
+### Keyword_SymmetricKey128Hex:
+
+- dapi
+- key
+- secret
+- token
+- password
+- pw
compliance Sit Defn Azure Container Registry Access Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-container-registry-access-key.md
+
+ Title: "Azure Container Registry access key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Container Registry access key sensitive information type entity definition."
++
+# Azure Container Registry access key (preview)
+
+## Format
+
+A combination of 32 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+A combination of 32 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+
+for example:
+
+`abcdefghijklmnopqr0123456789/+AB`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to access [Azure Container Registry](/azure/container-registry/container-registry-authentication) services as an admin account.
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 192 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey192:
+
+- password
+- -p
+- azurecr
compliance Sit Defn Azure Cosmos Db Account Access Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-cosmos-db-account-access-key.md
+
+ Title: "Azure COSMOS DB account access key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure COSMOS DB account access key sensitive information type entity definition."
++
+# Azure COSMOS DB account access key (preview)
+
+## Format
+
+A combination of 88 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of 86 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- ends with two equal signs (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to provide access to administrative resources for [Azure COSMOS Database](/azure/cosmos-db/secure-access-to-data) accounts .
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 512 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey512:
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn Azure Databricks Personal Access Token https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-databricks-personal-access-token.md
+
+ Title: "Azure Databricks personal access token entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Databricks personal access token sensitive information type entity definition."
++
+# Azure Databricks personal access token (preview)
+
+## Format
+
+A combination of 32 characters consisting of letters and digits.
+
+## Pattern
+
+A combination of 32 characters consisting of:
+
+- a-f or A-F (case-sensitive)
+- or 0-9
+
+for example:
+
+`abcdef0123456789abcdef0123456789`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to authenticate to the [Azure Databricks REST API](/azure/databricks/administration-guide/access-control/tokens).
+
+It uses several primary resources:
+
+- Patterns of Hex encoded 128 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
++
+## Keywords
+
+### Keyword_SymmetricKey128Hex:
+
+dapi
+key
+secret
+token
+password
+pw
compliance Sit Defn Azure Devops App Secret https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-devops-app-secret.md
+
+ Title: "Azure DevOps app secret entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure DevOps app secret sensitive information type entity definition."
++
+# Azure DevOps app secret (preview)
+
+## Format
+
+A combination of 52 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of 52 characters consisting of:
+
+- a-z or A-Z (case-sensitive)
+- or 2-7
+
+for example:
+
+`ntpi2ch67ci2vjzcohglogyygwo5fuyl365n2zdowwxhsys6jnoa`
++
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information that's used to authenticate web app users for [Azure DevOps REST API access.](/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops)
+
+It uses several primary resources:
+
+- Patterns of Base32 encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey256B32:
+
+- pat
+- token
+- ado
+- vsts
+- azuredevops
+- visualstudio.com
+- dev.azure.com
compliance Sit Defn Azure Devops Personal Access Token https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-devops-personal-access-token.md
+
+ Title: "Azure DevOps personal access token entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure DevOps personal access token sensitive information type entity definition."
++
+# Azure DevOps personal access token (preview)
+
+## Format
+
+A combination of 52 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of 52 characters consisting of:
+
+- a-z or A-Z (case-sensitive)
+- or 2-7
+
+for example:
+
+`ntpi2ch67ci2vjzcohglogyygwo5fuyl365n2zdowwxhsys6jnoa`
+
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information that's used as an alternate password to authenticate into [Azure DevOps.](/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops)
+
+It uses several primary resources:
+
+- Patterns of Base32 encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey256B32:
+
+- pat
+- token
+- ado
+- vsts
+- azuredevops
+- visualstudio.com
+- dev.azure.com
compliance Sit Defn Azure Document Db Auth Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-document-db-auth-key.md
+
+ Title: "Azure DocumentDB auth key entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure DocumentDB auth key sensitive information type entity definition."
++
+# Azure DocumentDB auth key
+
+## Format
+
+The string `DocumentDb` followed by the characters and strings outlined in the pattern below.
+
+## Pattern
+
+- The string `DocumentDb`
+- Any combination of between 3-200 lower- or uppercase letters, digits, symbols, special characters, or spaces
+- A greater than symbol (>), an equal sign (=), a quotation mark ("), or an apostrophe (')
+- Any combination of 86 lower- or uppercase letters, digits, forward slash (/), or plus sign (+)
+- Two equal signs (=)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `CEP_Regex_AzureDocumentDBAuthKey` finds content that matches the pattern.
+- The regular expression `CEP_CommonExampleKeywords` doesn't find content that matches the pattern.
+
+```xml
+<!-- Azure Document DB Auth Key -->
+<Entity id="0f587d92-eb28-44a9-bd1c-90f2892b47aa" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="CEP_Regex_AzureDocumentDBAuthKey" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="CEP_CommonExampleKeywords" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### CEP_CommonExampleKeywords
+
+This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
+
+- contoso
+- fabrikam
+- northwind
+- sandbox
+- onebox
+- localhost
+- 127.0.0.1
+- testacs.<!--no-hyperlink-->com
+- s-int.<!--no-hyperlink-->net
compliance Sit Defn Azure Eventgrid Access Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-eventgrid-access-key.md
+
+ Title: "Azure EventGrid access key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure EventGrid access key sensitive information type entity definition."
++
+# Azure EventGrid access key (preview)
+
+## Format
+
+A combination of 43 characters consisting of letters, digits, and special characters ending in an equals sign (=) that is not part of the pattern.
+
+## Pattern
+
+A combination of 43 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to authenticate an application publishing events to [Azure Event Grid resources (topics and domains).](/azure/event-grid/get-access-keys)
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn Azure Function Master Api Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-function-master-api-key.md
+
+ Title: "Azure Function Master / API key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Function Master / API key sensitive information type entity definition."
++
+# Azure Function Master / API key (preview)
+
+## Format
+
+A combination of 56 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of up to 90 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of 54 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- ends with two equal signs (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEFGHIJKLMNOP==`
+
+or
+
+A combination of 54 to 84 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- or percent signs (%)
+- ends with a suffix '%3d%3d' (not case-sensitive)
+
+for example:
+
+abcdefghijklmnopqrstuvwxyz0123456789%2F%2BABCDEF0123456789%3D%3D
++
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to request [Azure Function API](/azure/azure-functions/functions-how-to-use-azure-function-app-settings?tabs=portal) when its authorization level is set a value other than anonymous.
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 320 bits symmetric key.
+- Patterns of URL Encoded 320 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
++
+## Keywords
+
+### Keyword_SymmetricKey320:
+
+- code=
+- key
+
+### Keyword_SymmetricKey320UrlEncoded:
+
+- code=
+- key
compliance Sit Defn Azure Iaas Database Connection String Azure Sql Connection String https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-iaas-database-connection-string-azure-sql-connection-string.md
+
+ Title: "Azure IAAS database connection string and Azure SQL connection string entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure IAAS database connection string and Azure SQL connection string sensitive information type entity definition."
++
+# Azure IAAS database connection string and Azure SQL connection string
+
+## Format
+
+The string `Server`, `server`, or `data source` followed by the characters and strings outlined in the pattern below, including the string `cloudapp.azure.com` or `cloudapp.azure.net` or `database.windows.net`, and the string `Password` or `password` or `pwd`.
+
+## Pattern
+
+- the string `Server`, `server`, or `data source`
+- zero to two whitespace characters
+- an equal sign (=)
+- zero to two whitespace characters
+- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces
+- The string "cloudapp.azure.<!--no-hyperlink-->com", "cloudapp.azure.<!--no-hyperlink-->net", or "database.windows.<!--no-hyperlink-->net"
+- any combination of between 1-300 lower- or uppercase letters, digits, symbols, special characters, or spaces
+- the string `Password`, `password`, or `pwd`
+- zero to two whitespace characters
+- an equal sign (=)
+- zero to two whitespace characters
+- one or more characters that aren't a semicolon (;), quotation mark ("), or apostrophe (')
+- a semicolon (;), quotation mark ("), or apostrophe (')
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `CEP_Regex_AzureConnectionString` finds content that matches the pattern.
+- The regular expression `CEP_CommonExampleKeywords` doesn't find content that matches the pattern.
+
+```xml
+<!--Azure IAAS Database Connection String and Azure SQL Connection String-->
+<Entity id="ce1a126d-186f-4700-8c0c-486157b953fd" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="CEP_Regex_AzureConnectionString" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="CEP_CommonExampleKeywords" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### CEP_common_example_keywords
+
+This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
+
+- contoso
+- fabrikam
+- northwind
+- sandbox
+- onebox
+- localhost
+- 127.0.0.1
+- testacs.<!--no-hyperlink-->com
+- s-int.<!--no-hyperlink-->net
compliance Sit Defn Azure Iot Connection String https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-iot-connection-string.md
+
+ Title: "Azure IoT connection string entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure IoT connection string sensitive information type entity definition."
++
+# Azure IoT connection string (preview)
+
+### Format
+
+The string `HostName` followed by the characters and strings outlined in the pattern below, including the strings `azure-devices.net` and `SharedAccessKey`.
+
+## Pattern
+
+- the string `HostName`
+- zero to two whitespace characters
+- an equal sign (=)
+- zero to two whitespace characters
+- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces
+- the string "azure-devices.<!--no-hyperlink-->net"
+- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces
+- the string `SharedAccessKey`
+- zero to two whitespace characters
+- an equal sign (=)
+- zero to two whitespace characters
+- any combination of 43 lower- or uppercase letters, digits, forward slash (/), or plus sign (+)
+- an equal sign (=)
+
+## Checksum
+
+No
+
+### Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `CEP_Regex_AzureIoTConnectionString` finds content that matches the pattern.
+- The regular expression `CEP_CommonExampleKeywords` doesn't find content that matches the pattern.
+
+```xml
+<!--Azure IoT Connection String-->
+<Entity id="0b34bec3-d5d6-4974-b7b0-dcdb5c90c29d" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="CEP_Regex_AzureIoTConnectionString" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="CEP_CommonExampleKeywords" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### CEP_common_example_keywords
+
+This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
+
+- contoso
+- fabrikam
+- northwind
+- sandbox
+- onebox
+- localhost
+- 127.0.0.1
+- testacs.<!--no-hyperlink-->com
+- s-int.<!--no-hyperlink-->net
compliance Sit Defn Azure Iot Shared Access Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-iot-shared-access-key.md
+
+ Title: "Azure IoT shared access key entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure IoT shared access key sensitive information type entity definition."
++
+# Azure IoT shared access key
+
+## Format
+
+A combination of 44-characters consisting of letters, digits, and special characters ending with and equals sign that is not part of the pattern.
+
+## Pattern
+
+Any combination of 43 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- ends with an equal sign (=) that is not part of the pattern.
+
+For example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to authenticate [Azure IoT devices and services](/azure/iot-fundamentals/iot-security-deployment).
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn Azure Logic App Shared Access Signature https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-logic-app-shared-access-signature.md
+
+ Title: "Azure Logic App shared access signature entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Logic App shared access signature sensitive information type entity definition."
++
+# Azure Logic App shared access signature (preview)
+
+## Format
+
+A combination of up to 76 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of 43 to 73 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- or percent signs (%)
+- ends with a suffix '%3d' (not case-sensitive)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789%2F%2BABCDE%3D`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to grant access to a request endpoint on [Azure Logic Apps.](/azure/logic-apps/logic-apps-securing-a-logic-app?tabs=azure-portal)
+
+It uses several primary resources:
+
+Patterns of URL Encoded 256 bits symmetric key.
+Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+Patterns of mockup values, redactions, and placeholders.
+A dictionary of vocabulary
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
++
+## Keywords
+
+### Keyword_SymmetricKey256UrlEncoded:
+
+- sig=
+- key
+- token
+- secret
+- password
compliance Sit Defn Azure Machine Learning Web Service Api Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-machine-learning-web-service-api-key.md
+
+ Title: "Azure Machine Learning web service API key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Machine Learning web service API key sensitive information type entity definition."
++
+# Azure Machine Learning web service API key (preview)
+
+## Format
+
+A combination of 88 characters consisting of letters, digits, and special characters ending in two equals signs (==).
+
+## Pattern
+
+Any combination of 86 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to connect to [Azure Machine Learning Web services](/azure/machine-learning/classic/consume-web-services).
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 512 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey512:
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn Azure Maps Subscription Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-maps-subscription-key.md
+
+ Title: "Azure Maps subscription key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Maps subscription key sensitive information type entity definition."
++
+# Azure Maps subscription key (preview)
+
+## Format
+
+A combination of 43 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of 43 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- dashes (-)
+- or underlines (_)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789-_ABCDE`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to access resources in [Azure Maps accounts](/azure/azure-maps/how-to-manage-authentication).
+
+It uses several primary resources:
+
+- Patterns of Base64 URL encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey256Url:
+
+- key
+- microsoft.maps
compliance Sit Defn Azure Publish Setting Password https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-publish-setting-password.md
+
+ Title: "Azure publish setting password entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure publish setting password sensitive information type entity definition."
++
+# Azure publish setting password
+
+### Format
+
+The string `userpwd=` followed by an alphanumeric string.
+
+### Pattern
+
+- the string `userpwd=`
+- any combination of 60 lowercase letters or digits
+- a quotation mark (")
+
+### Checksum
+
+No
+
+### Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `CEP_Regex_AzurePublishSettingPasswords` finds content that matches the pattern.
+- The regular expression `CEP_CommonExampleKeywords` doesn't find content that matches the pattern.
+
+```xml
+<!--Azure Publish Setting Password-->
+<Entity id="75f4cc8a-a68e-49e5-89ce-fa8f03d286a5" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="CEP_Regex_AzurePublishSettingPasswords" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="CEP_CommonExampleKeywords" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+### Keywords
+
+#### CEP_common_example_keywords
+
+This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
+
+- contoso
+- fabrikam
+- northwind
+- sandbox
+- onebox
+- localhost
+- 127.0.0.1
+- testacs.<!--no-hyperlink-->com
+- s-int.<!--no-hyperlink-->net
compliance Sit Defn Azure Redis Cache Connection String Password https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-redis-cache-connection-string-password.md
+
+ Title: "Azure Redis cache connection string password entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Redis cache connection string password sensitive information type entity definition."
++
+# Azure Redis cache connection string password (preview)
+
+## Format
+
+A combination of up to 20,000-characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of 44-characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of up to 20,000 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- Up to 2
+- equal signs (=)
+
+for example:
+
+`MIIKcQIBAzCCCi0GCSqGSIb3DQEHAaCCCh4EggoaMIIKFjCCBg8GCSqGSIb3DQEHAaCCBgAEggX8MIIF+DCCBfQGCyqGSIb3DQEM`
+
+or
+
+Any combination of 43 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- ends with an equal sign (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information thatΓÇÖs used to connect to [Azure Cache for Redis servers](/azure/azure-cache-for-redis/).
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded string literal.
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_Base64EncodedStringLiteral:
+
+- MII
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn Azure Redis Cache Connection String https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-redis-cache-connection-string.md
+
+ Title: "Azure Redis cache connection string entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Redis cache connection string sensitive information type entity definition."
++
+# Azure Redis cache connection string
+
+## Format
+
+The string `redis.cache.windows.net` followed by the characters and strings outlined in the pattern below, including the string `password` or `pwd`.
+
+## Pattern
+
+- the string `redis.cache.windows.net`
+- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces
+- the string `password` or `pwd`
+- zero to two whitespace characters
+- an equal sign (=)
+- zero to two whitespace characters
+- any combination of 43 characters that are lower- or uppercase letters, digits, forward slash (/), or plus sign (+)
+- an equal sign (=)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `CEP_Regex_AzureRedisCacheConnectionString` finds content that matches the pattern.
+- The regular expression `CEP_CommonExampleKeywords` doesn't find content that matches the pattern.
+
+```xml
+<!--Azure Redis Cache Connection String-->
+<Entity id="095a7e6c-efd8-46d5-af7b-5298d53a49fc" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="CEP_Regex_AzureRedisCacheConnectionString" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="CEP_CommonExampleKeywords" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### CEP_common_example_keywords
+
+This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
+
+- contoso
+- fabrikam
+- northwind
+- sandbox
+- onebox
+- localhost
+- 127.0.0.1
+- testacs.<!--no-hyperlink-->com
+- s-int.<!--no-hyperlink-->net
compliance Sit Defn Azure Sas https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-sas.md
+
+ Title: "Azure SAS entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure SAS sensitive information type entity definition."
++
+# Azure SAS
+
+## Format
+
+The string `sig` followed by the characters and strings outlined in the pattern below.
+
+## Pattern
+
+- the string `sig`
+- zero to two whitespace characters
+- an equal sign (=)
+- zero to two whitespace characters
+- any combination of between 43-53 characters that are lower- or uppercase letters, digits, or the percent sign (%)
+- the string `%3d`
+- any character that isn't a lower- or uppercase letter, digit, or percent sign (%)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `CEP_Regex_AzureSAS` finds content that matches the pattern.
+
+```xml
+<!--Azure SAS-->
+<Entity id="4d235014-e564-47f4-a6fb-6ebb4a826834" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="CEP_Regex_AzureSAS" />
+ </Pattern>
+</Entity>
+```
compliance Sit Defn Azure Service Bus Connection String https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-service-bus-connection-string.md
+
+ Title: "Azure service bus connection string entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure service bus connection string sensitive information type entity definition."
++
+# Azure service bus connection string
+
+## Format
+
+The string `EndPoint` followed by the characters and strings outlined in the pattern below, including the strings `servicebus.windows.net` and `SharedAccesKey`.
+
+## Pattern
+
+- the string `EndPoint`
+- zero to two whitespace characters
+- an equal sign (=)
+- zero to two whitespace characters
+- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces
+- the string `servicebus.windows.net`
+- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces
+- the string `SharedAccessKey`
+- zero to two whitespace characters
+- an equal sign (=)
+- zero to two whitespace characters
+- any combination of 43 characters that are lower- or uppercase letters, digits, forward slash (/), or plus sign (+)
+- an equal sign (=)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `CEP_Regex_AzureServiceBusConnectionString` finds content that matches the pattern.
+- The regular expression `CEP_CommonExampleKeywords` doesn't find content that matches the pattern.
+
+```xml
+<!--Azure Service Bus Connection String-->
+<Entity id="b9a6578f-a83f-4fcd-bf44-2130bae49a6f" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="CEP_Regex_AzureServiceBusConnectionString" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="CEP_CommonExampleKeywords" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### CEP_common_example_keywords
+
+This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
+
+- contoso
+- fabrikam
+- northwind
+- sandbox
+- onebox
+- localhost
+- 127.0.0.1
+- testacs.<!--no-hyperlink-->com
+- s-int.<!--no-hyperlink-->net
compliance Sit Defn Azure Service Bus Shared Access Signature https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-service-bus-shared-access-signature.md
+
+ Title: "Azure service bus shared access signature entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure service bus shared access signature sensitive information type entity definition."
++
+# Azure service bus shared access signature (preview)
+
+## Format
+
+A combination of 44-characters consisting of letters, digits, and special characters ending with an equals sign (=) that is not part of the pattern.
+
+or
+
+A combination of up to 76-characters consisting of letters, digits, and special characters ending with an equals sign (=) that is not part of the pattern.
+
+## Pattern
+
+Any combination of 43 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- ends with an equal sign (=) that is not part of the pattern
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+or
+
+Any combination of 43 to 73 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- or percent signs (%)
+- ends with a suffix ΓÇÿ%3dΓÇÖ (not case-sensitive)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789%2F%2BABCDE%3D`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information thatΓÇÖs used to grant a user access to [Azure Service Bus resources](/azure/service-bus-messaging/service-bus-authentication-and-authorization) with specific rights.
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of URL Encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
+
+### Keyword_SymmetricKey256UrlEncoded:
+
+- sig=
+- key
+- token
+- secret
+- password
compliance Sit Defn Azure Shared Access Key Web Hook Token https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-shared-access-key-web-hook-token.md
+
+ Title: "Azure Shared Access key / Web Hook token signature entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Shared Access key / Web Hook token sensitive information type entity definition."
++
+# Azure Shared Access key / Web Hook token (preview)
+
+## Format
+
+A combination of 44 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of up to 76 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of 43 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- ends with an equal sign (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+or
+
+A combination of 43 to 73 characters consisting of:
+
+- a-z (case insensitive )
+- 0-9
+- percent signs (%)
+- ends with a suffix '%3d' (case insensitive)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789%2F%2BABCDE%3D`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to access general [Azure resources with restricted permission](/azure/notification-hubs/notification-hubs-push-notification-security).
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of URL Encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns do not match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present will not be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
+
+### Keyword_SymmetricKey256UrlEncoded:
+
+- sig=
+- key
+- token
+- secret
+- password
compliance Sit Defn Azure Signalr Access Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-signalr-access-key.md
+
+ Title: "Azure SignalR access key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure SignalR access key sensitive information type entity definition."
++
+# Azure SignalR access key (preview)
+
+## Format
+
+A combination of 43 characters consisting of letters, digits, and special characters ending in an equals sign (=) that isn't part of the pattern.
+
+## Pattern
+
+A combination of 43 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to authenticate [Azure SignalR](/azure/azure-signalr/signalr-howto-key-rotation) clients when requests are made to the service.
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn Azure Sql Connection String https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-sql-connection-string.md
+
+ Title: "Azure SQL connection string entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure SQL connection string sensitive information type entity definition."
++
+# Azure SQL connection string (preview)
+
+## Format
+
+Up to 20,000-character combination of letters, digits, and special characters.
+
+or
+
+A pair of username and password used in general authentication process.
++
+## Pattern
+
+Any combination of up to 20,000 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- Up to 2
+- equal signs (=)
+
+for example:
+
+`MIIKcQIBAzCCCi0GCSqGSIb3DQEHAaCCCh4EggoaMIIKFjCCBg8GCSqGSIb3DQEHAaCCBgAEggX8MIIF+DCCBfQGCyqGSIb3DQEM`
+
+or
+
+Variant username and password formats, for example:
+
+`username=...;password=********;` <br>
+`user id=...;password=********;` <br>
+`uid=...;pwd=********;` <br>
+`DB_USER=...;DB_PASS=********;` <br>
+`Service Account=...;Password=********;` <br>
++
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information that's used to connect to [Azure SQL Databases](/azure/sql-database/sql-database-aad-authentication-configure).
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded string literal.
+- Patterns of Plain-text username and password.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_Base64EncodedStringLiteral:
+
+- MII
+
+### Keyword_LoginCredentials:
+
+- password
+- pw
+- DB_
compliance Sit Defn Azure Storage Account Access Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-storage-account-access-key.md
+
+ Title: "Azure storage account access key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure storage account access key sensitive information type entity definition."
++
+# Azure storage account access key (preview)
+
+## Format
+
+A combination of up to 20,000 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of 88 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of up to 20,000 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- Up to 2
+- equal signs (=)
+
+for example:
+
+`MIIKcQIBAzCCCi0GCSqGSIb3DQEHAaCCCh4EggoaMIIKFjCCBg8GCSqGSIb3DQEHAaCCBgAEggX8MIIF+DCCBfQGCyqGSIb3DQEM`
+or
+
+Any combination of 86 characters consisting of:
+
+a-z (not case-sensitive)
+0-9
+forward slashes (/)
+or plus signs (+)
+ends with two equal signs (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==`
++
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information that's used to make request against [Azure Storage services](/rest/api/storageservices/authorize-with-shared-key), like Blob, Queue, Table and File services.
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded string literal.
+- Patterns of Base64 encoded 512 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
++
+## Keywords
+
+### Keyword_Base64EncodedStringLiteral:
+
+- MII
+
+### Keyword_SymmetricKey512:
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn Azure Storage Account Key Generic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-storage-account-key-generic.md
+
+ Title: "Azure Storage account key (generic) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Storage account key (generic) sensitive information type entity definition."
++
+# Azure Storage account key (generic)
+
+## Format
+
+Any combination of 86 lower- or uppercase letters, digits, the forward slash (/), or plus sign (+), preceded or followed by the characters outlined in the pattern below.
+
+## Pattern
+
+- zero to one of the greater than symbol (>), apostrophe ('), equal sign (=), quotation mark ("), or number sign (#)
+- any combination of 86 characters that are lower- or uppercase letters, digits, the forward slash (/), or plus sign (+)
+- two equal signs (=)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `CEP_Regex_AzureStorageAccountKeyGeneric` finds content that matches the pattern.
+
+```xml
+<!--Azure Storage Account Key (Generic)-->
+<Entity id="7ff41bd0-5419-4523-91d6-383b3a37f084" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="CEP_Regex_AzureStorageAccountKeyGeneric" />
+ </Pattern>
+</Entity>
+```
compliance Sit Defn Azure Storage Account Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-storage-account-key.md
+
+ Title: "Azure storage account key entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure storage account key sensitive information type entity definition."
++
+# Azure storage account key
+
+## Format
+
+The string `DefaultEndpointsProtocol` followed by the characters and strings outlined in the pattern below, including the string `AccountKey`.
+
+## Pattern
+
+- the string `DefaultEndpointsProtocol`
+- zero to two whitespace characters
+- an equal sign (=)
+- zero to two whitespace characters
+- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces
+- the string `AccountKey`
+- zero to two whitespace characters
+- an equal sign (=)
+- zero to two whitespace characters
+- any combination of 86 characters that are lower- or uppercase letters, digits, forward slash (/), or plus sign (+)
+- two equal signs (=)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `CEP_Regex_AzureStorageAccountKey` finds content that matches the pattern.
+- The regular expression `CEP_AzureEmulatorStorageAccountFilter` doesn't find content that matches the pattern.
+- The regular expression `CEP_CommonExampleKeywords` doesn't find content that matches the pattern.
+
+```xml
+<!--Azure Storage Account Key-->
+<Entity id="c7bc98e8-551a-4c35-a92d-d2c8cda714a7" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="CEP_Regex_AzureStorageAccountKey" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="CEP_AzureEmulatorStorageAccountFilter" />
+ <Match idRef="CEP_CommonExampleKeywords" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### CEP_azure_emulator_storage_account_filter
+
+This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
+
+- Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==
+
+### CEP_common_example_keywords
+
+This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
+
+- contoso
+- fabrikam
+- northwind
+- sandbox
+- onebox
+- localhost
+- 127.0.0.1
+- testacs.<!--no-hyperlink-->com
+- s-int.<!--no-hyperlink-->net
compliance Sit Defn Azure Storage Account Shared Access Signature High Risk Resources https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-storage-account-shared-access-signature-high-risk-resources.md
+
+ Title: "Azure Storage account shared access signature for high risk resources entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Storage account shared access signature for high risk resources sensitive information type entity definition."
++
+# Azure Storage account shared access signature for high risk resources (preview)
+
+## Format
+
+A combination of 44 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of up to 76 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of 43 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- ends with an equal sign (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+or
+
+Any combination of 43 to 73 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- or percent signs (%)
+- ends with a suffix '%3d' (not case-sensitive)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789%2F%2BABCDE%3D`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to grant restricted access rights to high risk [Azure Storage resources such as certificates, configurations, or deployment packages](/rest/api/storageservices/delegate-access-with-shared-access-signature).
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of URL Encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
++
+## Keywords
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
+
+### Keyword_SymmetricKey256UrlEncoded:
+
+- sig=
+- key
+- token
+- secret
+- password
compliance Sit Defn Azure Storage Account Shared Access Signature https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-storage-account-shared-access-signature.md
+
+ Title: "Azure Storage account shared access signature entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure Storage account shared access signature sensitive information type entity definition."
++
+# Azure Storage account shared access signature (preview)
+
+## Format
+
+A combination of 44 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of up to 76 characters consisting of letters, digits, and special characters.
++
+## Pattern
+
+Any combination of 43 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- ends with an equal sign (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+or
+
+A combination of 43 to 73 characters consisting of:
+
+- a-z (not case-sensitive)
+- 0-9
+- or percent signs (%)
+- ends with a suffix '%3d' (not case-sensitive)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789%2F%2BABCDE%3D`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to grant restricted access rights to [Azure Storage resources](/rest/api/storageservices/delegate-access-with-shared-access-signature).
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of URL Encoded 256 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
+
+### Keyword_SymmetricKey256UrlEncoded:
+
+- sig=
+- key
+- token
+- secret
+- password
compliance Sit Defn Azure Subscription Management Certificate https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-subscription-management-certificate.md
+
+ Title: "Azure subscription management certificate entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Azure subscription management certificate sensitive information type entity definition."
++
+# Azure subscription management certificate (preview)
+
+## Format
+
+A combination of up to 20,000 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+A combination of up to 20,000 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slash (/) or plus sign (+)
+- Up to two equals signs (==)
+
+for example:
+
+`MIIKcQIBAzCCCi0GCSqGSIb3DQEHAaCCCh4EggoaMIIKFjCCBg8GCSqGSIb3DQEHAaCCBgAEggX8MIIF+DCCBfQGCyqGSIb3DQEM`
+
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information that's used to authenticate with the [classic deployment model](/azure/azure-resource-manager/management/deployment-models) provided by Azure. Many programs and tools, like Visual Studio or the Azure SDK, use these certificates to automate configuration and deployment of various [Azure services](/azure/azure-api-management-certs).
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded string literal.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_Base64EncodedStringLiteral:
+
+- MII
compliance Sit Defn Belgium Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-belgium-drivers-license-number.md
+
+ Title: "Belgium drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Belgium driver's license number sensitive information type entity definition."
++
+# Belgium drivers license number
+
+## Format
+
+10 digits without spaces and delimiters
+
+## Pattern
+
+10 digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_belgium_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_belgium_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Belgium Driver's License Number -->
+ <Entity id="d89fd329-9324-433c-b687-2c37bd5166f3" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_belgium_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_belgium_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_belgium_eu_driver's_license_number
+
+- rijbewijs
+- rijbewijsnummer
+- f├╝hrerschein
+- f├╝hrerscheinnummer
+- f├╝ehrerscheinnummer
+- fuhrerschein
+- fuehrerschein
+- fuhrerscheinnummer
+- fuehrerscheinnummer
+- permis de conduire
+- numéro permis conduire
compliance Sit Defn Belgium National Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-belgium-national-number.md
+
+ Title: "Belgium national number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Belgium national number sensitive information type entity definition."
++
+# Belgium national number
+
+## Format
+
+11 digits plus optional delimiters
+
+## Pattern
+
+11 digits plus delimiters:
+
+- six digits and two optional periods in the format YY.MM.DD for date of birth
+- An optional delimiter from dot, dash, space
+- three sequential digits (odd for males, even for females)
+- An optional delimiter from dot, dash, space
+- two check digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_belgium_national_number` finds content that matches the pattern.
+- A keyword from `Keyword_belgium_national_number` is found.
+- The checksum passes.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_belgium_national_number` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Belgium National Number -->
+ <Entity id="fb969c9e-0fd1-4b18-8091-a2123c5e6a54" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_belgium_national_number" />
+ <Match idRef="Keyword_belgium_national_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_belgium_national_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_belgium_national_number
+
+- belasting aantal
+- bnn#
+- bnn
+- carte d'identité
+- identifiant national
+- identifiantnational#
+- identificatie
+- identification
+- identifikation
+- identifikationsnummer
+- identifizierung
+- identité
+- identiteit
+- identiteitskaart
+- identity
+- inscription
+- national number
+- national register
+- nationalnumber#
+- nationalnumber
+- nif#
+- nif
+- numéro d'assuré
+- numéro de registre national
+- numéro de sécurité
+- numéro d'identification
+- numéro d'immatriculation
+- numéro national
+- numéronational#
+- personal id number
+- personalausweis
+- personalidnumber#
+- registratie
+- registration
+- registrationsnumme
+- registrierung
+- social security number
+- ssn#
+- ssn
+- steuernummer
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Belgium Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-belgium-passport-number.md
+
+ Title: "Belgium passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Belgium passport number sensitive information type entity definition."
++
+# Belgium passport number
+
+## Format
+
+two letters followed by six digits with no spaces or delimiters
+
+## Pattern
+
+two letters and followed by six digits
+
+## Checksum
+
+not applicable
+
+## Definition
+
+ A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` or `Keywords_belgium_eu_passport_number` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_belgium_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_belgium_eu_passport_number` is found.
+
+```xml
+ <!-- Belgium Passport Number -->
+ <Entity id="d7b1315b-21ca-4774-a32a-596010ff78fd" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_belgium_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_belgium_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date2" />
+ <Match idRef="Keywords_eu_passport_date" />
+ <Match idRef="Keywords_belgium_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_belgium_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_belgium_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_belgium_eu_passport_number
+
+- numéro passeport
+- paspoort nr
+- paspoort-nr
+- paspoortnummer
+- paspoortnummers
+- Passeport carte
+- Passeport livre
+- Pass-Nr
+- Passnummer
+- reisepass kein
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Belgium Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-belgium-physical-addresses.md
+
+ Title: "Belgium physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Belgium physical addresses sensitive information type entity definition."
++
+# Belgium physical addresses
+
+This unbundled named entity detects patterns related to physical addresses from Belgium. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Belgium Value Added Tax Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-belgium-value-added-tax-number.md
+
+ Title: "Belgium value added tax number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Belgium value added tax number sensitive information type entity definition."
++
+# Belgium value added tax number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+12-character alphanumeric pattern
+
+## Pattern
+
+12-character alphanumeric pattern:
+
+- a letter B or b
+- a letter E or e
+- a digit 0
+- a digit from 1 to 9
+- an optional dot or Hyphen or space
+- four digits
+- an optional dot or Hyphen or space
+- four digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_belgium_value_added_tax_number` finds content that matches the pattern.
+- A keyword from `Keywords_belgium_value_added_tax_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_belgium_value_added_tax_number` finds content that matches the pattern.
+
+```xml
+ <!-- Belgium Value Added Tax Number -->
+ <Entity id="85b5b3c3-f2de-4ae8-ac46-fd3cb38bf9ed" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_belgium_value_added_tax_number" />
+ <Match idRef="Keywords_belgium_value_added_tax_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_belgium_value_added_tax_number" />
+ </Pattern>
+ </Entity>
+ </Version>
+```
+## Keywords
+
+### Keyword_belgium_value_added_tax_number
+
+- n┬║ tva
+- vat number
+- vat no
+- numéro t.v.a
+- umsatzsteuer-identifikationsnummer
+- umsatzsteuernummer
+- btw
+- btw#
+- vat#
compliance Sit Defn Blood Test Terms https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-blood-test-terms.md
+
+ Title: "Blood test terms entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Blood test terms sensitive information type entity definition."
++
+# Blood test terms
+
+This unbundled named entity detects terms related to blood tests, such as *hCG*. It supports English terms only. It's also included in the [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+High
compliance Sit Defn Brand Medication Names https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-brand-medication-names.md
+
+ Title: "Brand medication names entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Brand medication names sensitive information type entity definition."
++
+# Brand medication names
+
+This unbundled named entity detects names of brand medication, such as *Tylenol*. It supports English terms only. It's also included in the [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+High
+
compliance Sit Defn Brazil Cpf Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-brazil-cpf-number.md
+
+ Title: "Brazil CPF number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Brazil CPF number sensitive information type entity definition."
++
+# Brazil CPF number
+
+## Format
+
+11 digits that include a check digit and can be formatted or unformatted
+
+## Pattern
+
+Formatted:
+
+- three digits
+- a period
+- three digits
+- a period
+- three digits
+- a hyphen
+- two digits that are check digits
+
+Unformatted:
+
+- 11 digits where the last two digits are check digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_brazil_cpf` finds content that matches the pattern.
+- A keyword from `Keyword_brazil_cpf` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_brazil_cpf` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Brazil CPF Number -->
+<Entity id="78e09124-f2c3-4656-b32a-c1a132cd2711" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_brazil_cpf"/>
+ <Match idRef="Keyword_brazil_cpf"/>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_brazil_cpf"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_brazil_cpf
+
+- CPF
+- Identification
+- Registration
+- Revenue
+- Cadastro de Pessoas Físicas
+- Imposto
+- Identificação
+- Inscrição
+- Receita
compliance Sit Defn Brazil Legal Entity Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-brazil-legal-entity-number.md
+
+ Title: "Brazil legal entity number (CNPJ) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Brazil legal entity number (CNPJ) sensitive information type entity definition."
++
+# Brazil legal entity number (CNPJ)
+
+## Format
+
+14 digits that include a registration number, branch number, and check digits, plus delimiters
+
+## Pattern
+
+14 digits, plus delimiters:
+
+- two digits
+- a period
+- three digits
+- a period
+- three digits (these first eight digits are the registration number)
+- a forward slash
+- four-digit branch number
+- a hyphen
+- two digits that are check digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_brazil_cnpj` finds content that matches the pattern.
+- A keyword from `Keyword_brazil_cnpj` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_brazil_cnpj` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Brazil Legal Entity Number (CNPJ) -->
+<Entity id="9b58b5cd-5e90-4df6-b34f-1ebcc88ceae4" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_brazil_cnpj"/>
+ <Match idRef="Keyword_brazil_cnpj"/>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_brazil_cnpj"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_brazil_cnpj
+
+- CNPJ
+- CNPJ/MF
+- CNPJ-MF
+- National Registry of Legal Entities
+- Taxpayers Registry
+- Legal entity
+- Legal entities
+- Registration Status
+- Business
+- Company
+- CNPJ
+- Cadastro Nacional da Pessoa Jurídica
+- Cadastro Geral de Contribuintes
+- CGC
+- Pessoa jurídica
+- Pessoas jurídicas
+- Situação cadastral
+- Inscrição
+- Empresa
compliance Sit Defn Brazil National Identification Card https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-brazil-national-identification-card.md
+
+ Title: "Brazil national identification card (RG) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Brazil national identification card (RG) sensitive information type entity definition."
++
+# Brazil national identification card (RG)
+
+## Format
+
+Registro Geral (old format): Nine digits
+
+Registro de Identidade (RIC) (new format): 11 digits
+
+### Pattern
+
+Registro Geral (old format):
+
+- two digits
+- a period
+- three digits
+- a period
+- three digits
+- a hyphen
+- one digit that is a check digit
+
+Registro de Identidade (RIC) (new format):
+
+- 10 digits
+- a hyphen
+- one digit that is a check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_brazil_rg` finds content that matches the pattern.
+- A keyword from `Keyword_brazil_rg` is found.
+- The checksum passes.
+
+```xml
+ <!-- Brazil National ID Card (RG) -->
+ <Entity id="486de900-db70-41b3-a886-abdf25af119c" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_brazil_rg" />
+ <Match idRef="Keyword_brazil_rg" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_brazil_rg
+
+- Cédula de identidade
+- identity card
+- national id
+- n├║mero de rregistro
+- registro de Iidentidade
+- registro geral
+- RG (this keyword is case-sensitive)
+- RIC (this keyword is case-sensitive)
compliance Sit Defn Brazil Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-brazil-physical-addresses.md
+
+ Title: "Brazil physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Brazil physical addresses sensitive information type entity definition."
++
+# Brazil physical addresses
+
+This unbundled named entity detects patterns related to physical address from Brazil. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Bulgaria Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-bulgaria-drivers-license-number.md
+
+ Title: "Bulgaria drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Bulgaria driver's license number sensitive information type entity definition."
++
+# Bulgaria drivers license number
+
+## Format
+
+nine digits without spaces and delimiters
+
+## Pattern
+
+nine digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_bulgaria_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_bulgaria_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Bulgaria Driver's License Number -->
+ <Entity id="66d39258-94c2-43b2-804b-aa312258e54b" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_bulgaria_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_bulgaria_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_bulgaria_eu_driver's_license_number
+
+- свидетелство за управление на мпс
+- свидетелство за управление на моторно превозно средство
+- сумпс
+- шофьорска книжка
+- шофьорски книжки
compliance Sit Defn Bulgaria Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-bulgaria-passport-number.md
+
+ Title: "Bulgaria passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Bulgaria passport number sensitive information type entity definition."
++
+# Bulgaria passport number
+
+## Format
+
+nine digits without spaces and delimiters
+
+## Pattern
+
+nine digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_bulgaria_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_bulgaria_eu_passport_number` is found.
+
+```xml
+ <!-- Bulgaria Passport Number -->
+ <Entity id="f7172b82-c588-4216-845e-4e54e397f29a" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_bulgaria_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_bulgaria_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_bulgaria_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_bulgaria_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_bulgaria_eu_passport_number
+
+- номер на паспорта
+- номер на паспорт
+- паспорт №
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Bulgaria Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-bulgaria-physical-addresses.md
+
+ Title: "Bulgaria physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Bulgaria physical addresses sensitive information type entity definition."
++
+# Bulgaria physical addresses
+
+This unbundled named entity detects patterns related to physical address from Bulgaria. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Bulgaria Uniform Civil Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-bulgaria-uniform-civil-number.md
+
+ Title: "Bulgaria uniform civil number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Bulgaria uniform civil number sensitive information type entity definition."
++
+# Bulgaria uniform civil number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+10 digits without spaces and delimiters
+
+## Pattern
+
+10 digits without spaces and delimiters
+
+- six digits that correspond to the birth date (YYMMDD)
+- two digits that correspond to the birth order
+- one digit that corresponds to gender: An even digit for male and an odd digit for female
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_bulgaria_eu_national_id_card` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_bulgaria_eu_national_id_card` finds content that matches the pattern.
+
+```xml
+ <!-- Bulgaria Uniform Civil Number -->
+ <Entity id="100d58b1-0a35-4fb1-aa89-e4a86fb53fcc" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_bulgaria_eu_national_id_card" />
+ <Match idRef="Keywords_bulgaria_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_bulgaria_eu_national_id_card" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_bulgaria_eu_telephone_number" />
+ <Match idRef="Keywords_bulgaria_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_bulgaria_eu_national_id_card
+
+- bnn#
+- bnn
+- bucn#
+- bucn
+- edinen grazhdanski nomer
+- egn#
+- egn
+- identification number
+- national id
+- national number
+- nationalnumber#
+- nationalnumber
+- personal id
+- personal no
+- personal number
+- personalidnumber#
+- social security number
+- ssn#
+- ssn
+- uniform civil id
+- uniform civil no
+- uniform civil number
+- uniformcivilno#
+- uniformcivilno
+- uniformcivilnumber#
+- uniformcivilnumber
+- unique citizenship number
+- ╨╡╨│╨╜#
+- ╨╡╨│╨╜
+- единен граждански номер
+- идентификационен номер
+- личен номер
+- лична идентификация
+- лично не
+- национален номер
+- номер на гражданството
+- униформ id
+- униформ граждански id
+- униформ граждански не
+- униформ граждански номер
+- униформгражданскиid#
+- униформгражданскине.#
compliance Sit Defn Canada Bank Account Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-canada-bank-account-number.md
+
+ Title: "Canada bank account number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Canada bank account number sensitive information type entity definition."
++
+# Canada bank account number
+
+## Format
+
+7 or 12 digits
+
+## Pattern
+
+A Canada Bank Account Number is 7 or 12 digits.
+
+A Canada bank account transit number is:
+
+- five digits
+- a hyphen
+- three digits
+OR
+- a zero "0"
+- eight digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_canada_bank_account_number` finds content that matches the pattern.
+- A keyword from `Keyword_canada_bank_account_number` is found.
+- The regular expression `Regex_canada_bank_account_transit_number` finds content that matches the pattern.
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_canada_bank_account_number` finds content that matches the pattern.
+- A keyword from `Keyword_canada_bank_account_number` is found.
+
+```xml
+<!-- Canada Bank Account Number -->
+<Entity id="552e814c-cb50-4d94-bbaa-bb1d1ffb34de" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_canada_bank_account_number" />
+ <Match idRef="Keyword_canada_bank_account_number" />
+ <Match idRef="Regex_canada_bank_account_transit_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_canada_bank_account_number" />
+ <Match idRef="Keyword_canada_bank_account_number" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_canada_bank_account_number
+
+- canada savings bonds
+- canada revenue agency
+- canadian financial institution
+- direct deposit form
+- canadian citizen
+- legal representative
+- notary public
+- commissioner for oaths
+- child care benefit
+- universal child care
+- canada child tax benefit
+- income tax benefit
+- harmonized sales tax
+- social insurance number
+- income tax refund
+- child tax benefit
+- territorial payments
+- institution number
+- deposit request
+- banking information
+- direct deposit
compliance Sit Defn Canada Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-canada-drivers-license-number.md
+
+ Title: "Canada drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Canada driver's license number sensitive information type entity definition."
++
+# Canada drivers license number
+
+## Format
+
+Varies by province
+
+## Pattern
+
+Various patterns covering:
+
+- Alberta
+- British Columbia
+- Manitoba
+- New Brunswick
+- Newfoundland/Labrador
+- Nova Scotia
+- Ontario
+- Prince Edward Island
+- Quebec
+- Saskatchewan
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_[province_name]_drivers_license_number` finds content that matches the pattern.
+- A keyword from `Keyword_[province_name]_drivers_license_name` is found.
+- A keyword from `Keyword_canada_drivers_license` is found.
+
+```xml
+<!-- Canada Driver's License Number -->
+ <Entity id="37186abb-8e48-4800-ad3c-e3d1610b3db0" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_alberta_drivers_license_number" />
+ <Match idRef="Keyword_alberta_drivers_license_name" />
+ <Match idRef="Keyword_canada_drivers_license" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_british_columbia_drivers_license_number" />
+ <Match idRef="Keyword_british_columbia_drivers_license_name" />
+ <Match idRef="Keyword_canada_drivers_license" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_manitoba_drivers_license_number" />
+ <Match idRef="Keyword_manitoba_drivers_license_name" />
+ <Match idRef="Keyword_canada_drivers_license" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_new_brunswick_drivers_license_number" />
+ <Match idRef="Keyword_new_brunswick_drivers_license_name" />
+ <Match idRef="Keyword_canada_drivers_license" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_newfoundland_labrador_drivers_license_number" />
+ <Match idRef="Keyword_newfoundland_labrador_drivers_license_name" />
+ <Match idRef="Keyword_canada_drivers_license" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_nova_scotia_drivers_license_number" />
+ <Match idRef="Keyword_nova_scotia_drivers_license_name" />
+ <Match idRef="Keyword_canada_drivers_license" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_ontario_drivers_license_number" />
+ <Match idRef="Keyword_ontario_drivers_license_name" />
+ <Match idRef="Keyword_canada_drivers_license" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_prince_edward_island_drivers_license_number" />
+ <Match idRef="Keyword_prince_edward_island_drivers_license_name" />
+ <Match idRef="Keyword_canada_drivers_license" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_quebec_drivers_license_number" />
+ <Match idRef="Keyword_quebec_drivers_license_name" />
+ <Match idRef="Keyword_canada_drivers_license" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_saskatchewan_drivers_license_number" />
+ <Match idRef="Keyword_saskatchewan_drivers_license_name" />
+ <Match idRef="Keyword_canada_drivers_license" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_[province_name]_drivers_license_name
+
+- The province abbreviation, for example AB
+- The province name, for example Alberta
+
+### Keyword_canada_drivers_license
+
+- DL
+- DLS
+- CDL
+- CDLS
+- DriverLic
+- DriverLics
+- DriverLicense
+- DriverLicenses
+- DriverLicence
+- DriverLicences
+- Driver Lic
+- Driver Lics
+- Driver License
+- Driver Licenses
+- Driver Licence
+- Driver Licences
+- DriversLic
+- DriversLics
+- DriversLicence
+- DriversLicences
+- DriversLicense
+- DriversLicenses
+- Drivers Lic
+- Drivers Lics
+- Drivers License
+- Drivers Licenses
+- Drivers Licence
+- Drivers Licences
+- Driver'Lic
+- Driver'Lics
+- Driver'License
+- Driver'Licenses
+- Driver'Licence
+- Driver'Licences
+- Driver' Lic
+- Driver' Lics
+- Driver' License
+- Driver' Licenses
+- Driver' Licence
+- Driver' Licences
+- Driver'sLic
+- Driver'sLics
+- Driver'sLicense
+- Driver'sLicenses
+- Driver'sLicence
+- Driver'sLicences
+- Driver's Lic
+- Driver's Lics
+- Driver's License
+- Driver's Licenses
+- Driver's Licence
+- Driver's Licences
+- Permis de Conduire
+- id
+- ids
+- idcard number
+- idcard numbers
+- idcard #
+- idcard #s
+- idcard card
+- idcard cards
+- idcard
+- identification number
+- identification numbers
+- identification #
+- identification #s
+- identification card
+- identification cards
+- identification
+- DL#
+- DLS#
+- CDL#
+- CDLS#
+- DriverLic#
+- DriverLics#
+- DriverLicense#
+- DriverLicenses#
+- DriverLicence#
+- DriverLicences#
+- Driver Lic#
+- Driver Lics#
+- Driver License#
+- Driver Licenses#
+- Driver License#
+- Driver Licences#
+- DriversLic#
+- DriversLics#
+- DriversLicense#
+- DriversLicenses#
+- DriversLicence#
+- DriversLicences#
+- Drivers Lic#
+- Drivers Lics#
+- Drivers License#
+- Drivers Licenses#
+- Drivers Licence#
+- Drivers Licences#
+- Driver'Lic#
+- Driver'Lics#
+- Driver'License#
+- Driver'Licenses#
+- Driver'Licence#
+- Driver'Licences#
+- Driver' Lic#
+- Driver' Lics#
+- Driver' License#
+- Driver' Licenses#
+- Driver' Licence#
+- Driver' Licences#
+- Driver'sLic#
+- Driver'sLics#
+- Driver'sLicense#
+- Driver'sLicenses#
+- Driver'sLicence#
+- Driver'sLicences#
+- Driver's Lic#
+- Driver's Lics#
+- Driver's License#
+- Driver's Licenses#
+- Driver's Licence#
+- Driver's Licences#
+- Permis de Conduire#
+- id#
+- ids#
+- idcard card#
+- idcard cards#
+- idcard#
+- identification card#
+- identification cards#
+- identification#
compliance Sit Defn Canada Health Service Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-canada-health-service-number.md
+
+ Title: "Canada health service number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Canada health service number sensitive information type entity definition."
++
+# Canada health service number
+
+## Format
+
+ 10 digits
+
+## Pattern
+
+10 digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_canada_health_service_number` finds content that matches the pattern.
+- A keyword from `Keyword_canada_health_service_number` is found.
+
+```xml
+<!-- Canada Health Service Number -->
+<Entity id="59c0bf39-7fab-482c-af25-00faa4384c94" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_canada_health_service_number" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_canada_health_service_number" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_canada_health_service_number
+
+- personal health number
+- patient information
+- health services
+- speciality services
+- automobile accident
+- patient hospital
+- psychiatrist
+- workers compensation
+- disability
compliance Sit Defn Canada Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-canada-passport-number.md
+
+ Title: "Canada passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Canada passport number sensitive information type entity definition."
++
+# Canada passport number
+
+## Format
+
+two uppercase letters followed by six digits
+
+## Pattern
+
+two uppercase letters followed by six digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_canada_passport_number` finds content that matches the pattern.
+- A keyword from `Keyword_canada_passport_number` or `Keyword_passport` is found.
+
+```xml
+<!-- Canada Passport Number -->
+<Entity id="14d0db8b-498a-43ed-9fca-f6097ae687eb" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_canada_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_canada_passport_number" />
+ <Match idRef="Keyword_passport" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_canada_passport_number
+
+- canadian citizenship
+- canadian passport
+- passport application
+- passport photos
+- certified translator
+- canadian citizens
+- processing times
+- renewal application
+
+### Keyword_passport
+
+- Passport Number
+- Passport No
+- Passport #
+- Passport#
+- PassportID
+- Passportno
+- passportnumber
+- パスポート
+- パスポート番号
+- パスポートのNum
+- パスポート#
+- Numéro de passeport
+- Passeport n ┬░
+- Passeport Non
+- Passeport #
+- Passeport#
+- PasseportNon
+- Passeportn ┬░
compliance Sit Defn Canada Personal Health Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-canada-personal-health-identification-number.md
+
+ Title: "Canada personal health identification number (PHIN) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Canada personal health identification number (PHIN) sensitive information type entity definition."
++
+# Canada personal health identification number (PHIN)
+
+## Format
+
+nine digits
+
+## Pattern
+
+nine digits
+
+## Checksum
+
+No
+
+### Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_canada_phin` finds content that matches the pattern.
+- At least two keywords from `Keyword_canada_phin` or `Keyword_canada_provinces` are found.
+
+```xml
+<!-- Canada PHIN -->
+<Entity id="722e12ac-c89a-4ec8-a1b7-fea3469f89db" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_canada_phin" />
+ <Any minMatches="2">
+ <Match idRef="Keyword_canada_phin" />
+ <Match idRef="Keyword_canada_provinces" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_canada_phin
+
+- social insurance number
+- health information act
+- income tax information
+- manitoba health
+- health registration
+- prescription purchases
+- benefit eligibility
+- personal health
+- power of attorney
+- registration number
+- personal health number
+- practitioner referral
+- wellness professional
+- patient referral
+- health and wellness
+
+### Keyword_canada_provinces
+
+- Nunavut
+- Quebec
+- Northwest Territories
+- Ontario
+- British Columbia
+- Alberta
+- Saskatchewan
+- Manitoba
+- Yukon
+- Newfoundland and Labrador
+- New Brunswick
+- Nova Scotia
+- Prince Edward Island
+- Canada
compliance Sit Defn Canada Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-canada-physical-addresses.md
+
+ Title: "Canada physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Canada physical addresses sensitive information type entity definition."
++
+# Canada physical addresses
+
+This unbundled named entity detects patterns related to physical address from Canada. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Canada Social Insurance Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-canada-social-insurance-number.md
+
+ Title: "Canada social insurance number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Canada social insurance number sensitive information type entity definition."
++
+# Canada social insurance number
+
+## Format
+
+nine digits with optional hyphens or spaces
+
+## Pattern
+
+Formatted:
+
+- three digits
+- a hyphen or space
+- three digits
+- a hyphen or space
+- three digits
+
+Unformatted: nine digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_canadian_sin finds content that matches the pattern.
+- At least two of the following patterns:
+ - A keyword from `Keyword_sin` is found.
+ - A keyword from `Keyword_sin_collaborative` is found.
+ - The function `Func_eu_date` finds a date in the right date format.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function Func_unformatted_canadian_sin finds content that matches the pattern.
+- A keyword from `Keyword_sin` is found.
+- The checksum passes.
+
+```xml
+<!-- Canada Social Insurance Number -->
+<Entity id="a2f29c85-ecb8-4514-a610-364790c0773e" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_canadian_sin" />
+ <Any minMatches="2">
+ <Match idRef="Keyword_sin" />
+ <Match idRef="Keyword_sin_collaborative" />
+ <Match idRef="Func_eu_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_unformatted_canadian_sin" />
+ <Match idRef="Keyword_sin" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_sin
+
+- sin
+- social insurance
+- numero d'assurance sociale
+- sins
+- ssn
+- ssns
+- social security
+- numero d'assurance social
+- national identification number
+- national id
+- sin#
+- soc ins
+- social ins
+
+### Keyword_sin_collaborative
+
+- driver's license
+- drivers license
+- driver's licence
+- drivers licence
+- DOB
+- Birthdate
+- Birthday
+- Date of Birth
compliance Sit Defn Chile Identity Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-chile-identity-card-number.md
+
+ Title: "Chile identity card number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Chile identity card number sensitive information type entity definition."
++
+# Chile identity card number
+
+## Format
+
+seven to eight digits plus delimiters a check digit or letter
+
+## Pattern
+
+seven to eight digits plus delimiters:
+
+- one to two digits
+- an optional period
+- three digits
+- an optional period
+- three digits
+- a dash
+- one digit or letter (not case-sensitive) which is a check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_chile_id_card` finds content that matches the pattern.
+- A keyword from `Keyword_chile_id_card` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_chile_id_card` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Chile Identity Card Number -->
+<Entity id="4e979794-49a0-407e-a0b9-2c536937b925" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_chile_id_card"/>
+ <Match idRef="Keyword_chile_id_card"/>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_chile_id_card"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_chile_id_card
+
+- cédula de identidad
+- identificaci├│n
+- national identification
+- national identification number
+- national id
+- n├║mero de identificaci├│n nacional
+- rol ├║nico nacional
+- rol ├║nico tributario
+- RUN
+- RUT
+- tarjeta de identificaci├│n
+- Rol Unico Nacional
+- Rol Unico Tributario
+- RUN#
+- RUT#
+- nationaluniqueroleID#
+- nacional identidad
+- n├║mero identificaci├│n
+- identidad n├║mero
+- numero identificacion
+- identidad numero
+- Chilean identity no.
+- Chilean identity number
+- Chilean identity #
+- Unique Tax Registry
+- Unique Tributary Role
+- Unique Tax Role
+- Unique Tributary Number
+- Unique National Number
+- Unique National Role
+- National unique role
+- Chile identity no.
+- Chile identity number
+- Chile identity #
+- R.U.T
+- R.U.N
compliance Sit Defn China Resident Identity Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-china-resident-identity-card-number.md
+
+ Title: "China resident identity card (PRC) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "China resident identity card (PRC) number sensitive information type entity definition."
+++
+# China resident identity card (PRC) number
+
+## Format
+
+18 digits
+
+## Pattern
+
+18 digits:
+
+- six digits that are an address code
+- eight digits in the form YYYYMMDD, which are the date of birth
+- three digits that are an order code
+- one digit that is a check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_china_resident_id` finds content that matches the pattern.
+- A keyword from `Keyword_china_resident_id` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_china_resident_id` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- China Resident Identity Card (PRC) Number -->
+<Entity id="c92daa86-2d16-4871-901f-816b3f554fc1" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_china_resident_id"/>
+ <Match idRef="Keyword_china_resident_id"/>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_china_resident_id"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+## Keyword_china_resident_id
+
+- Resident Identity Card
+- PRC
+- National Identification Card
+- 身份证
+- 居民 身份证
+- 居民身份证
+- 鉴定
+- 身分證
+- 居民 身份證
+- Θææσ«Ü
compliance Sit Defn Client Secret Api Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-client-secret-api-key.md
+
+ Title: "Client secret / API key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Client secret / API key sensitive information type entity definition."
++
+# Client secret / API key (preview)
+
+## Format
+
+A client secret or refresh token used in OAuth 2.0 protocol.
+
+or
+
+A combination of 24 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of 32 characters consisting of letters and digits.
+
+or
+
+A combination of 40 characters consisting of letters and digits.
+
+or
+
+A combination of 44 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of 56 characters consisting of letters, digits, and special characters
+
+or
+
+A combination of 88 characters consisting of letters, digits, and special characters.
++
+## Pattern
+
+Various client secret or refresh token formats for example:
+
+`ClientSecret:********` <br>
+`AppSecret=********` <br>
+`ConsumerKey:=********` <br>
+`Refresh_Token:********` <br>
+
+or
+
+A combination of 22 characters:
+
+- a-z (not case-sensitive)
+- digits, forward slashes, or plus signs
+- ends with two equal signs (=)
+
+for example:
+
+`abcdefgh0123456789/+AB==`
+
+or
+
+A combination of 32 characters:
+
+- a-f or A-F (case-sensitive)
+- or 0-9
+
+for example:
+
+`abcdef0123456789abcdef0123456789`
+
+or
+
+A combination of 40 characters:
+
+- a-f or A-F (case-sensitive)
+
+or
+
+- 0-9
+
+for example:
+
+`abcdef0123456789abcdef0123456789abcdef01`
+
+or
+
+A combination of 43 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- ends with an equal sign (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+or
+
+A combination of 54 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/) or plus signs (+)
+- ends with two equal signs (==)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEFGHIJKLMNOP==`
+
+or
+
+A combination of 86 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/) or plus signs (+)
+- ends with two equal signs (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==`
++
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's known only to the [OAuth application and the authorization server to exchange](/azure/active-directory/develop/active-directory-how-applications-are-added) for an access token at runtime.
+
+It uses several primary resources:
+
+- Patterns of Client secret context.
+- Patterns of Base64 encoded 128 bits symmetric key.
+- Patterns of Hex encoded 128 bits symmetric key.
+- Patterns of Hex encoded 160 bits Symmetric Key.
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of Base64 encoded 320 bits symmetric key.
+- Patterns of Base64 encoded 512 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_ClientSecretContext:
+
+- secret
+- token
+- auth
+- securestring
+- key
+
+### Keyword_SymmetricKey128:
+
+- secret
+- key
+- password
+- pw
+
+### Keyword_SymmetricKey128Hex:
+
+- dapi
+- key
+- secret
+- token
+- password
+- pw
+
+### Keyword_SymmetricKey160Hex:
+
+- token
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
+
+### Keyword_SymmetricKey320:
+
+- code=
+- key
+
+### Keyword_SymmetricKey512:
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn Credentials In Url https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-credentials-in-url.md
+
+ Title: "Crednetial in URL"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Credentials in URL sensitive information type entity definition."
++
+# Credentials in URL
+
+## Format
+
+Paired username and password used in URL
+
+or
+
+Plain-text password used in script
+
+## Pattern
+
+Various URL username and password formats, for example:
+
+`https://username:********@contoso.com/...`
+`ftp://username:********@contoso.com:20/...`
+
+for example:
+`https://myuser:mypassword@localhost`
+
+or
+
+Various password formats in script, for example:
+
+`password = ********...`
+
+for example:
+
+`password=ZYXWVU_1`
+
+## Checksum
+
+No
+
+## Description
+
+This SIT is designed to match the security information that's used as a token in URL to do client validation or identification [user login process](/azure/key-vault/quick-create-portal). It uses several primary resources:
+
+- Patterns of User Login Credentials in URL.
+- Patterns of Password context in script.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_LoginCredentialsInUrl
+
+- ://
+
+### Keyword_PasswordContextInScript
+
+- secret
+- password
+- pw
compliance Sit Defn Credit Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-credit-card-number.md
+
+ Title: "Credit card number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Credit card number sensitive information type entity definition."
+++
+# Credit card number
+
+## Format
+
+14 to 19 digits that can be formatted or unformatted (dddddddddddddddd) and that must pass the Luhn test.
+
+## Pattern
+
+Detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, diner's cards, Rupay and China UnionPay.
+
+## Checksum
+
+Yes, the Luhn check
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_credit_card` finds content that matches the pattern.
+- One of the following conditions is true:
+ - A keyword from `Keyword_cc_verification` is found.
+ - A keyword from `Keyword_cc_name` is found.
+ - The function `Func_expiration_date` finds a date in the right date format.
+- The checksum passes.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_credit_card` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Credit Card Number -->
+<Entity id="50842eb7-edc8-4019-85dd-5a5c1f2bb085" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_credit_card" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_cc_verification" />
+ <Match idRef="Keyword_cc_name" />
+ <Match idRef="Func_expiration_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_credit_card" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_cc_verification
+
+- card verification
+- card identification number
+- cvn
+- cid
+- cvc2
+- cvv2
+- pin block
+- security code
+- security number
+- security no
+- issue number
+- issue no
+- cryptogramme
+- numéro de sécurité
+- numero de securite
+- kreditkartenpr├╝fnummer
+- kreditkartenprufnummer
+- pr├╝fziffer
+- prufziffer
+- sicherheits Kode
+- sicherheitscode
+- sicherheitsnummer
+- verfalldatum
+- codice di verifica
+- cod. sicurezza
+- cod sicurezza
+- n autorizzazione
+- c├│digo
+- codigo
+- cod. seg
+- cod seg
+- código de segurança
+- codigo de seguranca
+- codigo de segurança
+- c├│digo de seguranca
+- cód. segurança
+- cod. seguranca
+- cod. segurança
+- c├│d. seguranca
+- cód segurança
+- cod seguranca
+- cod segurança
+- c├│d seguranca
+- número de verificação
+- numero de verificacao
+- ablauf
+- g├╝ltig bis
+- g├╝ltigkeitsdatum
+- gultig bis
+- gultigkeitsdatum
+- scadenza
+- data scad
+- fecha de expiracion
+- fecha de venc
+- vencimiento
+- válido hasta
+- valido hasta
+- vto
+- data de expiração
+- data de expiracao
+- data em que expira
+- validade
+- valor
+- vencimento
+- transaction
+- transaction number
+- reference number
+- セキュリティコード
+- セキュリティ コード
+- セキュリティナンバー
+- セキュリティ ナンバー
+- セキュリティ番号
+
+### Keyword_cc_name
+
+- amex
+- american express
+- americanexpress
+- americano espresso
+- Visa
+- mastercard
+- master card
+- mc
+- mastercards
+- master cards
+- diner's Club
+- diners club
+- dinersclub
+- discover
+- discover card
+- discovercard
+- discover cards
+- JCB
+- BrandSmart
+- japanese card bureau
+- carte blanche
+- carteblanche
+- credit card
+- cc#
+- cc#:
+
+- expiration date
+- exp date
+- expiry date
+- date d'expiration
+- date d'exp
+- date expiration
+- bank card
+- bankcard
+- card number
+- card num
+- cardnumber
+- cardnumbers
+- card numbers
+- creditcard
+- credit cards
+- creditcards
+- ccn
+- card holder
+- cardholder
+- card holders
+- cardholders
+- check card
+- checkcard
+- check cards
+- checkcards
+- debit card
+- debitcard
+- debit cards
+- debitcards
+- atm card
+- atmcard
+- atm cards
+- atmcards
+- enroute
+- en route
+- card type
+- Cardmember Acct
+- cardmember account
+- Cardno
+- Corporate Card
+- Corporate cards
+- Type of card
+- card account number
+- card member account
+- Cardmember Acct.
+- card no.
+- card no
+- card number
+- carte bancaire
+- carte de crédit
+- carte de credit
+- numéro de carte
+- numero de carte
+- n┬║ de la carte
+- n┬║ de carte
+- kreditkarte
+- karte
+- karteninhaber
+- karteninhabers
+- kreditkarteninhaber
+- kreditkarteninstitut
+- kreditkartentyp
+- eigent├╝mername
+- kartennr
+- kartennummer
+- kreditkartennummer
+- kreditkarten-nummer
+- carta di credito
+- carta credito
+- n. carta
+- n carta
+- nr. carta
+- nr carta
+- numero carta
+- numero della carta
+- numero di carta
+- tarjeta credito
+- tarjeta de credito
+- tarjeta crédito
+- tarjeta de crédito
+- tarjeta de atm
+- tarjeta atm
+- tarjeta debito
+- tarjeta de debito
+- tarjeta débito
+- tarjeta de débito
+- n┬║ de tarjeta
+- no. de tarjeta
+- no de tarjeta
+- numero de tarjeta
+- n├║mero de tarjeta
+- tarjeta no
+- tarjetahabiente
+- cartão de crédito
+- cartão de credito
+- cartao de crédito
+- cartao de credito
+- cartão de débito
+- cartao de débito
+- cartão de debito
+- cartao de debito
+- débito automático
+- debito automatico
+- número do cartão
+- numero do cartão
+- n├║mero do cartao
+- numero do cartao
+- número de cartão
+- numero de cartão
+- n├║mero de cartao
+- numero de cartao
+- nº do cartão
+- n┬║ do cartao
+- nº. do cartão
+- no do cartão
+- no do cartao
+- no. do cartão
+- no. do cartao
+- rupay
+- union pay
+- unionpay
+- diner's
+- diners
+- クレジットカード番号
+- クレジットカードナンバー
+- クレジットカード#
+- クレジットカード
+- クレジット
+- クレカ
+- カード番号
+- カードナンバー
+- カード#
+- アメックス
+- アメリカンエクスプレス
+- アメリカン エクスプレス
+- Visaカード
+- Visa カード
+- マスターカード
+- マスター カード
+- マスター
+- ダイナースクラブ
+- ダイナース クラブ
+- ダイナース
+- 有効期限
+- 期限
+- キャッシュカード
+- キャッシュ カード
+- カード名義人
+- カードの名義人
+- カードの名義
+- デビット カード
+- デビットカード
+- 中国银联
+- Θô╢Φüö
compliance Sit Defn Croatia Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-croatia-drivers-license-number.md
+
+ Title: "Croatia drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Croatia driver's license number sensitive information type entity definition."
+++
+# Croatia drivers license number
+
+## Format
+
+eight digits without spaces and delimiters
+
+## Pattern
+
+eight digits
+
+## Checksum
+
+No
+
+### Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_croatia_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_croatia_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Croatia Driver's License Number -->
+ <Entity id="005b3ef1-47dd-4e68-bb02-c6db484d00f2" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_croatia_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_croatia_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_croatia_eu_driver's_license_number
+
+- voza─ìka dozvola
+- voza─ìke dozvole
compliance Sit Defn Croatia Identity Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-croatia-identity-card-number.md
+
+ Title: "Croatia identity card number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Croatia identity card number sensitive information type entity definition."
+++
+# Croatia identity card number
+
+This entity is included in the EU National Identification Number sensitive information type. It's available as a stand-alone sensitive information type entity.
+
+## Format
+
+nine digits
+
+## Pattern
+
+nine consecutive digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_croatia_id_card` finds content that matches the pattern.
+- A keyword from `Keyword_croatia_id_card` is found.
+
+```xml
+<!--Croatia Identity Card Number-->
+<Entity id="ff12f884-c20a-4189-b185-34c8e7258d47" recommendedConfidence="75" patternsProximity="300">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_croatia_id_card"/>
+ <Match idRef="Keyword_croatia_id_card"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_croatia_id_card
+
+- majstorski broj gra─æana
+- master citizen number
+- nacionalni identifikacijski broj
+- national identification number
+- oib#
+- oib
+- osobna iskaznica
+- osobni id
+- osobni identifikacijski broj
+- personal identification number
+- porezni broj
+- porezni identifikacijski broj
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Croatia Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-croatia-passport-number.md
+
+ Title: "Croatia passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Croatia passport number sensitive information type entity definition."
+++
+# Croatia passport number
+
+## Format
+
+nine digits without spaces and delimiters
+
+## Pattern
+
+nine digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_croatia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_croatia_eu_passport_number` is found.
+
+```xml
+ <!-- Croatia Passport Number -->
+ <Entity id="7d7a729d-32d8-4204-8d01-d5e6a6c25581" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_croatia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_croatia_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_croatia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_croatia_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number_common
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_croatia_eu_passport_number
+
+- broj putovnice
+- br. Putovnice
+- br putovnice
compliance Sit Defn Croatia Personal Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-croatia-personal-identification-number.md
+
+ Title: "Croatia personal identification (OIB) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Croatia personal identification (OIB) number sensitive information type entity definition."
+++
+# Croatia personal identification (OIB) number
+
+## Format
+
+11 digits
+
+## Pattern
+
+11 digits:
+
+- 10 digits
+- final digit is a check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_croatia_oib_number` finds content that matches the pattern.
+- A keyword from `Keywords_croatia_eu_tax_file_number` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_croatia_oib_number` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- Croatia Personal Identification (OIB) Number -->
+ <Entity id="31983b6d-db95-4eb2-a630-b44bd091968d" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_croatia_oib_number" />
+ <Match idRef="Keywords_croatia_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_croatia_oib_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_croatia_oib_number
+
+- majstorski broj gra─æana
+- master citizen number
+- nacionalni identifikacijski broj
+- national identification number
+- oib#
+- oib
+- osobna iskaznica
+- osobni id
+- osobni identifikacijski broj
+- personal identification number
+- porezni broj
+- porezni identifikacijski broj
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Croatia Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-croatia-physical-addresses.md
+
+ Title: "Croatia physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Croatia physical addresses sensitive information type entity definition."
++
+# Croatia physical addresses
+
+This unbundled named entity detects patterns related to physical address from Croatia. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Cyprus Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-cyprus-drivers-license-number.md
+
+ Title: "Cyprus drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Cyprus driver's license number sensitive information type entity definition."
+++
+# Cyprus drivers license number
+
+## Format
+
+12 digits without spaces and delimiters
+
+## Pattern
+
+12 digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_cyprus_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_cyprus_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Cyprus Driver's License Number -->
+ <Entity id="356fa104-f9ac-4aff-a0e4-2e6e65ea06c4" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_cyprus_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_cyprus_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_cyprus_eu_driver's_license_number
+
+- άδεια οδήγησης
+- αριθμό άδειας οδήγησης
+- άδειες οδήγησης
compliance Sit Defn Cyprus Identity Card https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-cyprus-identity-card.md
+
+ Title: "Cyprus identity card entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Cyprus identity card sensitive information type entity definition."
+++
+# Cyprus identity card
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+10 digits without spaces and delimiters
+
+## Pattern
+
+10 digits
+
+## Checksum
+
+not applicable
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_cyprus_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_cyprus_eu_national_id_card` is found.
+
+```xml
+ <!-- Cyprus Identity Card -->
+ <Entity id="3ba8afe5-7a6c-4929-8247-0001b6878438" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_cyprus_eu_national_id_card" />
+ <Match idRef="Keywords_cyprus_eu_national_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_cyprus_eu_national_id_card
+
+- id card number
+- identity card number
+- kimlik karti
+- national identification number
+- personal id number
+- ταυτοτητασ
compliance Sit Defn Cyprus Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-cyprus-passport-number.md
+
+ Title: "Cyprus passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Cyprus passport number sensitive information type entity definition."
++
+# Cyprus passport number
+
+## Format
+
+one letter followed by 6-8 digits with no spaces or delimiters
+
+## Pattern
+
+one letter followed by six to eight digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.
+- The regular expression `Regex_cyprus_eu_passport_date` finds date in the format DD/MM/YYYY or a keyword from `Keywords_cyprus_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_cyprus_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_cyprus_eu_passport_number` is found.
+
+```xml
+ <!-- Cyprus Passport Number -->
+ <Entity id="9193e2e8-7f8c-43c1-a274-ac40d651936f" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_cyprus_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_cyprus_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_cyprus_eu_passport_date" />
+ <Match idRef="Keywords_cyprus_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_cyprus_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_cyprus_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number_common
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_cyprus_eu_passport_number
+
+- αριθμό διαβατηρίου
+- pasaportu
+- Αριθμός Διαβατηρίου
+- κυπριακό διαβατήριο
+- διαβατήριο#
+- διαβατήριο
+- αριθμός διαβατηρίου
+- Pasaport Kimli─ƒi
+- pasaport numaras─▒
+- Pasaport no.
+- Αρ. Διαβατηρίου
+
+### Keywords_cyprus_eu_passport_date
+
+- expires on
+- issued on
compliance Sit Defn Cyprus Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-cyprus-physical-addresses.md
+
+ Title: "Cyprus physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Cyprus physical addresses sensitive information type entity definition."
+++
+# Cyprus physical addresses
+
+This unbundled named entity detects patterns related to physical address from Cyprus. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Cyprus Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-cyprus-tax-identification-number.md
+
+ Title: "Cyprus tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Cyprus tax identification number sensitive information type entity definition."
+++
+# Cyprus tax identification number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+eight digits and one letter in the specified pattern
+
+## Pattern
+
+eight digits and one letter:
+
+- a "0" or "9"
+- seven digits
+- one letter (not case-sensitive)
+
+## Checksum
+
+not applicable
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_cyprus_eu_tax_file_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_cyprus_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- Cyprus Tax Identification Number -->
+ <Entity id="40e64bd9-55f3-4a09-9bd6-1db18dced9dd" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_cyprus_eu_tax_file_number" />
+ <Match idRef="Keywords_cyprus_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_cyprus_eu_tax_file_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_cyprus_eu_tax_file_number
+
+- tax id
+- tax identification code
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tic#
+- tic
+- tin id
+- tin no
+- tin#
+- vergi kimlik kodu
+- vergi kimlik numaras─▒
+- αριθμός φορολογικού μητρώου
+- κωδικός φορολογικού μητρώου
+- φορολογική ταυτότητα
+- φορολογικού κωδικού
compliance Sit Defn Czech Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-czech-drivers-license-number.md
+
+ Title: "Czech drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Czech driver's license number sensitive information type entity definition."
++
+# Czech drivers license number
+
+## Format
+
+two letters followed by six digits
+
+## Pattern
+
+eight letters and digits:
+
+- letter 'E' (not case-sensitive)
+- a letter
+- a space (optional)
+- six digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_czech_republic_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_czech_republic_eu_driver's_license_number` is found.
+
+```xml
+ <Entity id="86b40d3b-d8ea-4c36-aab0-ef9416a6769c" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_czech_republic_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_czech_republic_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_czech_republic_eu_driver's_license_number
+
+- řidičský prúkaz
+- řidičské průkazy
+- číslo řidičského průkazu
+- čísla řidičských průkazů
compliance Sit Defn Czech Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-czech-passport-number.md
+
+ Title: "Czech passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Czech passport number sensitive information type entity definition."
++
+# Czech passport number
+
+## Format
+
+eight digits without spaces or delimiters
+
+## Pattern
+
+eight digits without spaces or delimiters
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_czech_republic_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_czech_republic_eu_passport_number` is found.
+
+```xml
+ <!-- Czech Republic Passport Number -->
+ <Entity id="7bcd8ce8-5e92-4bbe-bc92-fa669f0369fa" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_czech_republic_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_czech_republic_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_czech_republic_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_czech_republic_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number_common
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_czech_republic_eu_passport_number
+
+- cestovní pas
+- číslo pasu
+- cestovní pasu
+- passeport no
+- čísla pasu
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Czech Personal Identity Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-czech-personal-identity-number.md
+
+ Title: "Czech personal identity number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Czech personal identity number sensitive information type entity definition."
++
+# Czech personal identity number
+
+## Format
+
+nine digits with optional forward slash (old format)
+
+10 digits with optional forward slash (new format)
+
+## Pattern
+
+nine digits (old format):
+
+- six digits that represent date of birth
+- an optional forward slash
+- three digits
+
+10 digits (new format):
+
+- six digits that represent date of birth
+- an optional forward slash
+- four digits where last digit is a check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_czech_id_card` finds content that matches the pattern.
+- A keyword from `Keyword_czech_id_card` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_czech_id_card_new_format` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Czech Personal Identity Number -->
+ <!-- Czech Personal Identity Number -->
+ <Entity id="60c0725a-4eb6-455b-9dda-05d8a7396497" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_czech_id_card" />
+ <Match idRef="Keyword_czech_id_card" />
+ </Pattern>
+ <Version minEngineVersion="15.20.3000.000">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_czech_id_card_new_format" />
+ </Pattern>
+ </Version>
+ </Entity>
+```
+## Keywords
+
+### Keyword_czech_id_card
+
+- birth number
+- czech republic id
+- czechidno#
+- daňové číslo
+- identifikační číslo
+- identity no
+- identity number
+- identityno#
+- identityno
+- insurance number
+- national identification number
+- nationalnumber#
+- national number
+- osobní číslo
+- personalidnumber#
+- personal id number
+- personal identification number
+- personal number
+- pid#
+- pid
+- pojištění číslo
+- r─ì
+- rodne cislo
+- rodné číslo
+- ssn
+- ssn#
+- social security number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
+- unique identification number
compliance Sit Defn Czech Republic Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-czech-republic-physical-addresses.md
+
+ Title: "Czech Republic physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Czech Republic physical addresses sensitive information type entity definition."
++
+# Czech Republic physical addresses
+
+This unbundled named entity detects patterns related to physical address from the Czech Republic. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Denmark Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-denmark-drivers-license-number.md
+
+ Title: "Denmark drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Denmark driver's license number sensitive information type entity definition."
++
+# Denmark drivers license number
+
+## Format
+
+eight digits without spaces and delimiters
+
+## Pattern
+
+eight digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_denmark_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_denmark_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Denmark Driver's License Number -->
+ <Entity id="98a95812-6203-451a-a220-d39870ebef0e" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_denmark_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_denmark_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_denmark_eu_driver's_license_number
+
+- k├╕rekort
+- k├╕rekortnummer
compliance Sit Defn Denmark Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-denmark-passport-number.md
+
+ Title: "Denmark passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Denmark passport number sensitive information type entity definition."
++
+# Denmark passport number
+
+## Format
+
+nine digits without spaces and delimiters
+
+## Pattern
+
+nine digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date2` finds date in the format DD MM YY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_denmark_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_denmark_eu_passport_number` is found.
+
+```xml
+ <!-- Denmark Passport Number -->
+ <Entity id="25e8c47e-e6fe-4884-a211-74898f8c0196" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_denmark_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_denmark_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date2" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_denmark_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_denmark_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+
+```
+
+## Keywords
+
+### Keywords_eu_passport_number_common
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_denmark_eu_passport_number
+
+- pasnummer
+- Passeport n┬░
+- pasnumre
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Denmark Personal Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-denmark-personal-identification-number.md
+
+ Title: "Denmark personal identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Denmark personal identification number sensitive information type entity definition."
++
+# Denmark personal identification number
+
+## Format
+
+10 digits containing a hyphen
+
+## Pattern
+
+10 digits:
+
+- six digits in the format DDMMYY, which are the date of birth
+- an optional space or hyphen
+- four digits where the final digit is a check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Func_denmark_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keyword_denmark_id` is found.
+- The checksum passes.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Func_denmark_eu_tax_file_number` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Denmark Personal Identification Number -->
+ <!-- Denmark Personal Identification Number -->
+ <Entity id="6c4f2fef-56e1-4c00-8093-88d7a01cf460" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_denmark_eu_tax_file_number" />
+ <Match idRef="Keyword_denmark_id" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_denmark_eu_tax_file_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_denmark_id
+
+- centrale personregister
+- civilt registreringssystem
+- cpr
+- cpr#
+- gesundheitskarte nummer
+- gesundheitsversicherungkarte nummer
+- health card
+- health insurance card number
+- health insurance number
+- identification number
+- identifikationsnummer
+- identifikationsnummer#
+- identity number
+- krankenkassennummer
+- nationalid#
+- nationalnumber#
+- national number
+- personalidnumber#
+- personalidentityno#
+- personal id number
+- personnummer
+- personnummer#
+- reisekrankenversicherungskartenummer
+- rejsesygesikringskort
+- ssn
+- ssn#
+- skat id
+- skat kode
+- skat nummer
+- skattenummer
+- social security number
+- sundhedsforsikringskort
+- sundhedsforsikringsnummer
+- sundhedskort
+- sundhedskortnummer
+- sygesikring
+- sygesikringkortnummer
+- tax code
+- travel health insurance card
+- uniqueidentityno#
+- tax number
+- tax registration number
+- tax id
+- tax identification number
+- taxid#
+- taxnumber#
+- tax no
+- taxno#
+- taxnumber
+- tax identification no
+- tin#
+- taxidno#
+- taxidnumber#
+- tax no#
+- tin id
+- tin no
+- cpr.nr
+- cprnr
+- cprnummer
+- personnr
+- personregister
+- sygesikringsbevis
+- sygesikringsbevisnr
+- sygesikringsbevisnummer
+- sygesikringskort
+- sygesikringskortnr
+- sygesikringskortnummer
+- sygesikringsnr
+- sygesikringsnummer
compliance Sit Defn Denmark Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-denmark-physical-addresses.md
+
+ Title: "Denmark physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Denmark physical addresses sensitive information type entity definition."
++
+# Denmark physical addresses
+
+This unbundled named entity detects patterns related to physical address from Denmark. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Diseases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-diseases.md
+
+ Title: "Diseases entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Diseases sensitive information type entity definition."
++
+# Diseases
+
+This unbundled named entity detects text that matches disease names, such as *diabetes*. It supports English terms only. It's also included in the [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+High
compliance Sit Defn Drug Enforcement Agency Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-drug-enforcement-agency-number.md
+
+ Title: "Drug Enforcement Agency (DEA) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Drug Enforcement Agency (DEA) number sensitive information type entity definition."
+++
+# Drug Enforcement Agency (DEA) number
+
+## Format
+
+two letters followed by seven digits
+
+## Pattern
+
+Pattern must include all of the following:
+
+- one letter (not case-sensitive) from this set of possible letters: A/B/F/G/M/P/R, which is a registrant code
+- one letter (not case-sensitive), which is the first letter of the registrant's last name or digit '9'
+- seven digits, the last of which is the check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_dea_number` finds content that matches the pattern.
+- A keyword from `Keyword_dea_number` is found
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_dea_number` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- DEA Number -->
+ <Entity id="9a5445ad-406e-43eb-8bd7-cac17ab6d0e4" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_dea_number" />
+ </Pattern>
+ <Version minEngineVersion="15.20.1207.000" maxEngineVersion="15.20.3134.000">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_dea_number" />
+ </Pattern>
+ </Version>
+ <Version minEngineVersion="15.20.3135.000">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_dea_number" />
+ <Match idRef="Keyword_dea_number" />
+ </Pattern>
+ </Version>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_dea_number
+
+- dea
+- dea#
+- drug enforcement administration
+- drug enforcement agency
compliance Sit Defn Estonia Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-estonia-drivers-license-number.md
+
+ Title: "Estonia drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Estonia driver's license number sensitive information type entity definition."
++
+# Estonia drivers license number
+
+## Format
+
+two letters followed by six digits
+
+## Pattern
+
+two letters and six digits:
+
+- the letters "ET" (not case-sensitive)
+- six digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_estonia_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_estonia_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Estonia Driver's License Number -->
+ <Entity id="51da8171-da70-4cc1-9d65-055a59ca4f83" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_estonia_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_estonia_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_estonia_eu_driver's_license_number
+
+- permis de conduire
+- juhilubade numbrid
+- juhiloa number
+- juhiluba
compliance Sit Defn Estonia Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-estonia-passport-number.md
+
+ Title: "Estonia passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Estonia passport number sensitive information type entity definition."
++
+# Estonia passport number
+
+## Format
+
+one letter followed by seven digits with no spaces or delimiters
+
+## Pattern
+
+one letter followed by seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_estonia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_estonia_eu_passport_number` is found.
+
+```xml
+ <!-- Estonia Passport Number -->
+ <Entity id="61f7073a-509e-425b-a754-bc01bb5d5b8c" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_estonia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_estonia_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_estonia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_estonia_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number_common
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_estonia_eu_passport_number
+
+eesti kodaniku pass
+passi number
+passinumbrid
+document number
+document no
+dokumendi nr
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Estonia Personal Identification Code https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-estonia-personal-identification-code.md
+
+ Title: "Estonia Personal Identification Code entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Estonia Personal Identification Code sensitive information type entity definition."
++
+# Estonia personal identification code
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+11 digits without spaces and delimiters
+
+## Pattern
+
+11 digits:
+
+- one digit that corresponds to sex and century of birth (odd number male, even number female; 1-2: 19th century; 3-4: 20th century; 5-6: 21st century)
+- six digits that correspond to date of birth (YYMMDD)
+- three digits that correspond to a serial number separating persons born on the same date
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_estonia_eu_national_id_card` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_estonia_eu_national_id_card` finds content that matches the pattern.
+
+```xml
+ <!-- Estonia Personal Identification Code -->
+ <Entity id="bfb26de6-dad5-4d48-ab72-4789cdd0654c" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_estonia_eu_national_id_card" />
+ <Match idRef="Keywords_estonia_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_estonia_eu_national_id_card" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_estonia_eu_telephone_number" />
+ <Match idRef="Keywords_estonia_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_estonia_eu_national_id_card
+
+- id-kaart
+- ik
+- isikukood#
+- isikukood
+- maksu id
+- maksukohustuslase identifitseerimisnumber
+- maksunumber
+- national identification number
+- national number
+- personal code
+- personal id number
+- personal identification code
+- personal identification number
+- personalidnumber#
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Estonia Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-estonia-physical-addresses.md
+
+ Title: "Estonia physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Estonia physical addresses sensitive information type entity definition."
++
+# Estonia physical addresses
+
+This unbundled named entity detects patterns related to physical address from Estonia. It's also included in the [All Physical Addresses](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Eu Debit Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-eu-debit-card-number.md
+
+ Title: "EU debit card number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "EU debit card number sensitive information type entity definition."
++
+# EU debit card number
+
+## Format
+
+16 digits
+
+## Pattern
+
+Complex and robust pattern
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_eu_debit_card` finds content that matches the pattern.
+- At least one of the following is true:
+ - A keyword from `Keyword_eu_debit_card` is found.
+ - A keyword from `Keyword_card_terms_dict` is found.
+ - A keyword from `Keyword_card_security_terms_dict` is found.
+ - A keyword from `Keyword_card_expiration_terms_dict` is found.
+ - The function `Func_expiration_date` finds a date in the right date format.
+- The checksum passes.
+
+```xml
+ <!-- EU Debit Card Number -->
+ <Entity id="0e9b3178-9678-47dd-a509-37222ca96b42" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_eu_debit_card" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_eu_debit_card" />
+ <Match idRef="Keyword_card_terms_dict" />
+ <Match idRef="Keyword_card_security_terms_dict" />
+ <Match idRef="Keyword_card_expiration_terms_dict" />
+ <Match idRef="Func_expiration_date" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_eu_debit_card
+
+- account number
+- card number
+- card no.
+- security number
+- cc#
+
+### Keyword_card_terms_dict
+
+- acct nbr
+- acct num
+- acct no
+- american express
+- americanexpress
+- americano espresso
+- amex
+- atm card
+- atm cards
+- atm kaart
+- atmcard
+- atmcards
+- atmkaart
+- atmkaarten
+- bancontact
+- bank card
+- bankkaart
+- card holder
+- card holders
+- card num
+- card number
+- card numbers
+- card type
+- cardano numerico
+- cardholder
+- cardholders
+- cardnumber
+- cardnumbers
+- carta bianca
+- carta credito
+- carta di credito
+- cartao de credito
+- cartao de crédito
+- cartao de debito
+- cartao de débito
+- carte bancaire
+- carte blanche
+- carte bleue
+- carte de credit
+- carte de crédit
+- carte di credito
+- carteblanche
+- cartão de credito
+- cartão de crédito
+- cartão de debito
+- cartão de débito
+- cb
+- ccn
+- check card
+- check cards
+- checkcard
+- checkcards
+- chequekaart
+- cirrus
+- cirrus-edc-maestro
+- controlekaart
+- controlekaarten
+- credit card
+- credit cards
+- creditcard
+- creditcards
+- debetkaart
+- debetkaarten
+- debit card
+- debit cards
+- debitcard
+- debitcards
+- debito automatico
+- diners club
+- dinersclub
+- discover
+- discover card
+- discover cards
+- discovercard
+- discovercards
+- débito automático
+- edc
+- eigent├╝mername
+- european debit card
+- hoofdkaart
+- hoofdkaarten
+- in viaggio
+- japanese card bureau
+- japanse kaartdienst
+- jcb
+- kaart
+- kaart num
+- kaartaantal
+- kaartaantallen
+- kaarthouder
+- kaarthouders
+- karte
+- karteninhaber
+- karteninhabers
+- kartennr
+- kartennummer
+- kreditkarte
+- kreditkarten-nummer
+- kreditkarteninhaber
+- kreditkarteninstitut
+- kreditkartennummer
+- kreditkartentyp
+- maestro
+- master card
+- master cards
+- mastercard
+- mastercards
+- mc
+- mister cash
+- n carta
+- carta
+- no de tarjeta
+- no do cartao
+- no do cartão
+- no. de tarjeta
+- no. do cartao
+- no. do cartão
+- nr carta
+- nr. carta
+- numeri di scheda
+- numero carta
+- numero de cartao
+- numero de carte
+- numero de cartão
+- numero de tarjeta
+- numero della carta
+- numero di carta
+- numero di scheda
+- numero do cartao
+- numero do cartão
+- numéro de carte
+- n┬║ carta
+- n┬║ de carte
+- n┬║ de la carte
+- n┬║ de tarjeta
+- n┬║ do cartao
+- nº do cartão
+- nº. do cartão
+- n├║mero de cartao
+- número de cartão
+- n├║mero de tarjeta
+- n├║mero do cartao
+- scheda dell'assegno
+- scheda dell'atmosfera
+- scheda dell'atmosfera
+- scheda della banca
+- scheda di controllo
+- scheda di debito
+- scheda matrice
+- schede dell'atmosfera
+- schede di controllo
+- schede di debito
+- schede matrici
+- scoprono la scheda
+- scoprono le schede
+- solo
+- supporti di scheda
+- supporto di scheda
+- switch
+- tarjeta atm
+- tarjeta credito
+- tarjeta de atm
+- tarjeta de credito
+- tarjeta de debito
+- tarjeta debito
+- tarjeta no
+- tarjetahabiente
+- tipo della scheda
+- ufficio giapponese della
+- scheda
+- v pay
+- v-pay
+- visa
+- visa plus
+- visa electron
+- visto
+- visum
+- vpay
+
+### Keyword_card_security_terms_dict
+
+- card identification number
+- card verification
+- cardi la verifica
+- cid
+- cod seg
+- cod seguranca
+- cod segurança
+- cod sicurezza
+- cod. seg
+- cod. seguranca
+- cod. segurança
+- cod. sicurezza
+- codice di sicurezza
+- codice di verifica
+- codigo
+- codigo de seguranca
+- codigo de segurança
+- crittogramma
+- cryptogram
+- cryptogramme
+- cv2
+- cvc
+- cvc2
+- cvn
+- cvv
+- cvv2
+- c├│d seguranca
+- cód segurança
+- c├│d. seguranca
+- cód. segurança
+- c├│digo
+- c├│digo de seguranca
+- código de segurança
+- de kaart controle
+- geeft nr uit
+- issue no
+- issue number
+- kaartidentificatienummer
+- kreditkartenprufnummer
+- kreditkartenpr├╝fnummer
+- kwestieaantal
+- no. dell'edizione
+- no. di sicurezza
+- numero de securite
+- numero de verificacao
+- numero dell'edizione
+- numero di identificazione della
+- scheda
+- numero di sicurezza
+- numero van veiligheid
+- numéro de sécurité
+- n┬║ autorizzazione
+- número de verificação
+- perno il blocco
+- pin block
+- prufziffer
+- pr├╝fziffer
+- security code
+- security no
+- security number
+- sicherheits kode
+- sicherheitscode
+- sicherheitsnummer
+- speldblok
+- veiligheid nr
+- veiligheidsaantal
+- veiligheidscode
+- veiligheidsnummer
+- verfalldatum
+
+### Keyword_card_expiration_terms_dict
+
+- ablauf
+- data de expiracao
+- data de expiração
+- data del exp
+- data di exp
+- data di scadenza
+- data em que expira
+- data scad
+- data scadenza
+- date de validité
+- datum afloop
+- datum van exp
+- de afloop
+- espira
+- espira
+- exp date
+- exp datum
+- expiration
+- expire
+- expires
+- expiry
+- fecha de expiracion
+- fecha de venc
+- gultig bis
+- gultigkeitsdatum
+- g├╝ltig bis
+- g├╝ltigkeitsdatum
+- la scadenza
+- scadenza
+- valable
+- validade
+- valido hasta
+- valor
+- venc
+- vencimento
+- vencimiento
+- verloopt
+- vervaldag
+- vervaldatum
+- vto
+- válido hasta
compliance Sit Defn Eu Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-eu-drivers-license-number.md
+
+ Title: "EU drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "EU driver's license number sensitive information type entity definition."
++
+# EU drivers license number
+
+These entities are in the EU Driver's License Number and are sensitive information types.
+
+- [Austria](sit-defn-austria-drivers-license-number.md)
+- [Belgium](sit-defn-belgium-drivers-license-number.md)
+- [Bulgaria](sit-defn-bulgaria-drivers-license-number.md)
+- [Croatia](sit-defn-croatia-drivers-license-number.md)
+- [Cyprus](sit-defn-cyprus-drivers-license-number.md)
+- [Czech](sit-defn-czech-drivers-license-number.md)
+- [Denmark](sit-defn-denmark-drivers-license-number.md)
+- [Estonia](sit-defn-estonia-drivers-license-number.md)
+- [Finland](sit-defn-finland-drivers-license-number.md)
+- [France](sit-defn-france-drivers-license-number.md)
+- [Germany](sit-defn-germany-drivers-license-number.md)
+- [Greece](sit-defn-greece-drivers-license-number.md)
+- [Hungary](sit-defn-hungary-drivers-license-number.md)
+- [Ireland](sit-defn-ireland-drivers-license-number.md)
+- [Italy](sit-defn-italy-drivers-license-number.md)
+- [Latvia](sit-defn-latvia-drivers-license-number.md)
+- [Lithuania](sit-defn-lithuania-drivers-license-number.md)
+- [Luxemburg](sit-defn-luxemburg-drivers-license-number.md)
+- [Malta](sit-defn-malta-drivers-license-number.md)
+- [Netherlands](sit-defn-netherlands-drivers-license-number.md)
+- [Poland](sit-defn-poland-drivers-license-number.md)
+- [Portugal](sit-defn-portugal-drivers-license-number.md)
+- [Romania](sit-defn-romania-drivers-license-number.md)
+- [Slovakia](sit-defn-slovakia-drivers-license-number.md)
+- [Slovenia](sit-defn-slovenia-drivers-license-number.md)
+- [Spain](sit-defn-spain-drivers-license-number.md)
+- [Sweden](sit-defn-sweden-drivers-license-number.md)
+- [U.K.](sit-defn-uk-drivers-license-number.md)
compliance Sit Defn Eu National Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-eu-national-identification-number.md
+
+ Title: "EU national identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "EU national identification number sensitive information type entity definition."
++
+# EU national identification number
+
+These entities are in the EU National Identification Number and are sensitive information types.
+
+- [Austria](sit-defn-austria-identity-card.md)
+- [Belgium](sit-defn-belgium-national-number.md)
+- [Bulgaria](sit-defn-bulgaria-uniform-civil-number.md)
+- [Croatia](sit-defn-croatia-identity-card-number.md)
+- [Cyprus](sit-defn-cyprus-identity-card.md)
+- [Czech](sit-defn-czech-personal-identity-number.md)
+- [Denmark](sit-defn-denmark-personal-identification-number.md)
+- [Estonia](sit-defn-estonia-personal-identification-code.md)
+- [Finland](sit-defn-finland-national-id.md)
+- [France](sit-defn-france-national-id-card.md)
+- [Germany](sit-defn-germany-identity-card-number.md)
+- [Greece](sit-defn-greece-national-id-card.md)
+- [Hungary](sit-defn-hungary-personal-identification-number.md)
+- [Ireland](sit-defn-ireland-personal-public-service-number.md)
+- [Italy](sit-defn-italy-fiscal-code.md)
+- [Latvia](sit-defn-latvia-personal-code.md)
+- [Lithuania](sit-defn-lithuania-personal-code.md)
+- [Luxemburg](sit-defn-luxemburg-national-identification-number-natural-persons.md)
+- [Malta](sit-defn-malta-identity-card-number.md)
+- [Netherlands](sit-defn-netherlands-citizens-service-number.md)
+- [Poland](sit-defn-poland-national-id.md)
+- [Portugal](sit-defn-portugal-citizen-card-number.md)
+- [Romania](sit-defn-romania-personal-numeric-code.md)
+- [Slovakia](sit-defn-slovakia-personal-number.md)
+- [Slovenia](sit-defn-slovenia-unique-master-citizen-number.md)
+- [Spain](sit-defn-spain-dni.md)
+- [U.K.](sit-defn-uk-national-insurance-number.md)
compliance Sit Defn Eu Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-eu-passport-number.md
+
+ Title: "EU passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "EU passport number sensitive information type entity definition."
++
+# EU passport number
+
+These entities are in the EU passport number and are sensitive information types. These entities are in the EU passport number bundle.
+
+- [Austria](sit-defn-austria-passport-number.md)
+- [Belgium](sit-defn-belgium-passport-number.md)
+- [Bulgaria](sit-defn-bulgaria-passport-number.md)
+- [Croatia](sit-defn-croatia-passport-number.md)
+- [Cyprus](sit-defn-cyprus-passport-number.md)
+- [Czech](sit-defn-czech-passport-number.md)
+- [Denmark](sit-defn-denmark-passport-number.md)
+- [Estonia](sit-defn-estonia-passport-number.md)
+- [Finland](sit-defn-finland-passport-number.md)
+- [France](sit-defn-france-passport-number.md)
+- [Germany](sit-defn-germany-passport-number.md)
+- [Greece](sit-defn-greece-passport-number.md)
+- [Hungary](sit-defn-hungary-passport-number.md)
+- [Ireland](sit-defn-ireland-passport-number.md)
+- [Italy](sit-defn-italy-passport-number.md)
+- [Latvia](sit-defn-latvia-passport-number.md)
+- [Lithuania](sit-defn-lithuania-passport-number.md)
+- [Luxemburg](sit-defn-luxemburg-passport-number.md)
+- [Malta](sit-defn-malta-passport-number.md)
+- [Netherlands](sit-defn-netherlands-passport-number.md)
+- [Poland](sit-defn-poland-passport-number.md)
+- [Portugal](sit-defn-portugal-passport-number.md)
+- [Romania](sit-defn-romania-passport-number.md)
+- [Slovakia](sit-defn-slovakia-passport-number.md)
+- [Slovenia](sit-defn-slovenia-passport-number.md)
+- [Spain](sit-defn-spain-passport-number.md)
+- [Sweden](sit-defn-sweden-passport-number.md)
+- [U.S./U.K. passport number](sit-defn-us-uk-passport-number.md)
compliance Sit Defn Eu Social Security Number Equivalent Identification https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-eu-social-security-number-equivalent-identification.md
+
+ Title: "EU social security number or equivalent identification entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "EU social security number or equivalent identification sensitive information type entity definition."
++
+# EU social security number or equivalent identification
+
+These entities are in the EU Social Security Number or equivalent identification and are sensitive information types.
+
+- [Austria](sit-defn-austria-social-security-number.md)
+- [Belgium](sit-defn-belgium-national-number.md)
+- [Croatia](sit-defn-croatia-personal-identification-number.md)
+- [Czech](sit-defn-czech-personal-identity-number.md)
+- [Denmark](sit-defn-denmark-personal-identification-number.md)
+- [Finland](sit-defn-finland-national-id.md)
+- [France](sit-defn-france-social-security-number.md)
+- [Germany](sit-defn-germany-identity-card-number.md)
+- [Greece](sit-defn-greece-national-id-card.md)
+- [Hungary](sit-defn-hungary-social-security-number.md)
+- [Portugal](sit-defn-portugal-citizen-card-number.md)
+- [Spain](sit-defn-spain-social-security-number.md)
+- [Sweden](sit-defn-sweden-national-id.md)
compliance Sit Defn Eu Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-eu-tax-identification-number.md
+
+ Title: "EU Tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "EU Tax identification number sensitive information type entity definition."
++
+# EU Tax identification number
+
+These entities are in the EU Tax identification number sensitive information type.
+
+- [Austria](sit-defn-austria-tax-identification-number.md)
+- [Belgium](sit-defn-belgium-national-number.md)
+- [Bulgaria](sit-defn-bulgaria-uniform-civil-number.md)
+- [Croatia](sit-defn-croatia-identity-card-number.md)
+- [Cyprus](sit-defn-cyprus-tax-identification-number.md)
+- [Czech](sit-defn-czech-personal-identity-number.md)
+- [Denmark](sit-defn-denmark-personal-identification-number.md)
+- [Estonia](sit-defn-estonia-personal-identification-code.md)
+- [Finland](sit-defn-finland-national-id.md)
+- [France](sit-defn-france-tax-identification-number.md)
+- [Germany](sit-defn-germany-tax-identification-number.md)
+- [Greece](sit-defn-greece-tax-identification-number.md)
+- [Hungary](sit-defn-hungary-tax-identification-number.md)
+- [Ireland](sit-defn-ireland-personal-public-service-number.md)
+- [Italy](sit-defn-italy-fiscal-code.md)
+- [Latvia](sit-defn-latvia-personal-code.md)
+- [Lithuania](sit-defn-lithuania-personal-code.md)
+- [Luxemburg](sit-defn-luxemburg-national-identification-number-non-natural-persons.md)
+- [Malta](sit-defn-malta-tax-identification-number.md)
+- [Netherlands](sit-defn-netherlands-tax-identification-number.md)
+- [Poland](sit-defn-poland-tax-identification-number.md)
+- [Portugal](sit-defn-portugal-tax-identification-number.md)
+- [Romania](sit-defn-romania-personal-numeric-code.md)
+- [Slovakia](sit-defn-slovakia-personal-number.md)
+- [Slovenia](sit-defn-slovenia-tax-identification-number.md)
+- [Spain](sit-defn-spain-tax-identification-number.md)
+- [Sweden](sit-defn-sweden-tax-identification-number.md)
+- [U.K.](sit-defn-uk-unique-taxpayer-reference-number.md)
compliance Sit Defn Finland Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-finland-drivers-license-number.md
+
+ Title: "Finland drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Finland driver's license number sensitive information type entity definition."
++
+# Finland drivers license number
+
+## Format
+
+10 digits containing a hyphen
+
+## Pattern
+
+10 digits containing a hyphen:
+
+- six digits
+- a hyphen
+- three digits
+- a digit or letter
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_finland_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_finland_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Finland Driver's License Number -->
+ <Entity id="bb3b27a3-79bd-4ac4-81a7-f9fca3c7d1a7" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_finland_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_finland_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_finland_eu_driver's_license_number
+
+- ajokortti
+- permis de conduire
+- ajokortin numero
+- kuljettaja lic.
+- k├╢rkort
+- k├╢rkortnummer
+- f├╢rare lic.
+- ajokortit
+- ajokortin numerot
compliance Sit Defn Finland European Health Insurance Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-finland-european-health-insurance-number.md
+
+ Title: "Finland european health insurance number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Finland european health insurance number sensitive information type entity definition."
++
+# Finland european health insurance number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+20-digit number
+
+## Pattern
+
+20-digit number:
+
+- 10 digits - 8024680246
+- an optional space or hyphen
+- 10 digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regex `Regex_Finland_European_Health_Insurance_Number` finds content that matches the pattern.
+- A keyword from `Keyword_Finland_European_Health_Insurance_Number` is found.
+
+```xml
+ <!-- Finland European Health Insurance Number -->
+ <Entity id="60f75aed-81bf-4625-89b0-0846b9248ee7" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_Finland_European_Health_Insurance_Number"/>
+ <Match idRef="Keyword_Finland_European_Health_Insurance_Number"/>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_finland_european_health_insurance_number
+
+- ehic#
+- ehic
+- finlandehicnumber#
+- finska sjukförsäkringskort
+- health card
+- health insurance card
+- health insurance number
+- hälsokort
+- sairaanhoitokortin
+- sairausvakuutuskortti
+- sairausvakuutusnumero
+- sjukförsäkring nummer
+- sjukförsäkringskort
+- suomen sairausvakuutuskortti
+- terveyskortti
compliance Sit Defn Finland National Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-finland-national-id.md
+
+ Title: "Finland national ID entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Finland national ID sensitive information type entity definition."
++
+# Finland national ID
+
+## Format
+
+six digits plus a character indicating a century plus three digits plus a check digit
+
+## Pattern
+
+Pattern must include all of the following:
+
+- six digits in the format DDMMYY, which are a date of birth
+- century marker (either '-', '+' or 'a')
+- three-digit personal identification number
+- a digit or letter (case insensitive) which is a check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- the function `Func_finnish_national_id` finds content that matches the pattern
+- a keyword from `Keyword_finnish_national_id` is found
+- the checksum passes
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- the function `Func_finnish_national_id` finds content that matches the pattern
+- the checksum passes
+
+```xml
+ <!-- Finnish National ID-->
+ <Entity id="338FD995-4CB5-4F87-AD35-79BD1DD926C1" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_finnish_national_id" />
+ <Match idRef="Keyword_finnish_national_id" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_finnish_national_id" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+- ainutlaatuinen henkil├╢kohtainen tunnus
+- henkilökohtainen tunnus
+- henkil├╢tunnus
+- henkil├╢tunnusnumero#
+- henkilötunnusnumero
+- hetu
+- id no
+- id number
+- identification number
+- identiteetti numero
+- identity number
+- idnumber
+- kansallinen henkilötunnus
+- kansallisen henkil├╢kortin
+- national id card
+- national id no.
+- personal id
+- personal identity code
+- personalidnumber#
+- personbeteckning
+- personnummer
+- social security number
+- sosiaaliturvatunnus
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
+- tunnistenumero
+- tunnus numero
+- tunnusluku
+- tunnusnumero
+- verokortti
+- veronumero
+- verotunniste
+- verotunnus
compliance Sit Defn Finland Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-finland-passport-number.md
+
+ Title: "Finland passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Finland passport number sensitive information type entity definition."
++
+# Finland passport number
+
+This entity is available in the EU Passport Number sensitive information type and is available as a stand-alone sensitive information type entity.
+
+## Format
+
+combination of nine letters and digits
+
+## Pattern
+
+combination of nine letters and digits:
+
+- two letters (not case-sensitive)
+- seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_finland_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keyword_finland_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_finland_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keyword_finland_passport_number` is found.
+
+```xml
+ <!-- Finland Passport Number -->
+ <Entity id="d1685ac3-1d3a-40f8-8198-32ef5669c7a5" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_finland_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keyword_finland_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_finland_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keyword_finland_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keyword_finland_passport_number
+
+- suomalainen passi
+- passin numero
+- passin numero.#
+- passin numero#
+- passin numero.
+- passi#
+- passi number
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Finland Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-finland-physical-addresses.md
+
+ Title: "Finland physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Finland physical addresses sensitive information type entity definition."
++
+# Finland physical addresses
+
+This unbundled named entity detects patterns related to physical address from Finland. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn France Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-france-drivers-license-number.md
+
+ Title: "France drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "France driver's license number sensitive information type entity definition."
++
+# France drivers license number
+
+This entity is available in the EU Driver's License Number sensitive information type and is available as a stand-alone sensitive information type entity.
+
+## Format
+
+12 digits
+
+## Pattern
+
+12 digits with validation to discount similar patterns such as French telephone numbers
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- the function `Func_french_drivers_license` finds content that matches the pattern.
+- a keyword from `Keyword_french_drivers_license` is found.
+
+```xml
+ <!-- France Driver's License Number -->
+ <Entity id="18e55a36-a01b-4b0f-943d-dc10282a1824" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_french_drivers_license" />
+ <Match idRef="Keyword_french_drivers_license" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_french_drivers_license
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+- permis de conduire
+- licence number
+- license number
+- licence numbers
+- license numbers
+- numéros de licence
compliance Sit Defn France Health Insurance Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-france-health-insurance-number.md
+
+ Title: "France health insurance number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "France health insurance number sensitive information type entity definition."
++
+# France health insurance number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+21-digit number
+
+## Pattern
+
+21-digit number:
+
+- 10 digits
+- an optional space
+- 10 digits
+- an optional space
+- a digit
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- the regex `Regex_France_Health_Insurance_Number` finds content that matches the pattern.
+- a keyword from `Keyword_France_Health_Insurance_Number` is found.
+
+```xml
+ <!-- France Health Insurance Number -->
+ <Entity id="9bc2069e-76df-4ff9-ac02-2f519469e236" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_France_Health_Insurance_Number"/>
+ <Match idRef="Keyword_France_Health_Insurance_Number"/>
+ </Pattern>
+ </Entity>
+```
+## Keywords
+
+### Keyword_France_health_insurance_number
+
+- insurance card
+- carte vitale
+- carte d'assuré social
compliance Sit Defn France National Id Card https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-france-national-id-card.md
+
+ Title: "France national id card (CNI) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "France national id card (CNI) sensitive information type entity definition."
++
+# France national id card (CNI)
+
+## Format
+
+12 digits
+
+## Pattern
+
+12 digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_france_cni` finds content that matches the pattern.
+- A keyword from `Keywords_france_eu_national_id_card` is found.
+
+```xml
+ <!-- France CNI -->
+ <Entity id="f741ac74-1bc0-4665-b69b-f0c7f927c0c4" patternsProximity="300" recommendedConfidence="65">
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Regex_france_cni" />
+ <Match idRef="Keywords_france_eu_national_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_france_eu_national_id_card
+
+- card number
+- carte nationale d'identité
+- carte nationale d'idenite no
+- cni#
+- cni
+- compte bancaire
+- national identification number
+- national identity
+- nationalidno#
+- numéro d'assurance maladie
+- numéro de carte vitale
compliance Sit Defn France Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-france-passport-number.md
+
+ Title: "France passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "France passport number sensitive information type entity definition."
++
+# France passport number
+
+This entity is available in the EU Passport Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
+
+## Format
+
+nine digits and letters
+
+## Pattern
+
+nine digits and letters:
+
+- two digits
+- two letters (not case-sensitive)
+- five digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_fr_passport` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_france_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_fr_passport` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_france_eu_passport_number` is found.
+
+```xml
+ <!-- France Passport Number -->
+ <Entity id="3008b884-8c8c-4cd8-a289-99f34fc7ff5d" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_fr_passport" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_france_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date3" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_fr_passport" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_france_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_france_eu_passport_number
+
+- numéro de passeport
+- passeport n ┬░
+- passeport non
+- passeport #
+- passeport#
+- passeportnon
+- passeportn ┬░
+- passeport français
+- passeport livre
+- passeport carte
+- numéro passeport
+- passeport n┬░
+- n┬░ du passeport
+- n┬░ passeport
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn France Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-france-physical-addresses.md
+
+ Title: "France physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "France physical addresses sensitive information type entity definition."
++
+# France physical addresses
+
+This unbundled named entity detects patterns related to physical address from France. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn France Social Security Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-france-social-security-number.md
+
+ Title: "France social security number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "France social security number (INSEE) sensitive information type entity definition."
++
+# France social security number (INSEE)
+
+## Format
+
+15 digits
+
+## Pattern
+
+Must match one of two patterns:
+
+- 13 digits followed by a space followed by two digits
+
+ or
+
+- 15 consecutive digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_french_insee` finds content that matches the pattern.
+- A keyword from `Keyword_fr_insee` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_french_insee` or `Func_fr_insee` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- France INSEE -->
+ <Entity id="71f62b97-efe0-4aa1-aa49-e14de253619d" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_french_insee" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keyword_fr_insee" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_french_insee" />
+ <Match idRef="Keyword_fr_insee" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_fr_insee
+
+- code sécu
+- d'identité nationale
+- insee
+- fssn#
+- le numéro d'identification nationale
+- le code de la sécurité sociale
+- national id
+- national identification
+- no d'identité
+- no. d'identité
+- numéro d'assurance
+- numéro d'identité
+- numero d'identite
+- numéro de sécu
+- numéro de sécurité sociale
+- no d'identite
+- no. d'identite
+- ssn
+- ssn#
+- sécurité sociale
+- securité sociale
+- securite sociale
+- socialsecuritynumber
+- social security number
+- social security code
+- social insurance number
compliance Sit Defn France Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-france-tax-identification-number.md
+
+ Title: "France tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "France tax identification number sensitive information type entity definition."
++
+# France tax identification number
+
+## Format
+
+13 digits
+
+## Pattern
+
+13 digits
+
+- One digit that must be 0, 1, 2, or 3
+- One digit
+- A space (optional)
+- Two digits
+- A space (optional)
+- Three digits
+- A space (optional)
+- Three digits
+- A space (optional)
+- Three check digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_france_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_france_eu_tax_file_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_france_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- France Tax Identification Number (numéro SPI.) -->
+ <Entity id="ed59e77e-171d-442c-9ec1-88e2ebcb5b0a" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_france_eu_tax_file_number" />
+ <Match idRef="Keywords_france_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_france_eu_tax_file_number" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_france_eu_telephone_number" />
+ <Match idRef="Keywords_france_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+
+```
+
+## Keywords
+
+### Keywords_france_eu_tax_file_number
+
+- numéro d'identification fiscale
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn France Value Added Tax Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-france-value-added-tax-number.md
+
+ Title: "France value added tax number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "France value added tax number sensitive information type entity definition."
++
+# France value added tax number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+13 character alphanumeric pattern
+
+## Pattern
+
+13 character alphanumeric pattern:
+
+- two letters - FR (case insensitive)
+- an optional space or hyphen
+- two letters or digits
+- an optional space, dot, hyphen, or comma
+- three digits
+- an optional space, dot, hyphen, or comma
+- three digits
+- an optional space, dot, hyphen, or comma
+- three digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_france_value_added_tax_number` finds content that matches the pattern.
+- A keyword from `Keywords_france_value_added_tax_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_france_value_added_tax_number` finds content that matches the pattern.
+
+```xml
+ <!-- France Value Added Tax Number -->
+ <Entity id="949121e6-ad9f-4379-8731-710342baea78" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_france_value_added_tax_number" />
+ <Match idRef="Keywords_france_value_added_tax_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_france_value_added_tax_number" />
+ </Pattern>
+ </Entity>
+```
+## Keywords
+
+### Keyword_France_value_added_tax_number
+
+- vat number
+- vat no
+- vat#
+- value added tax
+- siren identification no numéro d'identification taxe sur valeur ajoutée
+- taxe valeur ajoutée
+- taxe sur la valeur ajoutée
+- n┬░ tva
+- numéro de tva
+- numéro d'identification siren
compliance Sit Defn General Password https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-general-password.md
+
+ Title: "General password entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "General password sensitive information type entity definition."
++
+# General Password (preview)
+
+## Format
+
+Up to 20,000-character combination of letters, digits, and special characters.
+
+or
+
+Sign in credentials used in command lines
+
+or
+
+Plain-text password used in code snippets
+
+or
+
+Plain-text password used in script
+
+or
+
+Plain-text password used in XML configuration
+
+or
+
+A combination of 24 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of 32 characters consisting of letters and digits.
+
+or
+
+A combination of 32 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of 44 characters consisting of letters, digits, and special characters.
+
+or
+
+An 88-character combination of letters, digits, and special characters.
+
+## Pattern
+
+Any combination of up to 20,000 characters consisting of:
+
+- a-z (case insensitive)
+- 0-9
+- forward slashes (/) or plus signs (+)
+- Up to two equal signs (=)
+
+for example:
+
+`MIIKcQIBAzCCCi0GCSqGSIb3DQEHAaCCCh4EggoaMIIKFjCCBg8GCSqGSIb3DQEHAaCCBgAEggX8MIIF+DCCBfQGCyqGSIb3DQEM`
+
+or
+
+Various command line sign in credentials formats, for example:
+
+`-u username:********`
+
+or
+
+`-u username -p ********`
+
+or
+
+`/f ... /p ********`
+
+or
+
+`-Password ********`
+
+or
+
+`-U username%********`
+
+or
+
+`-secrets:********`
+
+for example:
+
+`zDbg.DataPuller.exe -secrets:eyJ`
+
+or
+
+Various password formats in code snippets, for example:
+
+`new X509Certificates2(`
+
+or
+
+`ConvertTo-SecureString -String ********`
+
+or
+
+`password = "********"`
+
+or
+
+`"password" : "********"`
+
+or
+
+`UserPasswordCredential(`
+
+for example:
+
+`password = "ZYXWVU_1";`
+
+or
+
+Various password formats in script, for example:
+
+`password = ********`
+
+for example:
+
+`password=ZYXWVU_1`
+
+or
+
+Various password formats in XML, for example:
+
+```xml
+<secret>********</secret>
+<password>********</password>
+<setting name="password" value="********" >
+<setting name="password">********</setting>
+<setting name="password"><value>********</value></setting>
+```
+
+for example:
+
+`<secret>ZYXWVU_1</secret>`
+
+or
+
+Any combination of 22 characters consisting of:
+
+- a-z (case insensitive)
+- digits, forward slashes, or plus signs
+- ends with two equal signs (=)
+
+for example:
+
+`abcdefgh0123456789/+AB==`
+
+or
+
+Any combination of 32 characters consisting of:
+
+- a-f or A-F (case-sensitive) or 0-9
+
+for example:
+
+`abcdef0123456789abcdef0123456789`
+
+or
+
+Any combination of 32 characters consisting of:
+
+- a-z (case insensitive)
+- 0-9
+- forward slashes (/) or plus signs (+)
+
+for example:
+
+`abcdefghijklmnopqr0123456789/+AB`
+
+or
+
+Any combination of 43 characters consisting of:
+
+- a-z (case insensitive)
+- 0-9
+- forward slashes (/) or plus signs (+)
+- ends with an equal sign (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+or
+
+Any combination of 86 characters consisting of:
+
+- a-z (case insensitive)
+- 0-9
+- forward slashes (/) or plus signs (+)
+- ends with two equal signs (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==`
+
+## Checksum
+
+Yes
+
+## Description
+
+This SIT is designed to match the security information that's like usernames and passwords used in general sign in process [user login process](/azure/key-vault/quick-create-portal). It uses several primary resources:
+
+- Patterns of Base64 encoded string literal.
+- Patterns of Password context in command line.
+- Patterns of Password context in code.
+- Patterns of Password context in script.
+- Patterns of Password context in XML.
+- Patterns of Base64 encoded 128-bits symmetric key.
+- Patterns of Hex encoded 128-bits symmetric key.
+- Patterns of Base64 encoded 192-bits symmetric key.
+- Patterns of Base64 encoded 256-bits symmetric key.
+- Patterns of Base64 encoded 512-bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID, AccountName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary words.
++
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_Base64EncodedStringLiteral
+
+- MII
+
+### Keyword_PasswordContextInCmdLine
+
+- certutil
+- zdbg
+- secret
+- VSTS_TOKEN
+- curl
+- PowerShell
+- ps1
+- -u
+- Smc
+- AutoLogon
+- ldifde
+- Rclone
+- --env
+- SignTool
+- winexe
+- net
+
+## Keyword_PasswordContextInCode
+
+- key
+- x509c
+- credential
+- password
+- pw
+- securestring
+
+### Keyword_PasswordContextInScript
+
+- secret
+- password
+- pw
+
+### Keyword_PasswordContextInXml
+
+- userpass
+- password
+- pw
+- connectionstring
+- key
+- credential
+- token
+- sas
+- secret
+
+### Keyword_SymmetricKey128
+
+- secret
+- key
+- password
+- pw
+
+### Keyword_SymmetricKey128Hex
+
+- dapi
+- key
+- secret
+- token
+- password
+- pw
+
+### Keyword_SymmetricKey192
+
+- password
+- -p
+- azurecr
+
+### Keyword_SymmetricKey256
+
+- SharedAccessKey
+- AccountKey
+
+### Keyword_SymmetricKey512
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn General Symmetric Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-general-symmetric-key.md
+
+ Title: "General Symmetric key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "General Symmetric key sensitive information type entity definition."
++
+# General Symmetric key (preview)
+
+## Format
+
+A combination of 44 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of 88 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+A combination of 43 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/) or plus signs (+)
+- ends with an equal sign (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=`
+
+or
+
+A combination of 86 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/) or plus signs (+)
+- ends with two equal signs (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used in [general authentication process.](/dotnet/api/system.security.cryptography.aes?view=net-5.0)
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 256 bits symmetric key.
+- Patterns of Base64 encoded 512 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey256:
+
+- SharedAccessKey
+- AccountKey
+
+### Keyword_SymmetricKey512:
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn Generic Medication Names https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-generic-medication-names.md
+
+ Title: "Generic medication names entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Generic medication names sensitive information type entity definition."
++
+# Generic medication names
+
+This unbundled named entity detects names of generic medications, such as *acetaminophen*. It supports English terms only. It's also included in the [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+High
compliance Sit Defn Germany Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-germany-drivers-license-number.md
+
+ Title: "Germany drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Germany driver's license number sensitive information type entity definition."
++
+# Germany drivers license number
+
+This sensitive information type entity is included in the EU Driver's License Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
+
+## Format
+
+combination of 11 digits and letters
+
+## Pattern
+
+11 digits and letters (not case-sensitive):
+
+- a digit or letter
+- two digits
+- six digits or letters
+- a digit
+- a digit or letter
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_german_drivers_license` finds content that matches the pattern.
+- A keyword from `Keyword_german_drivers_license_number` is found.
+- The checksum passes.
+
+```xml
+ <!-- German Driver's License Number -->
+ <Entity id="91da9335-1edb-45b7-a95f-5fe41a16c63c" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_german_drivers_license" />
+ <Match idRef="Keyword_german_drivers_license" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_german_drivers_license_number
+
+- ausstellungsdatum
+- ausstellungsort
+- ausstellende beh├╢de
+- ausstellende behorde
+- ausstellende behoerde
+- f├╝hrerschein
+- fuhrerschein
+- fuehrerschein
+- f├╝hrerscheinnummer
+- fuhrerscheinnummer
+- fuehrerscheinnummer
+- f├╝hrerschein-
+- fuhrerschein-
+- fuehrerschein-
+- f├╝hrerscheinnummernr
+- fuhrerscheinnummernr
+- fuehrerscheinnummernr
+- f├╝hrerscheinnummerklasse
+- fuhrerscheinnummerklasse
+- fuehrerscheinnummerklasse
+- nr-f├╝hrerschein
+- nr-fuhrerschein
+- nr-fuehrerschein
+- no-f├╝hrerschein
+- no-fuhrerschein
+- no-fuehrerschein
+- n-f├╝hrerschein
+- n-fuhrerschein
+- n-fuehrerschein
+- permis de conduire
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dlno
compliance Sit Defn Germany Identity Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-germany-identity-card-number.md
+
+ Title: "Germany identity card number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Germany identity card number sensitive information type entity definition."
++
+# Germany identity card number
+
+## Format
+
+since 1 November 2010: Nine to 11 letters and digits
+
+from 1 April 1987 until 31 October 2010: 10 digits
+
+## Pattern
+
+since 1 November 2010: 9 to 11 characters alphanumeric pattern
+- one L, M, N, P, R, T, V, W, X, Y (case insensitive)
+- eight digits or letters in C, F, G, H, J, K, L, M, N, P, R, T, V, W, X, Y and Z (case insensitive)
+- optional check digit
+- Optional d/D
+
+from 1 April 1987 until 31 October 2010:
+
+- 10 digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_german_id_card_with_check` finds content that matches the pattern.
+- A keyword from `Keyword_germany_id_card` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_germany_id_card` finds content that matches the pattern (9 characters without check digit issued pre-2010 or 10 digits pattern issued posy 2010).
+- A keyword from `Keyword_germany_id_card` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_german_id_card_with_check` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- Germany Identity Card Number -->
+ <Entity id="e577372f-c42e-47a0-9d85-bebed1c237d4" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_germany_id_card" />
+ <Match idRef="Keyword_germany_id_card" />
+ </Pattern>
+ <Version minEngineVersion="15.20.4545.000">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_german_id_card_with_check" />
+ <Match idRef="Keyword_germany_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_german_id_card_with_check" />
+ </Pattern>
+ </Version>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_germany_id_card
+
+- ausweis
+- gpid
+- identification
+- identifikation
+- identifizierungsnummer
+- identity card
+- identity number
+- id-nummer
+- personal id
+- personalausweis
+- persönliche id nummer
+- persönliche identifikationsnummer
+- persönliche-id-nummer
compliance Sit Defn Germany Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-germany-passport-number.md
+
+ Title: "Germany passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Germany passport number sensitive information type entity definition."
++
+# Germany passport number
+
+## Format
+
+9 to 11 characters
+
+## Pattern
+
+- one letter in C, F, G, H, J, K (case insensitive)
+- eight digits or letters in C, F, G, H, J, K, L, M, N, P, R, T, V, W, X, Y and Z (case insensitive)
+- optional check digit
+- Optional d/D
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_german_passport_checksum` finds content that matches the pattern.
+- A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_german_passport` finds content that matches the nine characters pattern (without check digit and optional d/D).
+- A keyword from `Keyword_german_passport` or `Keywords_eu_passport_number_common` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_german_passport_checksum` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- German Passport Number -->
+ <Entity id="2e3da144-d42b-47ed-b123-fbf78604e52c" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_german_passport" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_german_passport" />
+ <Match idRef="Keywords_eu_passport_number_common" />
+ </Any>
+ </Pattern>
+ <Version minEngineVersion="15.20.4570.0">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_german_passport_checksum" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_german_passport" />
+ <Match idRef="Keywords_eu_passport_number_common" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_german_passport_checksum" />
+ </Pattern>
+ </Version>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_german_passport
+
+- reisepasse
+- reisepassnummer
+- No-Reisepass
+- Nr-Reisepass
+- Reisepass-Nr
+- Passnummer
+- reisepässe
+- passeport no.
+- passeport no
+
+### Keywords_eu_passport_number_common
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
compliance Sit Defn Germany Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-germany-physical-addresses.md
+
+ Title: "Germany physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Germany physical addresses sensitive information type entity definition."
++
+# Germany physical addresses
+
+This unbundled named entity detects patterns related to physical address from Germany. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Germany Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-germany-tax-identification-number.md
+
+ Title: "Germany tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Germany tax identification number sensitive information type entity definition."
++
+# Germany tax identification number
+
+## Format
+
+11 digits without spaces and delimiters
+
+## Pattern
+
+11 digits
+
+- Two digits
+- An optional space
+- Three digits
+- An optional space
+- Three digits
+- An optional space
+- Two digits
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_germany_eu_tax_file_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_germany_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- Germany Tax Identification Number -->
+ <Entity id="43316a89-9880-40cf-b980-04bc7eefcec5" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_germany_eu_tax_file_number" />
+ <Match idRef="Keywords_germany_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_germany_eu_tax_file_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_germany_eu_tax_file_number
+
+- identifikationsnummer
+- steuer id
+- steueridentifikationsnummer
+- steuernummer
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
+- zinn#
+- zinn
+- zinnnummer
compliance Sit Defn Germany Value Added Tax Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-germany-value-added-tax-number.md
+
+ Title: "Germany value added tax number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Germany value added tax number sensitive information type entity definition."
++
+# Germany value added tax number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+11 character alphanumeric pattern
+
+## Pattern
+
+11-character alphanumeric pattern:
+
+- a letter D or d
+- a letter E or e
+- an optional space
+- three digits
+- an optional space or comma
+- three digits
+- an optional space or comma
+- three digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_germany_value_added_tax_number` finds content that matches the pattern.
+- A keyword from `Keywords_germany_value_added_tax_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_germany_value_added_tax_number` finds content that matches the pattern.
+
+```xml
+ <!-- Germany Value Added Tax Number -->
+ <Entity id="db177eb2-8811-4842-bffc-128c14aa219f" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_germany_value_added_tax_number" />
+ <Match idRef="Keywords_germany_value_added_tax_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_germany_value_added_tax_number" />
+ </Pattern>
+ </Entity>
+```
+## Keywords
+
+### Keyword_germany_value_added_tax_number
+
+- vat number
+- vat no
+- vat#
+- vat# mehrwertsteuer
+- mwst
+- mehrwertsteuer identifikationsnummer
+- mehrwertsteuer nummer
compliance Sit Defn Github Personal Access Token https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-github-personal-access-token.md
+
+ Title: "GitHub personal access token entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "GitHub personal access token sensitive information type entity definition."
++
+# GitHub personal access token (preview)
+
+## Format
+
+A combination of 40 characters consisting of letters, digits, and special characters.
+
+or
+
+Paired username and password used in URL.
+
+or
+
+A combination of 40 characters consisting of letters and digits.
+
+## Pattern
+
+- A token prefix (case-sensitive) 'ghp_', 'gho_', 'ghu_', 'ghs_', or 'ghr_'
+- Any combination of 36
+- a-z (not case-sensitive) or 0-9
+
+for example:
+
+`ghp_abcdefghijklmnopqrstuvwxyzABCD012345`
+
+or
+
+Various URL username and password formats for example:
+
+`https://username:********@contoso.com/` <br>
+
+`ftp://username:********@contoso.com:20/`<br>
++
+or
+
+A combination of 40 characters:
+
+- a-f or A-F (case-sensitive) or 0-9
+
+for example:
+
+`abcdef0123456789abcdef0123456789abcdef01`
+
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information that's used as an alternate password for authentication to GitHub when using [GitHub API or the command line](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
+
+It uses several primary resources:
+
+- Patterns of Identifiable GitHub PAT.
+- Patterns of User Login Credentials in URL.
+- Patterns of Hex encoded 160 bits Symmetric Key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_GitHubPatIdentifiableSecret:
+
+- gh_
+
+### Keyword_LoginCredentialsInUrl:
+
+- ://
+
+### Keyword_SymmetricKey160Hex:
+
+- token
compliance Sit Defn Google Api Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-google-api-key.md
+
+ Title: "Google API key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Google API key sensitive information type entity definition."
++
+# Google API key (preview)
+
+## Format
+
+A combination of 39 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+A token prefix (case-sensitive) 'AIza'
+
+A combination of 35 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- dashes (-)
+- underlines (_) or backward slashes (\)
+
+for example:
+
+`AIzaefgh0123456789_-ABCDEFGHIJKLMNOPQRS`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used as a simple encrypted string that identifies a [Google REST API client](https://cloud.google.com/docs/authentication/api-keys) without any principal that is used to associate API requests with your project for quota and billing.
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded 210 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey210:
+
+- AIza
compliance Sit Defn Greece Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-greece-drivers-license-number.md
+
+ Title: "Greece drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Greece driver's license number sensitive information type entity definition."
++
+# Greece drivers license number
+
+This entity is included in the EU Driver's License Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
+
+## Format
+
+nine digits without spaces and delimiters
+
+## Pattern
+
+nine digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_greece_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_greece_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Greece Driver's License Number -->
+ <Entity id="7a2200b5-aacf-4e3c-ab36-136d3e68b7da" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_greece_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_greece_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_greece_eu_driver's_license_number
+
+- δεια οδήγησης
+- Adeia odigisis
+- Άδεια οδήγησης
+- Δίπλωμα οδήγησης
compliance Sit Defn Greece National Id Card https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-greece-national-id-card.md
+
+ Title: "Greece national ID card entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Greece national ID card sensitive information type entity definition."
++
+# Greece national ID card
+
+## Format
+
+Combination of 7-8 letters and numbers plus a dash
+
+## Pattern
+
+Seven letters and numbers (old format):
+
+- One letter (any letter of the Greek alphabet)
+- A dash
+- Six digits
+
+Eight letters and numbers (new format):
+
+- Two letters whose uppercase character occurs in both the Greek and Latin alphabets (ABEZHIKMNOPTYX)
+- A dash
+- Six digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_greece_id_card` finds content that matches the pattern.
+- A keyword from `Keyword_greece_id_card` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_greece_id_card` finds content that matches the pattern.
+
+```xml
+ <!-- Greece National ID Card -->
+ <Entity id="82568215-1da1-46d3-874a-d2294d81b5ac" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_greece_id_card" />
+ <Match idRef="Keyword_greece_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Regex_greece_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_greece_id_card
+
+- greek id
+- greek national id
+- greek personal id card
+- greek police id
+- identity card
+- tautotita
+- ταυτότητα
+- ταυτότητας
compliance Sit Defn Greece Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-greece-passport-number.md
+
+ Title: "Greece passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Greece passport number sensitive information type entity definition."
++
+# Greece passport number
+
+## Format
+
+Two letters followed by seven digits with no spaces or delimiters
+
+## Pattern
+
+Two letters followed by seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.
+- The regular expression `Regex_greece_eu_passport_date` finds date in the format DD MMM YY (Example - 28 Aug 19) or a keyword from `Keywords_greece_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_greece_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_greece_eu_passport_number` is found.
+
+```xml
+ <!-- Greece Passport Number -->
+ <Entity id="7e65eb47-cdf9-4f52-8f90-2a27d5ee67e3" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_greece_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_greece_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_greece_eu_passport_date" />
+ <Match idRef="Keywords_greece_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_greece_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_greece_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_greece_eu_passport_number
+
+- αριθμός διαβατηρίου
+- αριθμούς διαβατηρίου
+- αριθμός διαβατηριο
compliance Sit Defn Greece Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-greece-physical-addresses.md
+
+ Title: "Greece physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Greece physical addresses sensitive information type entity definition."
++
+# Greece physical addresses
+
+This unbundled named entity detects patterns related to physical address from Greece. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Greece Social Security Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-greece-social-security-number.md
+
+ Title: "Greece Social Security Number (AMKA) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Greece Social Security Number (AMKA) sensitive information type entity definition."
++
+# Greece Social Security Number (AMKA)
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+11 digits without spaces and delimiters
+
+## Pattern
+
+- Six digits as date of birth YYMMDD
+- Four digits
+- a check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_greece_eu_ssn` finds content that matches the pattern.
+- A keyword from `Keywords_greece_eu_ssn_or_equivalent` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_greece_eu_ssn` finds content that matches the pattern.
+
+```xml
+ <!-- Greece Social Security Number (AMKA) -->
+ <Entity id="e39b03f4-50ea-41ae-af7a-a4b9539596ad" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_greece_eu_ssn" />
+ <Match idRef="Keywords_greece_eu_ssn_or_equivalent" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_greece_eu_ssn" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_greece_eu_ssn_or_equivalent
+
+- ssn
+- ssn#
+- social security no
+- socialsecurityno#
+- social security number
+- amka
+- a.m.k.a.
+- Αριθμού Μητρώου Κοινωνικής Ασφάλισης
compliance Sit Defn Greece Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-greece-tax-identification-number.md
+
+ Title: "Greece tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Greece tax identification number sensitive information type entity definition."
++
+# Greece tax identification number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+Nine digits without spaces and delimiters
+
+## Pattern
+
+Nine digits
+
+## Checksum
+
+Not applicable
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_greece_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_greece_eu_tax_file_number` is found.
+
+```xml
+ <!-- Greek Tax Identification Number -->
+ <Entity id="15a54a5a-53d4-4080-ad43-a2a4fe1d3bf7" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_greece_eu_tax_file_number" />
+ <Match idRef="Keywords_greece_eu_tax_file_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_greece_eu_tax_file_number
+
+- afm#
+- afm
+- aφμ|aφμ αριθμός
+- aφμ
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- tax registry no
+- tax registry number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- taxregistryno#
+- tin id
+- tin no
+- tin#
+- αριθμός φορολογικού μητρώου
+- τον αριθμό φορολογικού μητρώου
+- φορολογικού μητρώου νο
compliance Sit Defn Hong Kong Identity Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-hong-kong-identity-card-number.md
+
+ Title: "Hong Kong identity card (HKID) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Hong Kong identity card (HKID) number sensitive information type entity definition."
++
+# Hong Kong identity card (HKID) number
+
+## Format
+
+Combination of 8-9 letters and numbers plus optional parentheses around the final character
+
+## Pattern
+
+Combination of 8-9 letters:
+
+- 1-2 letters (not case-sensitive)
+- Six digits
+- optional space
+- a check character (any digit or the letter A) which is optionally enclosed in parentheses
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_hong_kong_id_card` finds content that matches the pattern.
+- A keyword from `Keyword_hong_kong_id_card` is found.
+- The checksum passes.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_hong_kong_id_card` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Hong Kong Identity Card (HKID) number -->
+<Entity id="e63c28a7-ad29-4c17-a41a-3d2a0b70fd9c" recommendedConfidence="75" patternsProximity="300">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_hong_kong_id_card"/>
+ <Match idRef="Keyword_hong_kong_id_card"/>
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_hong_kong_id_card"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_hong_kong_id_card
+
+- hkid
+- hong kong identity card
+- HKIDC
+- id card
+- identity card
+- hk identity card
+- hong kong id
+- 香港身份證
+- 香港永久性居民身份證
+- 身份證
+- 身份証
+- 身分證
+- 身分証
+- 香港身份証
+- 香港身分證
+- 香港身分証
+- 香港身份證
+- 香港居民身份證
+- 香港居民身份証
+- 香港居民身分證
+- 香港居民身分証
+- 香港永久性居民身份証
+- 香港永久性居民身分證
+- 香港永久性居民身分証
+- 香港永久性居民身份證
+- 香港非永久性居民身份證
+- 香港非永久性居民身份証
+- 香港非永久性居民身分證
+- 香港非永久性居民身分証
+- 香港特別行政區永久性居民身份證
+- 香港特別行政區永久性居民身份証
+- 香港特別行政區永久性居民身分證
+- 香港特別行政區永久性居民身分証
+- 香港特別行政區非永久性居民身份證
+- 香港特別行政區非永久性居民身份証
+- 香港特別行政區非永久性居民身分證
+- 香港特別行政區非永久性居民身分証
compliance Sit Defn Http Authorization Header https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-http-authorization-header.md
+
+ Title: "Http authorization header entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Http authorization header sensitive information type entity definition."
++
+# Http authorization header (preview)
+
+## Format
+
+An authorization header used in HTTP request.
+
+## Pattern
+
+Various authentication header formats for example:
+
+`authorization: basic ********` <br>
+`authorization: bearer ********` <br>
+`authorization: digest ********` <br>
+`authorization: negotiate ********` <br>
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used in the header of an [HTTP request for authentication and authorization.](/dotnet/api/system.net.http.headers.httprequestheaders.authorization?view=netframework-4.8)
+
+It uses several primary resources:
+
+- Patterns of Http authorization header.
+- Patterns of CredentialName, CredentialFeatures, ResourceType.
+- Patterns of mockup values, redactions, and placeholders.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_HttpAuthorizationHeader:
+
+- authorization
+
compliance Sit Defn Hungary Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-hungary-drivers-license-number.md
+
+ Title: "Hungary drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Hungary driver's license number sensitive information type entity definition."
++
+# Hungary drivers license number
+
+## Format
+
+Two letters followed by six digits
+
+## Pattern
+
+Two letters and six digits:
+
+- Two letters (not case-sensitive)
+- Six digits
+
+## Checksum
+
+No
+
+### Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_hungary_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_hungary_eu_driver's_license_number` is found.
+
+```xml
+ <Entity id="9d31c46b-6e6b-444c-aeb1-6dd7e604bb24" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_hungary_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_hungary_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_hungary_eu_driver's_license_number
+
+- vezetoi engedely
+- vezetői engedély
+- vezetői engedélyek
compliance Sit Defn Hungary Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-hungary-passport-number.md
+
+ Title: "Hungary passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Hungary passport number sensitive information type entity definition."
++
+# Hungary passport number
+
+## Format
+
+Two letters followed by six or seven digits with no spaces or delimiters
+
+## Pattern
+
+Two letters followed by six or seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.
+- The regular expression `Regex_hungary_eu_passport_date` finds date in the format DD MMM/MMM YY (Example - 01 MÁR/MAR 12) or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_hungary_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_hungary_eu_passport_number` is found.
+
+```xml
+ <!-- Hungary Passport Number -->
+ <Entity id="5b483910-9aa7-4c99-9917-f4001464bda7" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_hungary_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_hungary_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_hungary_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_hungary_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_hungary_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_hungary_eu_passport_number
+
+- útlevél száma
+- Útlevelek száma
+- útlevél szám
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Hungary Personal Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-hungary-personal-identification-number.md
+
+ Title: "Hungary personal identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Hungary personal identification number sensitive information type entity definition."
++
+# Hungary personal identification number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+11 digits
+
+## Pattern
+
+11 digits:
+
+- One digit that corresponds to gender, 1 for male, 2 for female. Other numbers are also possible for citizens born before 1900 or citizens with double citizenship.
+- Six digits that correspond to birth date (YYMMDD)
+- Three digits that correspond to a serial number
+- One check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_hungary_eu_national_id_card` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_hungary_eu_national_id_card` finds content that matches the pattern.
+
+```xml
+ <!-- Hungary Personal Identification Number -->
+ <Entity id="7b5cc218-7046-47d9-80c9-f325b50896ca" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_hungary_eu_national_id_card" />
+ <Match idRef="Keywords_hungary_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_hungary_eu_national_id_card" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_hungary_eu_telephone_number" />
+ <Match idRef="Keywords_hungary_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_hungary_eu_national_id_card
+
+- id number
+- identification number
+- sz ig
+- sz. ig.
+- sz.ig.
+- személyazonosító igazolvány
+- személyi igazolvány
compliance Sit Defn Hungary Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-hungary-physical-addresses.md
+
+ Title: "Hungary physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Hungary physical addresses sensitive information type entity definition."
++
+# Hungary physical addresses
+
+This unbundled named entity detects patterns related to physical address from Hungary. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Hungary Social Security Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-hungary-social-security-number.md
+
+ Title: "Hungary social security number (TAJ) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Hungary social security number (TAJ) sensitive information type entity definition."
++
+# Hungary social security number (TAJ)
+
+## Format
+
+Nine digits without spaces and delimiters
+
+## Pattern
+
+Nine digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.
+- A keyword from `Keywords_hungary_eu_ssn_or_equivalent` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_hungary_eu_ssn_or_equivalent` finds content that matches the pattern.
+
+```xml
+ <!-- Hungarian Social Security Number (TAJ) -->
+ <Entity id="0de78315-9537-47f5-95ab-b3e77eba3993" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_hungary_eu_ssn_or_equivalent" />
+ <Match idRef="Keywords_hungary_eu_ssn_or_equivalent" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_hungary_eu_ssn_or_equivalent" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_hungary_eu_ssn_or_equivalent
+
+- hungarian social security number
+- social security number
+- socialsecuritynumber#
+- hssn#
+- socialsecuritynno
+- hssn
+- taj
+- taj#
+- ssn
+- ssn#
+- social security no
+- áfa
+- közösségi adószám
+- általános forgalmi adó szám
+- hozzáadottérték adó
+- áfa szám
+- magyar áfa szám
compliance Sit Defn Hungary Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-hungary-tax-identification-number.md
+
+ Title: "Hungary tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Hungary tax identification number sensitive information type entity definition."
++
+# Hungary tax identification number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+10 digits with no spaces or delimiters
+
+## Pattern
+
+10 digits:
+
+- One digit that must be "8"
+- Eight digits
+- One check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_hungary_eu_tax_file_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_hungary_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- Hungary Tax Identification Number -->
+ <Entity id="ede42eb4-59d9-49eb-9603-d7853fbda91d" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_hungary_eu_tax_file_number" />
+ <Match idRef="Keywords_hungary_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_hungary_eu_tax_file_number" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_hungary_eu_telephone_number" />
+ <Match idRef="Keywords_hungary_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_hungary_eu_tax_file_number
+
+- adóazonosító szám
+- adóhatóság szám
+- adószám
+- hungarian tin
+- hungatiantin#
+- tax authority no
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
+- vat number
compliance Sit Defn Hungary Value Added Tax Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-hungary-value-added-tax-number.md
+
+ Title: "Hungary value added tax number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Hungary value added tax number sensitive information type entity definition."
+++
+# Hungary value added tax number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+10 character alphanumeric pattern
+
+## Pattern
+
+10 character alphanumeric pattern:
+
+- two letters - HU or hu
+- optional space
+- eight digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_hungarian_value_added_tax_number` finds content that matches the pattern.
+- A keyword from `Keywords_hungarian_value_added_tax_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_hungarian_value_added_tax_number` finds content that matches the pattern.
+
+```xml
+ <!-- Hungarian Value Added Tax Number -->
+ <Entity id="976349a0-683b-477a-90f8-ff0a220d5592" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_hungarian_value_added_tax_number" />
+ <Match idRef="Keywords_hungarian_value_added_tax_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_hungarian_value_added_tax_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_Hungary_value_added_tax_number
+
+- vat
+- value added tax number
+- vat#
+- vatno#
+- hungarianvatno#
+- tax no.
+- value added tax áfa
+- közösségi adószám
+- általános forgalmi adó szám
+- hozzáadottérték adó
+- áfa szám
compliance Sit Defn Iceland Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-iceland-physical-addresses.md
+
+ Title: "Iceland physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Iceland physical addresses sensitive information type entity definition."
++
+# Iceland physical addresses
+
+This unbundled named entity detects patterns related to physical address from Iceland. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Impairments Us Disability Evaluation Under Social Security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-impairments-us-disability-evaluation-under-social-security.md
+
+ Title: "Impairments Listed In The U.S. Disability Evaluation Under Social Security entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Impairments Listed In The U.S. Disability Evaluation Under Social Security sensitive information type entity definition."
+++
+# Impairments Listed In The U.S. Disability Evaluation Under Social Security
+
+This unbundled named entity detects names of impairments listed in the U.S. Disability Evaluation Under Social Security, such as *muscular dystrophy*. It supports English terms only. It's also included in the [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+High
compliance Sit Defn India Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-india-drivers-license-number.md
+
+ Title: "India Drivers License Number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "India Driver's License Number sensitive information type entity definition."
+++
+# India Drivers License Number
+
+## Format
+
+15 character alphanumeric pattern
+
+## Pattern
+
+15 letters or digits:
+
+- two letters indicating state code
+- optional space or dash
+- two digits indicating city code
+- optional space or dash
+- four digits indicating year of issue
+- optional space or dash
+- seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_india_driving_license` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number_common` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_india_driving_license` finds content that matches the pattern.
+
+```xml
+ <!-- India Driver's License Number -->
+ <Entity id="680788a3-53b6-455a-b891-c38cd76dc917" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_india_driving_license" />
+ <Match idRef="Keywords_eu_driver's_license_number_common" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_india_driving_license" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number_common
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
compliance Sit Defn India Gst Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-india-gst-number.md
+
+ Title: "India GST Number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "India GST Number sensitive information type entity definition."
++
+# India GST Number
+
+## Format
+
+15 character alphanumeric pattern
+
+## Pattern
+
+15 letters or digits:
+
+- two digits representing valid state code
+- an optional space or dash
+- ten characters representing Permanent Account Number (PAN)
+- one letter or digit
+- an optional space or dash
+- one letter 'z' or 'Z'
+- an optional space or dash
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_india_gst_number` finds content that matches the pattern.
+- A keyword from `Keyword_india_gst_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_india_gst_number` finds content that matches the pattern.
+
+```xml
+ <!-- India GST number -->
+ <Entity id="9f5a721c-2fd2-446a-a27e-0c02fbe4630c" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_india_gst_number" />
+ <Match idRef="Keyword_india_gst_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_india_gst_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_india_gst_number
+
+- gst
+- gstin
+- goods and services tax
+- goods and service tax
compliance Sit Defn India Permanent Account Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-india-permanent-account-number.md
+
+ Title: "India permanent account number (PAN) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "India permanent account number (PAN) sensitive information type entity definition."
++
+# India permanent account number (PAN)
+
+## Format
+
+10 letters or digits
+
+## Pattern
+
+10 letters or digits:
+
+- Three letters (not case-sensitive)
+- A letter in C, P, H, F, A, T, B, L, J, G (not case-sensitive)
+- A letter
+- Four digits
+- A letter that is an alphabetic check digit
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_india_permanent_account_number` finds content that matches the pattern.
+- A keyword from `Keyword_india_permanent_account_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_india_permanent_account_number` finds content that matches the pattern.
+
+```xml
+ <!-- India Permanent Account Number -->
+ <Entity id="2602bfee-9bb0-47a5-a7a6-2bf3053e2804" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_india_permanent_account_number" />
+ <Match idRef="Keyword_india_permanent_account_number" />
+ </Pattern>
+ <Version minEngineVersion="15.20.3520.000">
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Regex_india_permanent_account_number" />
+ </Pattern>
+ </Version>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_india_permanent_account_number
+
+- Permanent Account Number
+- PAN
compliance Sit Defn India Unique Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-india-unique-identification-number.md
+
+ Title: "India unique identification (Aadhaar) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "India unique identification (Aadhaar) number sensitive information type entity definition."
++
+# India unique identification (Aadhaar) number
+
+## Format
+
+12 digits containing optional spaces or dashes
+
+## Pattern
+
+12 digits:
+
+- A digit that isn't 0 or 1
+- Three digits
+- An optional space or dash
+- Four digits
+- An optional space or dash
+- The final digit, which is the check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_india_aadhaar` finds content that matches the pattern.
+- A keyword from `Keyword_india_aadhar` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_india_aadhaar` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- India Unique Identification (Aadhaar) number -->
+<Entity id="1ca46b29-76f5-4f46-9383-cfa15e91048f" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_india_aadhaar"/>
+ <Match idRef="Keyword_india_aadhar"/>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_india_aadhaar"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_india_aadhar
+
+- aadhaar
+- aadhar
+- aadhar#
+- uid
+- आधार
+- uidai
compliance Sit Defn India Voter Id Card https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-india-voter-id-card.md
+
+ Title: "India Voter Id Card entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "India Voter Id Card sensitive information type entity definition."
++
+# India Voter Id Card
+
+## Format
+
+10 character alphanumeric pattern
+
+## Pattern
+
+10 letters or digits:
+
+- three letters
+- seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_india_voter_id_card` finds content that matches the pattern.
+- A keyword from `Keyword_india_voter_id_card` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_india_voter_id_card` finds content that matches the pattern.
+
+```xml
+ <!-- India Voter Id Card -->
+ <Entity id="646d643f-5228-4408-acc8-f2e81a6df897" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_india_voter_id_card" />
+ <Match idRef="Keyword_india_voter_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Regex_india_voter_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_india_voter_id_card
+
+- voter
+- voterid
+- votercard
+- voteridcard
+- electoral photo identity card
+- EPIC
+- ECI
+- election commmision
compliance Sit Defn Indonesia Identity Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-indonesia-identity-card-number.md
+
+ Title: "Indonesia identity card (KTP) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Indonesia identity card (KTP) number sensitive information type entity definition."
++
+# Indonesia identity card (KTP) number
+
+## Format
+
+16 digits containing optional periods
+
+## Pattern
+
+16 digits:
+
+- Two-digit province code
+- A period (optional)
+- Two-digit regency or city code
+- Two-digit subdistrict code
+- A period (optional)
+- Six digits in the format DDMMYY, which are the date of birth
+- A period (optional)
+- Four digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_indonesia_id_card` finds content that matches the pattern.
+- A keyword from `Keyword_indonesia_id_card` is found.
+
+```xml
+<!-- Indonesia Identity Card (KTP) Number -->
+<Entity id="da68fdb0-f383-4981-8c86-82689d3b7d55" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_indonesia_id_card"/>
+ <Match idRef="Keyword_indonesia_id_card"/>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_indonesia_id_card
+
+- KTP
+- Kartu Tanda Penduduk
+- Nomor Induk Kependudukan
compliance Sit Defn International Banking Account Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-international-banking-account-number.md
+
+ Title: "International banking account number (IBAN) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "International banking account number (IBAN) sensitive information type entity definition."
++
+# International banking account number (IBAN)
+
+## Format
+
+Country code (two letters) plus check digits (two digits) plus bban number (up to 30 characters)
+
+## Pattern
+
+Pattern must include all of the following:
+
+- Two-letter country code
+- Two check digits (followed by an optional space)
+- 1-7 groups of four letters or digits (can be separated by spaces)
+- 1-3 letters or digits
+
+The format for each country is slightly different. The IBAN sensitive information type covers these 60 countries:
+
+- ad
+- ae
+- al
+- at
+- az
+- ba
+- be
+- bg
+- bh
+- ch
+- cr
+- cy
+- cz
+- de
+- dk
+- do
+- ee
+- es
+- fi
+- fo
+- fr
+- gb
+- ge
+- gi
+- gl
+- gr
+- hr
+- hu
+- ie
+- il
+- is
+- it
+- kw
+- kz
+- lb
+- li
+- lt
+- lu
+- lv
+- mc
+- md
+- me
+- mk
+- mr
+- mt
+- mu
+- nl
+- no
+- pl
+- pt
+- ro
+- rs
+- sa
+- se
+- si
+- sk
+- sm
+- tn
+- tr
+- vg
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_iban` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<Entity id="e7dc4711-11b7-4cb0-b88b-2c394a771f0e" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_iban" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+None
compliance Sit Defn International Classification Of Diseases Icd 10 Cm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-international-classification-of-diseases-icd-10-cm.md
+
+ Title: "International classification of diseases (ICD-10-CM) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "International classification of diseases (ICD-10-CM) sensitive information type entity definition."
++
+# International classification of diseases (ICD-10-CM)
+
+## Format
+
+Dictionary
+
+## Pattern
+
+Keyword
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- A keyword from `Dictionary_icd_10_updated` is found.
+- A keyword from `Dictionary_icd_10_codes` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- A keyword from `Dictionary_icd_10_ updated` is found.
+
+```xml
+ <!-- ICD-10 CM -->
+ <Entity id="3356946c-6bb7-449b-b253-6ffa419c0ce7" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Dictionary_icd_10_updated" />
+ <Match idRef="Dictionary_icd_10_codes" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Dictionary_icd_10_updated" />
+ </Pattern>
+
+```
+
+## Keywords
+
+Any term from the `Dictionary_icd_10_updated` keyword dictionary, which is based on the [International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM)](https://icd10cmtool.cdc.gov/). This type looks only for the term, not the insurance codes.
+
+Any term from the `Dictionary_icd_10_codes` keyword dictionary, which is based on the [International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM)](https://icd10cmtool.cdc.gov/). This type looks only for insurance codes, not the description.
compliance Sit Defn International Classification Of Diseases Icd 9 Cm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-international-classification-of-diseases-icd-9-cm.md
+
+ Title: "International classification of diseases (ICD-9-CM) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "International classification of diseases (ICD-9-CM) sensitive information type entity definition."
++
+# International classification of diseases (ICD-9-CM)
+
+## Format
+
+Dictionary
+
+## Pattern
+
+Keyword
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- A keyword from `Dictionary_icd_9_updated` is found.
+- A keyword from `Dictionary_icd_9_codes` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- A keyword from `Dictionary_icd_9_updated` is found.
+
+```xml
+ <Entity id="fa3f9c74-ee07-4c52-b5f2-085d6b2c0ec4" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Dictionary_icd_9_updated" />
+ <Match idRef="Dictionary_icd_9_codes" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Dictionary_icd_9_updated" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+Any term from the `Dictionary_icd_9_updated` keyword dictionary, which is based on the [International Classification of Diseases,Ninth Revision, Clinical Modification (ICD-9-CM)](https://go.microsoft.com/fwlink/?linkid=852605). This type looks only for the term, not the insurance codes.
+
+Any term from the `Dictionary_icd_9_codes` keyword dictionary, which is based on the [International Classification of Diseases,Ninth Revision, Clinical Modification (ICD-9-CM)](https://go.microsoft.com/fwlink/?linkid=852605). This type looks only for insurance codes, not the description.
compliance Sit Defn Ip Address V4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-ip-address-v4.md
+
+ Title: "IP address v4 entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "IP address v4 sensitive information type entity definition."
++
+# IP Address v4
+
+## Format
+
+Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses.
+
+## Pattern
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_ipv4_address` finds content that matches the pattern.
+- A keyword from `Keyword_ipaddress` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_ipv4_address` finds content that matches the pattern.
+
+```xml
+ <!-- IP Address v4-->
+ <Entity id="a7dd5e5f-e7f9-4626-a2c6-86a8cb6830d2" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_ipv4_address" />
+ <Match idRef="Keyword_ipaddress" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_ipv4_address" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_ipaddress
+
+- IP (case sensitive)
+- ip address
+- ip addresses
+- internet protocol
+- IP-כתובת ה
compliance Sit Defn Ip Address V6 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-ip-address-v6.md
+
+ Title: "IP address v6 entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "IP address v6 sensitive information type entity definition."
++
+# IP Address v6
+
+## Format
+
+Complex pattern that accounts for formatted IPv6 numbers (which include colons)
+
+## Pattern
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_ipv6_address` finds content that matches the pattern.
+- A keyword from `Keyword_ipaddress` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_ipv6_address` finds content that matches the pattern.
+
+```xml
+ <!-- IP Address v6-->
+ <Entity id="3f691089-7413-4926-ab3b-3c5ea8a1c17e" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_ipv6_address" />
+ <Match idRef="Keyword_ipaddress" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_ipv6_address" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_ipaddress
+
+- IP (case sensitive)
+- ip address
+- ip addresses
+- internet protocol
+- IP-כתובת ה
compliance Sit Defn Ip Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-ip-address.md
+
+ Title: "IP address entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "IP address sensitive information type entity definition."
++
+# IP address
+
+## Format
+
+### IPv4:
+Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses
+
+### IPv6:
+Complex pattern that accounts for formatted IPv6 numbers (which include colons)
+
+## Pattern
+
+## Checksum
+
+No
+
+## Definition
+
+For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_ipv6_address` finds content that matches the pattern.
+- No keyword from `Keyword_ipaddress` is found.
+
+For IPv4, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_ipv4_address` finds content that matches the pattern.
+- A keyword from `Keyword_ipaddress` is found.
+
+For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_ipv6_address` finds content that matches the pattern.
+- No keyword from `Keyword_ipaddress` is found.
+
+```xml
+ <!-- IP Address -->
+ <Entity id="1daa4ad5-e2dd-4ca4-a788-54722c09efb2" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_ipv6_address" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keyword_ipaddress" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="95">
+ <IdMatch idRef="Regex_ipv4_address" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_ipaddress" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="95">
+ <IdMatch idRef="Regex_ipv6_address" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_ipaddress" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_ipaddress
+
+- IP (this keyword is case-sensitive)
+- ip address
+- ip addresses
+- internet protocol
+- IP-כתובת ה
compliance Sit Defn Ireland Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-ireland-drivers-license-number.md
+
+ Title: "Ireland drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Ireland driver's license number sensitive information type entity definition."
++
+# Ireland drivers license number
+
+## Format
+
+Six digits followed by four letters
+
+## Pattern
+
+Six digits and four letters:
+
+- Six digits
+- Four letters (not case-sensitive)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_ireland_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_ireland_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Ireland Driver's License Number -->
+ <Entity id="e01bccd9-eb4d-414f-ace1-e9b6a4c4a2ca" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_ireland_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_ireland_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_ireland_eu_driver's_license_number
+
+- ceadúnas tiomána
+- ceadúnais tiomána
+
+- The regular expression Regex_ipv4_address finds content that matches the pattern.
+- A keyword from `Keyword_ipaddress` is found.
+
+For IPv6, a DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression Regex_ipv6_address finds content that matches the pattern.
+- No keyword from `Keyword_ipaddress` is found.
+
+```xml
+ <!-- IP Address -->
+ <Entity id="1daa4ad5-e2dd-4ca4-a788-54722c09efb2" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_ipv6_address" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keyword_ipaddress" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="95">
+ <IdMatch idRef="Regex_ipv4_address" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_ipaddress" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="95">
+ <IdMatch idRef="Regex_ipv6_address" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_ipaddress" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+### Keyword_ipaddress
+
+- IP (this keyword is case-sensitive)
+- ip address
+- ip addresses
+- internet protocol
+- IP-כתובת ה
compliance Sit Defn Ireland Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-ireland-passport-number.md
+
+ Title: "Ireland passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Ireland passport number sensitive information type entity definition."
++
+# Ireland passport number
+
+## Format
+
+Two letters or digits followed by seven digits with no spaces or delimiters
+
+### Pattern
+
+Two letters or digits followed by seven digits:
+
+- Two digits or letters (not case-sensitive)
+- Seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.
+- The regular expression `Regex_ireland_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 BEA/MAY 1988) or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_ireland_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_ireland_eu_passport_number` is found.
+
+```xml
+ <!-- Ireland Passport Number -->
+ <Entity id="a2130f27-9ee2-4103-84f9-a6b1ee7d0cbf" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_ireland_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_ireland_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_ireland_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_ireland_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_ireland_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number_common
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_ireland_eu_passport_number
+
+- passeport numero
+- uimhreacha pasanna
+- uimhir pas
+- uimhir phas
+- uimhreacha pas
+- uimhir cárta
+- uimhir chárta
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Ireland Personal Public Service Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-ireland-personal-public-service-number.md
+
+ Title: "Ireland personal public service (PPS) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Ireland personal public service (PPS) number sensitive information type entity definition."
++
+# Ireland personal public service (PPS) number
+
+## Format
+
+Old format (until 31 December 2012):
+
+- seven digits followed by 1-2 letters
+
+New format (1 January 2013 and after):
+
+- seven digits followed by two letters
+
+## Pattern
+
+Old format (until 31 December 2012):
+
+- seven digits
+- one to two letters (not case-sensitive)
+
+New format (1 January 2013 and after):
+
+- seven digits
+- a letter (not case-sensitive) which is an alphabetic check digit
+- An optional letter in the range A-I, or "W"
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_ireland_pps finds` content that matches the pattern.
+- A keyword from `Keywords_ireland_eu_national_id_card` is found.
+- The checksum passes.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_ireland_pps` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- Ireland Personal Public Service (PPS) Number -->
+ <Entity id="1cdb674d-c19a-4fcf-9f4b-7f56cc87345a" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_ireland_pps" />
+ <Match idRef="Keywords_ireland_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_ireland_pps" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_ireland_eu_national_id_card
+
+- client identity service
+- identification number
+- personal id number
+- personal public service number
+- personal service no
+- phearsanta seirbhíse poiblí
+- pps no
+- pps number
+- pps num
+- pps service no
+- ppsn
+- ppsno#
+- ppsno
+- psp
+- public service no
+- publicserviceno#
+- publicserviceno
+- revenue and social insurance number
+- rsi no
+- rsi number
+- rsin
+- seirbhís aitheantais cliant
+- uimh
+- uimhir aitheantais chánach
+- uimhir aitheantais phearsanta
+- uimhir phearsanta seirbhíse poiblí
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Ireland Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-ireland-physical-addresses.md
+
+ Title: "Ireland physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Ireland physical addresses sensitive information type entity definition."
++
+# Ireland physical addresses
+
+This unbundled named entity detects patterns related to physical address from Ireland. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Israel Bank Account Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-israel-bank-account-number.md
+
+ Title: "Israel bank account number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Israel bank account number sensitive information type entity definition."
++
+# Israel bank account number
+
+## Format
+
+13 digits
+
+## Pattern
+
+Formatted:
+
+- two digits
+- a dash
+- three digits
+- a dash
+- eight digits
+
+Unformatted:
+
+- 13 consecutive digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_israel_bank_account_number` finds content that matches the pattern.
+- A keyword from `Keyword_israel_bank_account_number` is found.
+
+```xml
+<!-- Israel Bank Account Number -->
+<Entity id="7d08b2ff-a0b9-437f-957c-aeddbf9b2b25" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_israel_bank_account_number" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_israel_bank_account_number" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_israel_bank_account_number
+
+- Bank Account Number
+- Bank Account
+- Account Number
+- מספר חשבון בנק
compliance Sit Defn Israel National Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-israel-national-identification-number.md
+
+ Title: "Israel national identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Israel national identification number sensitive information type entity definition."
++
+# Israel national identification number
+
+## Format
+
+nine digits
+
+## Pattern
+
+nine consecutive digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_israeli_national_id_number` finds content that matches the pattern.
+- A keyword from `Keyword_Israel_National_ID` is found.
+- The checksum passes.
+
+```xml
+<!-- Israel National ID Number -->
+<Entity id="e05881f5-1db1-418c-89aa-a3ac5c5277ee" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_israeli_national_id_number" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_Israel_National_ID" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_Israel_National_ID
+
+- מספר זהות
+- מספר זיה וי
+- מספר זיהוי ישר אלי
+- זהותישר אלית
+- هو ية اسرائيل ية عدد
+- هوية إسرائ يلية
+- رقم الهوية
+- عدد هوية فريدة من نوعها
+- idnumber#
+- id number
+- identity no
+- identitynumber#
+- identity number
+- israeliidentitynumber
+- personal id
+- unique id
compliance Sit Defn Italy Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-italy-drivers-license-number.md
+
+ Title: "Italy drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Italy driver's license number sensitive information type entity definition."
++
+# Italy drivers license number
+
+This type entity is included in the EU Driver's License Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
+
+## Format
+
+a combination of 10 letters and digits
+
+## Pattern
+
+a combination of 10 letters and digits:
+
+- one letter (not case-sensitive)
+- the letter "A" or "V" (not case-sensitive)
+- seven digits
+- one letter (not case-sensitive)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_italy_drivers_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keyword_italy_drivers_license_number` is found.
+
+```xml
+ <!-- Italy Driver's license Number -->
+ <Entity id="97d6244f-9157-41bd-8e0c-9d669a5c4d71" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_italy_drivers_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keyword_italy_drivers_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keyword_italy_drivers_license_number
+
+- numero di patente
+- patente di guida
+- patente guida
+- patenti di guida
+- patenti guida
compliance Sit Defn Italy Fiscal Code https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-italy-fiscal-code.md
+
+ Title: "Italy fiscal code entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Italy fiscal code sensitive information type entity definition."
++
+# Italy fiscal code
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+a 16-character combination of letters and digits in the specified pattern
+
+## Pattern
+
+A 16-character combination of letters and digits:
+
+- three letters that correspond to the first three consonants in the family name
+- three letters that correspond to the first, third, and fourth consonants in the first name
+- two digits that correspond to the last digits of the birth year
+- one letter that corresponds to the letter for the month of birthΓÇöletters are used in alphabetical order, but only the letters A to E, H, L, M, P, R to T are used (so, January is A and October is R)
+- two digits that correspond to the day of the month of birth in order to differentiate between genders, 40 is added to the day of birth for women
+- four digits that correspond to the area code specific to the municipality where the person was born (country-wide codes are used for foreign countries)
+- one parity digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_italy_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_italy_eu_national_id_card` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_italy_eu_national_id_card` finds content that matches the pattern.
+
+```xml
+ <!-- Italy Fiscal Code -->
+ <Entity id="4cd79172-8da9-4ff5-9188-98b1e7e2eca6" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_italy_eu_national_id_card" />
+ <Match idRef="Keywords_italy_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_italy_eu_national_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_italy_eu_national_id_card
+
+- codice fiscal
+- codice fiscale
+- codice id personale
+- codice personale
+- fiscal code
+- numero certificato personale
+- numero di identificazione fiscale
+- numero id personale
+- numero personale
+- personal certificate number
+- personal code
+- personal id code
+- personal id number
+- personalcodeno#
+- tax code
+- tax id
+- tax identification no
+- tax identification number
+- tax identity number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Italy Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-italy-passport-number.md
+
+ Title: "Italy passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Italy passport number sensitive information type entity definition."
++
+# Italy passport number
+
+## Format
+
+two letters or digits followed by seven digits with no spaces or delimiters
+
+## Pattern
+
+two letters or digits followed by seven digits:
+
+- two digits or letters (not case-sensitive)
+- seven digits
+
+## Checksum
+
+not applicable
+
+### Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.
+- The regular expression `Regex_italy_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 01 GEN/JAN 1988) or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_italy_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_italy_eu_passport_number` is found.
+
+```xml
+ <!-- Italy Passport Number -->
+ <Entity id="39811019-4750-445f-b26d-4c0e6c431544" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_italy_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_italy_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_italy_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_italy_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_italy_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number_common
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_italy_eu_passport_number
+
+- italiana passaporto
+- passaporto italiana
+- passaporto numero
+- numéro passeport
+- numero di passaporto
+- numeri del passaporto
+- passeport italien
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Italy Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-italy-physical-addresses.md
+
+ Title: "Italy physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Italy physical addresses sensitive information type entity definition."
++
+# Italy physical addresses
+
+This unbundled named entity detects patterns related to physical address from Italy. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Italy Value Added Tax Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-italy-value-added-tax-number.md
+
+ Title: "Italy value added tax number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Italy value added tax number sensitive information type entity definition."
++
+# Italy value added tax number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+13 character alphanumeric pattern with optional delimiters
+
+## Pattern
+
+13 character alphanumeric pattern with optional delimiters:
+
+- I or i
+- T or t
+- optional space, dot, hyphen, or comma
+- 11 digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_italy_value_added_tax_number` finds content that matches the pattern.
+- A keyword from `Keywords_italy_value_added_tax_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_italy_value_added_tax_number` finds content that matches the pattern.
+
+```xml
+ <!-- Italy Value Added Tax -->
+ <Entity id="26a8cc07-2283-4a2a-ab1d-4ab643c4c67f" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_italy_value_added_tax_number" />
+ <Match idRef="Keywords_italy_value_added_tax_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_italy_value_added_tax_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_italy_value_added_tax_number
+
+- vat number
+- vat no
+- vat#
+- iva
+- iva#
compliance Sit Defn Japan Bank Account Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-japan-bank-account-number.md
+
+ Title: "Japan bank account number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Japan bank account number sensitive information type entity definition."
++
+# Japan bank account number
+
+## Format
+
+seven or eight digits
+
+## Pattern
+
+bank account number:
+
+- seven or eight digits
+- bank account branch code:
+
+- four digits
+- a space or dash (optional)
+- three digits
+
+Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_jp_bank_account` finds content that matches the pattern.
+- A keyword from `Keyword_jp_bank_account` is found.
+- One of the following is true:
+
+- The function `Func_jp_bank_account_branch_code` finds content that matches the pattern.
+- A keyword from `Keyword_jp_bank_branch_code` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_jp_bank_account` finds content that matches the pattern.
+- A keyword from `Keyword_jp_bank_account` is found.
+
+```xml
+<!-- Japan Bank Account Number -->
+<Entity id="d354f95b-96ee-4b80-80bc-4377312b55bc" patternsProximity="300" recommendedConfidence="75">
+ <Version minEngineVersion="15.01.0131.000">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_jp_bank_account" />
+ <Match idRef="Keyword_jp_bank_account" />
+ <Any minMatches="1">
+ <Match idRef="Func_jp_bank_account_branch_code" />
+ <Match idRef="Keyword_jp_bank_branch_code" />
+ </Any>
+ </Pattern>
+ </Version>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_jp_bank_account" />
+ <Match idRef="Keyword_jp_bank_account" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_jp_bank_account
+
+- Checking Account Number
+- Checking Account
+- Checking Account #
+- Checking Acct Number
+- Checking Acct #
+- Checking Acct No.
+- Checking Account No.
+- Bank Account Number
+- Bank Account
+- Bank Account #
+- Bank Acct Number
+- Bank Acct #
+- Bank Acct No.
+- Bank Account No.
+- Savings Account Number
+- Savings Account
+- Savings Account #
+- Savings Acct Number
+- Savings Acct #
+- Savings Acct No.
+- Savings Account No.
+- Debit Account Number
+- Debit Account
+- Debit Account #
+- Debit Acct Number
+- Debit Acct #
+- Debit Acct No.
+- Debit Account No.
+- 口座番号
+- 銀行口座
+- 銀行口座番号
+- 総合口座
+- 普通預金口座
+- 普通口座
+- 当座預金口座
+- 当座口座
+- 預金口座
+- 振替口座
+- 銀行
+- バンク
+
+### Keyword_jp_bank_branch_code
+
+- 支店番号
+- 支店コード
+- 店番号
compliance Sit Defn Japan Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-japan-drivers-license-number.md
+
+ Title: "Japan drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Japan driver's license number sensitive information type entity definition."
++
+# Japan drivers license number
+
+## Format
+
+12 digits
+
+## Pattern
+
+12 consecutive digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_jp_drivers_license_number` finds content that matches the pattern.
+- A keyword from `Keyword_jp_drivers_license_number` is found.
+
+```xml
+<!-- Japan Driver's License Number -->
+<Entity id="c6011143-d087-451c-8313-7f6d4aed2270" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_jp_drivers_license_number" />
+ <Match idRef ="Keyword_jp_drivers_license_number" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_jp_drivers_license_number
+
+- driverlicense
+- driverslicense
+- driver'slicense
+- driverslicenses
+- driver'slicenses
+- driverlicenses
+- dl#
+- dls#
+- lic#
+- lics#
+- 運転免許証
+- 運転免許
+- 免許証
+- 免許
+- 運転免許証番号
+- 運転免許番号
+- 免許証番号
+- 免許番号
+- 運転免許証ナンバー
+- 運転免許ナンバー
+- 免許証ナンバー
+- 運転免許証no
+- 運転免許no
+- 免許証no
+- 免許no
+- 運転経歴証明書番号
+- 運転経歴証明書
+- 運転免許証No.
+- 運転免許No.
+- 免許証No.
+- 免許No.
+- 運転免許証#
+- 運転免許#
+- 免許証#
+- 免許#
compliance Sit Defn Japan My Number Corporate https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-japan-my-number-corporate.md
+
+ Title: "Japan My Number - Corporate entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Japan My Number - Corporate sensitive information type entity definition."
++
+# Japan My Number - Corporate
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+13-digit number
+
+## Pattern
+
+13-digit number:
+
+- one digit from one to nine
+- 12 digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_japanese_my_number_corporate` finds content that matches the pattern.
+- A keyword from `Keywords_japanese_my_number_corporate` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_japanese_my_number_corporate` finds content that matches the pattern.
+
+```xml
+ <!-- Japanese My Number ΓÇô Corporate -->
+ <Entity id="9e0eaf79-ff20-4ffb-b3e4-e7368d5db6ff" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_japanese_my_number_corporate" />
+ <Match idRef="Keywords_japanese_my_number_corporate" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_japanese_my_number_corporate" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_japan_my_number_corporate
+
+- corporate number
+- マイナンバー
+- 共通番号
+- マイナンバーカード
+- マイナンバーカード番号
+- 個人番号カード
+- 個人識別番号
+- 個人識別ナンバー
+- 法人番号
+- 指定通知書
compliance Sit Defn Japan My Number Personal https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-japan-my-number-personal.md
+
+ Title: "Japan My Number - Personal entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Japan My Number - Personal sensitive information type entity definition."
++
+# Japan My Number - Personal
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+12-digit number
+
+## Pattern
+
+12-digit number:
+
+- four digits
+- an optional space, dot, or hyphen
+- four digits
+- an optional space, dot, or hyphen
+- four digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_japanese_my_number_personal` finds content that matches the pattern.
+- A keyword from `Keywords_japanese_my_number_personal` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_japanese_my_number_personal` finds content that matches the pattern.
+
+```xml
+ <!-- Japanese My Number ΓÇô Personal -->
+ <Entity id="98da8e66-7299-4ebd-9f82-c871ab37d3ef" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_japanese_my_number_personal" />
+ <Match idRef="Keywords_japanese_my_number_personal" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_japanese_my_number_personal" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_japan_my_number_personal
+
+- my number
+- マイナンバー
+- 個人番号
+- 共通番号
+- マイナンバーカード
+- マイナンバーカード番号
+- 個人番号カード
+- 個人識別番号
+- 個人識別ナンバー
+- 通知カード
compliance Sit Defn Japan Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-japan-passport-number.md
+
+ Title: "Japan passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Japan passport number sensitive information type entity definition."
++
+# Japan passport number
+
+## Format
+
+two letters followed by seven digits
+
+## Pattern
+
+two letters (not case-sensitive) followed by seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_jp_passport` finds content that matches the pattern.
+- A keyword from `Keyword_jp_passport` is found.
+
+```xml
+<!-- Japan Passport Number -->
+<Entity id="75177310-1a09-4613-bf6d-833aae3743f8" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_jp_passport" />
+ <Match idRef="Keyword_jp_passport" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_jp_passport
+
+- Passport
+- Passport Number
+- Passport No.
+- Passport #
+- パスポート
+- パスポート番号
+- パスポートナンバー
+- パスポート#
+- パスポート#
+- パスポートNo.
+- 旅券番号
+- 旅券番号#
+- 旅券番号♯
+- 旅券ナンバー
compliance Sit Defn Japan Residence Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-japan-residence-card-number.md
+
+ Title: "Japan residence card number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Japan residence card number sensitive information type entity definition."
++
+# Japan residence card number
+
+## Format
+
+12 letters and digits
+
+## Pattern
+
+12 letters and digits:
+
+- two letters (not case-sensitive)
+- eight digits
+- two letters (not case-sensitive)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_jp_residence_card_number` finds content that matches the pattern.
+- A keyword from `Keyword_jp_residence_card_number` is found.
+
+```xml
+<!--Japan Residence Card Number-->
+-<Entity id="ac36fef2-a289-4e2c-bb48-b02366e89fc0" recommendedConfidence="75" patternsProximity="300">
+ -<Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_jp_residence_card_number"/>
+ <Match idRef="Keyword_jp_residence_card_number"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_jp_residence_card_number
+
+- Residence card number
+- Residence card no
+- Residence card #
+- 在留カード番号
+- 在留カード
+- 在留番号
compliance Sit Defn Japan Resident Registration Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-japan-resident-registration-number.md
+
+ Title: "Japan resident registration number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Japan resident registration number sensitive information type entity definition."
++
+# Japan resident registration number
+
+## Format
+
+11 digits
+
+## Pattern
+
+11 consecutive digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_jp_resident_registration_number` finds content that matches the pattern.
+- A keyword from `Keyword_jp_resident_registration_number` is found.
+
+```xml
+<!-- Japan Resident Registration Number -->
+<Entity id="01c1209b-6389-4faf-a5f8-3f7e13899652" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_jp_resident_registration_number" />
+ <Match idRef ="Keyword_jp_resident_registration_number" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_jp_resident_registration_number
+
+- Resident Registration Number
+- Residents Basic Registry Number
+- Resident Registration No.
+- Resident Register No.
+- Residents Basic Registry No.
+- Basic Resident Register No.
+- 外国人登録証明書番号
+- 証明書番号
+- 登録番号
+- 外国人登録証
compliance Sit Defn Japan Social Insurance Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-japan-social-insurance-number.md
+
+ Title: "Japan social insurance number (SIN) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Japan social insurance number (SIN) sensitive information type entity definition."
++
+# Japan social insurance number (SIN)
+
+## Format
+
+7-12 digits
+
+## Pattern
+
+7-12 digits:
+
+- four digits
+- a hyphen (optional)
+- six digits
+OR
+- 7-12 consecutive digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_jp_sin finds` content that matches the pattern.
+- A keyword from `Keyword_jp_sin` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_jp_sin_pre_1997` finds content that matches the pattern.
+- A keyword from `Keyword_jp_sin` is found.
+
+```xml
+<!-- Japan Social Insurance Number -->
+<Entity id="c840e719-0896-45bb-84fd-1ed5c95e45ff" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_jp_sin" />
+ <Match idRef="Keyword_jp_sin" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_jp_sin_pre_1997" />
+ <Match idRef="Keyword_jp_sin" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_jp_sin
+
+- Social Insurance No.
+- Social Insurance Num
+- Social Insurance Number
+- 健康保険被保険者番号
+- 健保番号
+- 基礎年金番号
+- 雇用保険被保険者番号
+- 雇用保険番号
+- 保険証番号
+- 社会保険番号
+- 社会保険No.
+- 社会保険
+- 介護保険
+- 介護保険被保険者番号
+- 健康保険被保険者整理番号
+- 雇用保険被保険者整理番号
+- 厚生年金
+- 厚生年金被保険者整理番号
compliance Sit Defn Lab Test Terms https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-lab-test-terms.md
+
+ Title: "Lab test terms entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Lab test terms sensitive information type entity definition."
++
+# Lab test terms
+
+This unbundled named entity detects terms related to lab tests, such as *Insulin C-peptide*. It supports English terms only. It's also included in the [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+High
compliance Sit Defn Latvia Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-latvia-drivers-license-number.md
+
+ Title: "Latvia drivers license number terms entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Latvia driver's license number sensitive information type entity definition."
++
+# Latvia drivers license number
+
+## Format
+
+three letters followed by six digits
+
+## Pattern
+
+three letters and six digits:
+
+- three letters (not case-sensitive)
+- six digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_latvia_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_latvia_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Latvia Driver's License Number -->
+ <Entity id="ec996de0-30f2-46b1-b192-4d2ff8805fa7" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_latvia_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_latvia_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_latvia_eu_driver's_license_number
+
+- autovad─½t─üja apliec─½ba
+- autovad─½t─üja apliec─½bas
+- vad─½t─üja apliec─½ba
compliance Sit Defn Latvia Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-latvia-passport-number.md
+
+ Title: "Latvia passport number terms entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Latvia passport number sensitive information type entity definition."
+++
+# Latvia passport number
+
+## Format
+
+two letters or digits followed by seven digits with no spaces or delimiters
+
+## Pattern
+
+two letters or digits followed by seven digits:
+
+- two digits or letters (not case-sensitive)
+- seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_latvia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_latvia_eu_passport_number` is found.
+
+```xml
+ <!-- Latvia Passport Number -->
+ <Entity id="23ae25ec-cc28-421b-b77a-3054eadf1ede" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_latvia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_latvia_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_latvia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_latvia_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number_common
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_latvia_eu_passport_number
+
+- pase numurs
+- pase numur
+- pases numuri
+- pases nr
+- passeport no
+- n┬░ du Passeport
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Latvia Personal Code https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-latvia-personal-code.md
+
+ Title: "Latvia personal code entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Latvia personal code sensitive information type entity definition."
++
+# Latvia personal code
+
+## Format
+
+11 digits and an optional hyphen
+
+## Pattern
+
+Old format
+
+11 digits and a hyphen:
+
+- six digits that correspond to the birth date (DDMMYY)
+- a hyphen
+- one digit that corresponds to the century of birth ("0" for 19th century, "1" for 20th century, and "2" for 21st century)
+- four digits, randomly generated
+
+New format
+
+11 digits
+
+- Two digits "32"
+- Nine digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern.
+- A keyword from `Keywords_latvia_eu_national_id_card` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_latvia_eu_national_id_card` or the regex `Regex_latvia_eu_national_id_card_new_format` finds content that matches the pattern.
+
+```xml
+ <!-- Latvia Personal Code -->
+ <Entity id="03fcf763-27c2-49ed-9422-2641c6c895c9" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_latvia_eu_national_id_card" />
+ <Match idRef="Keywords_latvia_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_latvia_eu_national_id_card" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_latvia_eu_telephone_number" />
+ <Match idRef="Keywords_latvia_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_latvia_eu_national_id_card_new_format" />
+ <Match idRef="Keywords_latvia_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_latvia_eu_national_id_card_new_format" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_latvia_eu_telephone_number" />
+ <Match idRef="Keywords_latvia_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+
+```
+
+## Keywords
+
+### Keywords_latvia_eu_national_id_card
+
+- administrative number
+- alvas n─ô
+- birth number
+- citizen number
+- civil number
+- electronic census number
+- electronic number
+- fiscal code
+- healthcare user number
+- id#
+- id-code
+- identification number
+- identifik─ücijas numurs
+- id-number
+- individual number
+- latvija alva
+- nacion─ülais id
+- national id
+- national identifying number
+- national identity number
+- national insurance number
+- national register number
+- nodok─╝a numurs
+- nodok─╝u id
+- nodok─╝u identifik─ücija numurs
+- personal certificate number
+- personal code
+- personal id code
+- personal id number
+- personal identification code
+- personal identifier
+- personal identity number
+- personal number
+- personal numeric code
+- personalcodeno#
+- personas kods
+- population identification code
+- public service number
+- registration number
+- revenue number
+- social insurance number
+- social security number
+- state tax code
+- tax file number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
+- voter's number
compliance Sit Defn Latvia Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-latvia-physical-addresses.md
+
+ Title: "Latvia physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Latvia physical addresses sensitive information type entity definition."
+++
+# Latvia physical addresses
+
+This unbundled named entity detects patterns related to physical address from Latvia. It's also included in the [All Physical Addresses](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Liechtenstein Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-liechtenstein-physical-addresses.md
+
+ Title: "Liechtenstein physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Liechtenstein physical addresses sensitive information type entity definition."
++
+# Liechtenstein physical addresses
+
+This unbundled named entity detects patterns related to physical address from Liechtenstein. It's also included in the [All Physical Addresses](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Lifestyles Relate To Medical Conditions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-lifestyles-relate-to-medical-conditions.md
+
+ Title: "Lifestyles that relate to medical conditions entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Lifestyles that relate to medical conditions sensitive information type entity definition."
++
+# Lifestyles that relate to medical conditions
+
+This unbundled named entity detects terms related to lifestyles that might result in a medical condition, such as *smoking*. It supports English terms only. It's also included in the [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+High
compliance Sit Defn Lithuania Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-lithuania-drivers-license-number.md
+
+ Title: "Lithuania drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Lithuania driver's license number sensitive information type entity definition."
+++
+# Lithuania drivers license number
+
+## Format
+
+eight digits without spaces and delimiters
+
+## Pattern
+
+eight digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_lithuania_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_lithuania_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Lithuania Driver's License Number -->
+ <Entity id="86f7628b-e0f4-4dc3-9fbc-e4300e4c7d78" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_lithuania_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_lithuania_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_lithuania_eu_driver's_license_number
+
+- vairuotojo pa┼╛ym─ùjimas
+- vairuotojo pa┼╛ym─ùjimo numeris
+- vairuotojo pa┼╛ym─ùjimo numeriai
compliance Sit Defn Lithuania Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-lithuania-passport-number.md
+
+ Title: "Lithuania passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Lithuania passport number sensitive information type entity definition."
++
+# Lithuania passport number
+
+## Format
+
+eight digits or letters with no spaces or delimiters
+
+## Pattern
+
+eight digits or letters (not case-sensitive)
+
+## Checksum
+
+not applicable
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_lithuania_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_lithuania_eu_passport_number` is found.
+
+```xml
+ <!-- Lithuania Passport Number -->
+ <Entity id="1b79900f-047b-4c3f-846f-7d73b5534bce" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_lithuania_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_lithuania_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date3" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_lithuania_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_lithuania_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_lithuania_eu_passport_number
+
+- paso numeris
+- paso numeriai
+- paso nr
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Lithuania Personal Code https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-lithuania-personal-code.md
+
+ Title: "Lithuania personal code entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Lithuania personal code sensitive information type entity definition."
+++
+# Lithuania personal code
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+11 digits without spaces and delimiters
+
+## Pattern
+
+11 digits without spaces and delimiters:
+
+- one digit (1-6) that corresponds to the person's gender and century of birth
+- six digits that correspond to birth date (YYMMDD)
+- three digits that correspond to the serial number of the date of birth
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_lithuania_eu_tax_file_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_lithuania_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- Lithuania Personal Code -->
+ <Entity id="cd6d3786-8ec3-4524-a2cf-1e0095379171" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_lithuania_eu_tax_file_number" />
+ <Match idRef="Keywords_lithuania_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_lithuania_eu_tax_file_number" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_lithuania_eu_telephone_number" />
+ <Match idRef="Keywords_lithuania_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_lithuania_eu_national_id_card
+
+- asmeninis skaitmeninis kodas
+- asmens kodas
+- citizen service number
+- mokes─ìi┼│ id
+- mokes─ìi┼│ identifikavimas numeris
+- mokes─ìi┼│ identifikavimo numeris
+- mokes─ìi┼│ numeris
+- national identification number
+- personal code
+- personal numeric code
+- pilie─ìio paslaugos numeris
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
+- unikalus identifikavimo kodas
+- unikalus identifikavimo numeris
+- unique identification number
+- unique identity number
+- uniqueidentityno#
compliance Sit Defn Lithuania Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-lithuania-physical-addresses.md
+
+ Title: "Lithuania physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Lithuania physical addresses sensitive information type entity definition."
+++
+# Lithuania physical addresses
+
+This unbundled named entity detects patterns related to physical address from Lithuania. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Luxemburg Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-luxemburg-drivers-license-number.md
+
+ Title: "Luxemburg drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Luxemburg driver's license number sensitive information type entity definition."
++
+# Luxemburg drivers license number
+
+## Format
+
+six digits without spaces and delimiters
+
+## Pattern
+
+six digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_luxemburg_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_luxemburg_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Luxemburg Driver's License Number -->
+ <Entity id="89daf717-1544-4860-9a2e-fc9166dd8852" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_luxemburg_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_luxemburg_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_luxemburg_eu_driver's_license_number
+
+- fahrerlaubnis
+- Führerschäin
compliance Sit Defn Luxemburg National Identification Number Natural Persons https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-luxemburg-national-identification-number-natural-persons.md
+
+ Title: "Luxemburg national identification number (natural persons) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Luxemburg national identification number (natural persons) sensitive information type entity definition."
++
+# Luxemburg national identification number (natural persons)
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+13 digits with no spaces or delimiters
+
+## Pattern
+
+13 digits:
+
+- 11 digits
+- two check digits
+
+## Checksum
+
+yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_luxemburg_eu_national_id_card` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_luxemburg_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- Luxemburg National Identification Number (Natural persons) -->
+ <Entity id="aaf661ed-29ec-426d-8bf9-880cad298ebb" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_luxemburg_eu_tax_file_number" />
+ <Match idRef="Keywords_luxemburg_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_luxemburg_eu_tax_file_number" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_luxemburg_eu_telephone_number" />
+ <Match idRef="Keywords_luxemburg_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_luxemburg_eu_national_id_card
+
+- eindeutige id
+- eindeutige id-nummer
+- eindeutigeid#
+- id personnelle
+- idpersonnelle#
+- idpersonnelle
+- individual code
+- individual id
+- individual identification
+- individual identity
+- numéro d'identification personnel
+- personal id
+- personal identification
+- personal identity
+- personalidno#
+- personalidnumber#
+- pers├╢nliche identifikationsnummer
+- unique id
+- unique identity
+- uniqueidkey#
compliance Sit Defn Luxemburg National Identification Number Non Natural Persons https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-luxemburg-national-identification-number-non-natural-persons.md
+
+ Title: "Luxemburg national identification number (non-natural persons) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Luxemburg national identification number (non-natural persons) sensitive information type entity definition."
++
+# Luxemburg national identification number (non-natural persons)
+
+## Format
+
+11 digits
+
+## Pattern
+
+11 digits
+
+- two digits
+- an optional space
+- three digits
+- an optional space
+- three digits
+- an optional space
+- two digits
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern.
+- A keyword from `Keywords_luxemburg_eu_tax_file_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_luxemburg_eu_tax_file_number_non_natural` finds content that matches the pattern.
+
+```xml
+ <!-- Luxemburg National Identification Number (Non-natural persons) -->
+ <Entity id="84bffa3a-d805-4788-a613-b1e4df3804cf" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_luxemburg_eu_tax_file_number_non_natural" />
+ <Match idRef="Keywords_luxemburg_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_luxemburg_eu_tax_file_number_non_natural" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_luxemburg_eu_telephone_number" />
+ <Match idRef="Keywords_luxemburg_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_luxemburg_eu_tax_file_number
+
+- carte de sécurité sociale
+- étain non
+- étain#
+- identifiant d'imp├┤t
+- luxembourg tax identifikatiounsnummer
+- numéro d'étain
+- numéro d'identification fiscal luxembourgeois
+- numéro d'identification fiscale
+- social security
+- sozialunterst├╝tzung
+- sozialversécherung
+- sozialversicherungsausweis
+- steier id
+- steier identifikatiounsnummer
+- steier nummer
+- steuer id
+- steueridentifikationsnummer
+- steuernummer
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
+- zinn#
+- zinn
+- zinnzahl
compliance Sit Defn Luxemburg Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-luxemburg-passport-number.md
+
+ Title: "Luxemburg passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Luxemburg passport number sensitive information type entity definition."
++
+# Luxemburg passport number
+
+## Format
+
+eight digits or letters with no spaces or delimiters
+
+## Pattern
+
+eight digits or letters (not case-sensitive)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date3` finds date in the format DD MM YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_luxemburg_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_luxemburg_eu_passport_number` is found.
+
+```xml
+ <!-- Luxemburg Passport Number -->
+ <Entity id="81d5c027-bed9-4421-91a0-3b2e55b3eb85" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_luxemburg_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_luxemburg_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date3" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_luxemburg_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_luxemburg_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_luxemburg_eu_passport_number
+- ausweisnummer
+- luxembourg pass
+- luxembourg passeport
+- luxembourg passport
+- no de passeport
+- no-reisepass
+- nr-reisepass
+- numéro de passeport
+- pass net
+- pass nr
+- passnummer
+- passeport nombre
+- reisepässe
+- reisepass-nr
+- reisepassnummer
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Luxemburg Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-luxemburg-physical-addresses.md
+
+ Title: "Luxemburg physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Luxemburg physical addresses sensitive information type entity definition."
++
+# Luxemburg physical addresses
+
+This unbundled named entity detects patterns related to physical address from Luxemburg. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Malaysia Identification Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-malaysia-identification-card-number.md
+
+ Title: "Malaysia identification card number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Malaysia identification card number sensitive information type entity definition."
++
+# Malaysia identification card number
+
+## Format
+
+12 digits containing optional hyphens
+
+## Pattern
+
+12 digits:
+
+- six digits in the format YYMMDD, which are the date of birth
+- a dash (optional)
+- two-letter place-of-birth code
+- a dash (optional)
+- three random digits
+- one-digit gender code
+
+## Checksum
+
+No
+
+### Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_malaysia_id_card_number` finds content that matches the pattern.
+- A keyword from `Keyword_malaysia_id_card_number` is found.
+
+```xml
+<!-- Malaysia ID Card Number -->
+</Entity>
+ <Entity id="7f0e921c-9677-435b-aba2-bb8f1013c749" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_malaysia_id_card_number" />
+ <Match idRef="Keyword_malaysia_id_card_number" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_malaysia_id_card_number
+
+- digital application card
+- i/c
+- i/c no
+- ic
+- ic no
+- id card
+- identification Card
+- identity card
+- k/p
+- k/p no
+- kad akuan diri
+- kad aplikasi digital
+- kad pengenalan malaysia
+- kp
+- kp no
+- mykad
+- mykas
+- mykid
+- mypr
+- mytentera
+- malaysia identity card
+- malaysian identity card
+- nric
+- personal identification card
compliance Sit Defn Malta Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-malta-drivers-license-number.md
+
+ Title: "Malta drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Malta driver's license number sensitive information type entity definition."
++
+# Malta drivers license number
+
+## Format
+
+Combination of two characters and six digits in the specified pattern
+
+## Pattern
+
+combination of two characters and six digits:
+
+- two characters (digits or letters, not case-sensitive)
+- a space (optional)
+- three digits
+- a space (optional)
+- three digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_malta_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_malta_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Malta Driver's License Number -->
+ <Entity id="a3bdaa4a-8371-4735-8fa5-56ee0fb4afc4" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_malta_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_malta_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_malta_eu_driver's_license_number
+
+- li─ïenzja tas-sewqan
+- li─ïenzji tas-sewwieq
compliance Sit Defn Malta Identity Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-malta-identity-card-number.md
+
+ Title: "Malta identity card number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Malta identity card number sensitive information type entity definition."
++
+# Malta identity card number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+seven digits followed by one letter
+
+## Pattern
+
+seven digits followed by one letter:
+
+- seven digits
+- one letter in "M, G, A, P, L, H, B, Z" (case insensitive)
+
+## Checksum
+
+Not applicable
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_malta_eu_national_id_card` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_malta_eu_national_id_card` finds content that matches the pattern.
+
+```xml
+ <!-- Malta Identity Card Number -->
+ <Entity id="854b36b3-a388-4ac8-a4ec-677c2b5e4356" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_malta_eu_national_id_card" />
+ <Match idRef="Keywords_malta_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Regex_malta_eu_national_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_malta_eu_national_id_card
+
+- citizen service number
+- id tat-taxxa
+- identifika numru tal-biljett
+- kodi─ïi numerali personali
+- numru ta 'identifikazzjoni personali
+- numru ta 'identifikazzjoni tat-taxxa
+- numru ta 'identifikazzjoni uniku
+- numru ta' identità uniku
+- numru tas-servizz ta─ï-─ïittadin
+- numru tat-taxxa
+- personal numeric code
+- unique identification number
+- unique identity number
+- uniqueidentityno#
compliance Sit Defn Malta Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-malta-passport-number.md
+
+ Title: "Malta passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Malta passport number sensitive information type entity definition."
++
+# Malta passport number
+
+## Format
+
+seven digits without spaces or delimiters
+
+## Pattern
+
+seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_malta_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_malta_eu_passport_number` is found.
+
+```xml
+ <!-- Malta Passport Number -->
+ <Entity id="b2b21198-48f9-4d13-b2a5-03969bff0fb8" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_malta_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_malta_eu_passport_number" />
+ </Any>
+ <Match idRef="Keywords_eu_passport_date" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_malta_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_malta_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_malta_eu_passport_number
+
+- numru tal-passaport
+- numri tal-passaport
+- Nru tal-passaport
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Malta Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-malta-physical-addresses.md
+
+ Title: "Malta physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Malta physical addresses sensitive information type entity definition."
++
+# Malta physical addresses
+
+This unbundled named entity detects patterns related to physical address from Malta. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Malta Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-malta-tax-identification-number.md
+
+ Title: "Malta tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Malta tax identification number sensitive information type entity definition."
++
+# Malta tax identification number
+
+## Format
+
+For Maltese nationals:
+
+- seven digits and one letter in the specified pattern
+
+Non-Maltese nationals and Maltese entities:
+
+- nine digits
+
+## Pattern
+
+Maltese nationals: seven digits and one letter
+
+- seven digits
+- one letter (not case-sensitive)
+
+Non-Maltese nationals and Maltese entities: nine digits
+
+- nine digits
+
+## Checksum
+
+Not applicable
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern.
+- A keyword from `Keywords_malta_eu_tax_file_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regex `Regex_malta_eu_tax_file_number` or `Regex_malta_eu_tax_file_number_non_maltese_national` finds content that matches the pattern.
+
+```xml
+ <!-- Malta Tax ID Number -->
+ <Entity id="ec830c63-65f4-45d0-9d8c-910dc8334b20" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_malta_eu_tax_file_number" />
+ <Match idRef="Keywords_malta_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Regex_malta_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_malta_eu_tax_file_number_non_maltese_national" />
+ <Match idRef="Keywords_malta_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Regex_malta_eu_tax_file_number_non_maltese_national" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_malta_eu_tax_file_number
+
+- citizen service number
+- id tat-taxxa
+- identifika numru tal-biljett
+- kodi─ïi numerali personali
+- numru ta 'identifikazzjoni personali
+- numru ta 'identifikazzjoni tat-taxxa
+- numru ta 'identifikazzjoni uniku
+- numru ta' identità uniku
+- numru tas-servizz ta─ï-─ïittadin
+- numru tat-taxxa
+- personal numeric code
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
+- unique identification number
+- unique identity number
+- uniqueidentityno#
compliance Sit Defn Medical Specialities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-medical-specialities.md
+
+ Title: "Medical specialities entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Medical specialities sensitive information type entity definition."
++
+# Medical specialities
+
+This unbundled named entity detects terms related to medical specialties, such as *dermatology*. It supports English terms only. It's also included in the [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+High
compliance Sit Defn Medicare Beneficiary Identifier Card https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-medicare-beneficiary-Identifier-card.md
+
+ Title: "Medicare Beneficiary Identifier (MBI) card entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Medicare Beneficiary Identifier (MBI) card sensitive information type entity definition."
++
+# Medicare Beneficiary Identifier (MBI) card
+
+## Format
+
+11 character alphanumeric pattern
+
+## Pattern
+
+- one digit between 1 to 9
+- one letter excluding S, L, O, I, B, Z
+- one digit or letter excluding S, L, O, I, B, Z
+- one digit
+- an optional Hyphen
+- one letter excluding S, L, O, I, B, Z
+- one digit or letter excluding S, L, O, I, B, Z
+- one digit
+- an optional Hyphen
+- two letters excluding S, L, O, I, B, Z
+- two digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_mbi_card` finds content that matches the pattern.
+- A keyword from `Keyword_mbi_card` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_mbi_card` finds content that matches the pattern.
+
+```xml
+ <!-- Medicare Beneficiary Identifier (MBI) card -->
+ <Entity id="f753a286-f5cc-47e6-a592-4be25fd02591" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_mbi_card" />
+ <Match idRef="Keyword_mbi_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_mbi_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_mbi_card
+
+- mbi
+- mbi#
+- medicare beneficiary #
+- medicare beneficiary identifier
+- medicare beneficiary no
+- medicare beneficiary number
+- medicare beneficiary#
compliance Sit Defn Mexico Unique Population Registry Code https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-mexico-unique-population-registry-code.md
+
+ Title: "Mexico Unique Population Registry Code (CURP) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Mexico Unique Population Registry Code (CURP) sensitive information type entity definition."
++
+# Mexico Unique Population Registry Code (CURP)
+
+## Format
+
+18 character alphanumeric pattern
+
+## Pattern
+
+- four letters (case insensitive)
+- six digits indicating a valid date
+- a letter - H/h or M/m
+- two letters indicating a valid Mexican state code
+- three letters
+- one letter or digit
+- one digit
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_mexico_population_registry_code` finds content that matches the pattern.
+- A keyword from `Keyword_mexico_population_registry_code` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_mexico_population_registry_code` finds content that matches the pattern.
+
+```xml
+ <!-- Mexico Unique Population Registry Code (CURP) -->
+ <Entity id="e905ad4d-5a74-406d-bf36-b1efca798af4" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_mexico_population_registry_code" />
+ <Match idRef="Keyword_mexico_population_registry_code" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_mexico_population_registry_code" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_mexico_population_registry_code
+
+- Clave Única de Registro de Población
+- Clave Unica de Registro de Poblacion
+- Unique Population Registry Code
+- unique population code
+- CURP
+- Personal ID
+- Unique ID
+- personalid
+- personalidnumber
+- uniqueidkey
+- uniqueidnumber
+- clave ├║nica
+- clave unica
+- clave personal Identidad
+- personal Identidad Clave
+- ClaveÚnica
+- claveunica
+- clavepersonalIdentidad
compliance Sit Defn Microsoft Bing Maps Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-microsoft-bing-maps-key.md
+
+ Title: "Microsoft Bing maps key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Microsoft Bing maps key sensitive information type entity definition."
++
+# Microsoft Bing maps key (preview)
+
+## Format
+
+A combination of 64 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+A combination of 64 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- underlines (_) or hyphens (-)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789-_ABCDEabcdefghijklmnopqrstu`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to call [Bing Maps API.](/bingmaps/getting-started/bing-maps-dev-center-help/getting-a-bing-maps-key)
+
+It uses several primary resources:
+
+- Patterns of Base64 URL encoded 384 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_SymmetricKey384Url:
+
+- virtualearth
+- api/maps
+- key
compliance Sit Defn Netherlands Citizens Service Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-netherlands-citizens-service-number.md
+
+ Title: "Netherlands citizens service (BSN) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Netherlands citizen's service (BSN) number sensitive information type entity definition."
++
+# Netherlands citizens service (BSN) number
+
+## Format
+
+eight or nine digits containing optional spaces
+
+## Pattern
+
+eight-nine digits:
+
+- three digits
+- a space (optional)
+- three digits
+- a space (optional)
+- two-three digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_netherlands_bsn finds` content that matches the pattern.
+- A keyword from `Keyword_netherlands_bsn` is found.
+- The checksum passes.
+
+```xml
+ <!-- Netherlands Citizen's Service (BSN) Number -->
+ <Entity id="c5f54253-ef7e-44f6-a578-440ed67e946d" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_netherlands_bsn" />
+ <Match idRef="Keywords_netherlands_eu_national_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_netherlands_eu_national_id_card
+
+- bsn#
+- bsn
+- burgerservicenummer
+- citizen service number
+- person number
+- personal number
+- personal numeric code
+- person-related number
+- persoonlijk nummer
+- persoonlijke numerieke code
+- persoonsgebonden
+- persoonsnummer
+- sociaal-fiscaal nummer
+- social-fiscal number
+- sofi
+- sofinummer
+- uniek identificatienummer
+- uniek identiteitsnummer
+- unique identification number
+- unique identity number
+- uniqueidentityno#
compliance Sit Defn Netherlands Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-netherlands-drivers-license-number.md
+
+ Title: "Netherlands drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Netherlands driver's license number sensitive information type entity definition."
++
+# Netherlands drivers license number
+
+## Format
+
+10 digits without spaces and delimiters
+
+## Pattern
+
+10 digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_netherlands_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_netherlands_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Netherlands Driver's License Number -->
+ <Entity id="6247fbea-ab80-4be5-8233-308b7c031401" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_netherlands_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_netherlands_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_netherlands_eu_driver's_license_number
+
+- permis de conduire
+- rijbewijs
+- rijbewijsnummer
+- rijbewijzen
+- rijbewijs nummer
+- rijbewijsnummers
compliance Sit Defn Netherlands Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-netherlands-passport-number.md
+
+ Title: "Netherlands passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Netherlands passport number sensitive information type entity definition."
++
+# Netherlands passport number
+
+## Format
+
+nine letters or digits with no spaces or delimiters
+
+## Pattern
+
+nine letters or digits
+
+## Checksum
+
+not applicable
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.
+- The regular expression `Regex_netherlands_eu_passport_date` finds date in the format DD MMM/MMM YYYY (Example - 26 MAA/MAR 2012)
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_netherlands_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_netherlands_eu_passport_number` is found.
+
+```xml
+ <!-- Netherlands Passport Number -->
+ <Entity id="61786727-bafd-45f6-94d9-888d815e228e" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_netherlands_eu_passport_number" />
+ <Match idRef="Regex_netherlands_eu_passport_date" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_netherlands_eu_passport_number" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_netherlands_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_netherlands_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_netherlands_eu_passport_number
+
+- paspoort nummer
+- paspoortnummers
+- paspoortnummer
+- paspoort nr
compliance Sit Defn Netherlands Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-netherlands-physical-addresses.md
+
+ Title: "Netherlands physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Netherlands physical addresses sensitive information type entity definition."
++
+# Netherlands physical addresses
+
+This unbundled named entity detects patterns related to physical address from the Netherlands. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Netherlands Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-netherlands-tax-identification-number.md
+
+ Title: "Netherlands tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Netherlands tax identification number sensitive information type entity definition."
++
+# Netherlands tax identification number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+nine digits without spaces or delimiters
+
+## Pattern
+
+nine digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_netherlands_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_netherlands_eu_tax_file_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_netherlands_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- Netherlands Tax Identification Number -->
+ <Entity id="01f42a64-eba7-4892-a67b-398237e4ade2" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_netherlands_eu_tax_file_number" />
+ <Match idRef="Keywords_netherlands_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_netherlands_eu_tax_file_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_netherlands_eu_tax_file_number
+
+- btw nummer
+- hollânske tax identification
+- hulandes impuesto id number
+- hulandes impuesto identification
+- identificatienummer belasting
+- identificatienummer van belasting
+- impuesto identification number
+- impuesto number
+- nederlands belasting id nummer
+- nederlands belasting identificatie
+- nederlands belasting identificatienummer
+- nederlands belastingnummer
+- nederlandse belasting identificatie
+- netherlands tax identification
+- netherland's tax identification
+- netherlands tin
+- netherland's tin
+- tax id
+- tax identification no
+- tax identification number
+- tax identification tal
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- tax tal
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Netherlands Value Added Tax Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-netherlands-value-added-tax-number.md
+
+ Title: "Netherlands value added tax number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Netherlands value added tax number sensitive information type entity definition."
++
+# Netherlands value added tax number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+14 character alphanumeric pattern
+
+## Pattern
+
+14-character alphanumeric pattern:
+
+- N or n
+- L or l
+- optional space, dot, or hyphen
+- nine digits
+- optional space, dot, or hyphen
+- B or b
+- two digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_netherlands_value_added_tax_number` finds content that matches the pattern.
+- A keyword from `Keywords_netherlands_value_added_tax_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_netherlands_value_added_tax_number` finds content that matches the pattern.
+
+```xml
+ <!-- Netherlands Value Added Tax Number -->
+ <Entity id="4f320d9b-4972-41ae-b337-88d499bb1ade" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_netherlands_value_added_tax_number" />
+ <Match idRef="Keywords_netherlands_value_added_tax_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_netherlands_value_added_tax_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_netherlands_value_added_tax_number
+
+- vat number
+- vat no
+- vat#
+- wearde tafoege tax getal
+- btw n├╗mer
+- btw-nummer
compliance Sit Defn New Zealand Bank Account Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-new-zealand-bank-account-number.md
+
+ Title: "New Zealand bank account number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "New Zealand bank account number sensitive information type entity definition."
++
+# New Zealand bank account number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+14-digit to 16-digit pattern with optional delimiter
+
+## Pattern
+
+14-digit to 16-digit pattern with optional delimiter:
+
+- two digits
+- an optional hyphen or space
+- three to four digits
+- an optional hyphen or space
+- seven digits
+- an optional hyphen or space
+- two to three digits
+- an options hyphen or space
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_new_zealand_bank_account_number` finds content that matches the pattern.
+- A keyword from `Keywords_new_zealand_bank_account_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_new_zealand_bank_account_number` finds content that matches the pattern.
+
+```xml
+ <!-- New Zealand Bank Account Number -->
+ <Entity id="1a97fc2b-dd2f-48f1-bc4e-2ddf25813956" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_new_zealand_bank_account_number" />
+ <Match idRef="Keywords_new_zFealand_bank_account_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_new_zealand_bank_account_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_new_zealand_bank_account_number
+
+- account number
+- bank account
+- bank_acct_id
+- bank_acct_branch
+- bank_acct_nbr
compliance Sit Defn New Zealand Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-new-zealand-drivers-license-number.md
+
+ Title: "New Zealand drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "New Zealand driver's license number sensitive information type entity definition."
++
+# New Zealand drivers license number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+eight character alphanumeric pattern
+
+## Pattern
+
+eight character alphanumeric pattern
+
+- two letters
+- six digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_newzealand_driver_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_newzealand_driver_license_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_newzealand_driver_license_number` finds content that matches the pattern.
+
+```xml
+ <!-- New Zealand Driver License Number -->
+ <Entity id="1924b377-d287-49c9-a737-cfe7a8a2615a" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_newzealand_driver_license_number" />
+ <Match idRef="Keywords_newzealand_driver_license_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_newzealand_driver_license_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_new_zealand_drivers_license_number
+
+- driverlicence
+- driverlicences
+- driver lic
+- driver licence
+- driver licences
+- driverslic
+- driverslicence
+- driverslicences
+- drivers lic
+- drivers lics
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's licence
+- driver's licences
+- driverlic#
+- driverlics#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver licence#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's licence#
+- driver's licences#
+- international driving permit
+- international driving permits
+- nz automobile association
+- new zealand automobile association
compliance Sit Defn New Zealand Inland Revenue Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-new-zealand-inland-revenue-number.md
+
+ Title: "New Zealand inland revenue number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "New Zealand inland revenue number sensitive information type entity definition."
++
+# New Zealand inland revenue number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+eight or nine digits with optional delimiters
+
+## Pattern
+
+eight or nine digits with optional delimiters
+
+- two or three digits
+- an optional space or hyphen
+- three digits
+- an optional space or hyphen
+- three digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_new_zealand_inland_revenue_number` finds content that matches the pattern.
+- A keyword from `Keywords_new_zealand_inland_revenue_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_new_zealand_inland_revenue_number` finds content that matches the pattern.
+
+```xml
+ <!-- New Zealand Inland Revenue Number -->
+ <Entity id="dd0fe2bc-7bcf-455f-bac1-83b1e3eb25fd" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_new_zealand_inland_revenue_number" />
+ <Match idRef="Keywords_new_zealand_inland_revenue_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_new_zealand_inland_revenue_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_new_zealand_inland_revenue_number
+
+- ird no.
+- ird no#
+- nz ird
+- new zealand ird
+- ird number
+- inland revenue number
compliance Sit Defn New Zealand Ministry Of Health Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-new-zealand-ministry-of-health-number.md
+
+ Title: "New Zealand ministry of health number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "New Zealand ministry of health number sensitive information type entity definition."
++
+# New Zealand ministry of health number
+
+## Format
+
+three letters and four digits
+
+## Pattern
+
+- three letters (not case-sensitive) except 'I' and 'O'
+- four digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_new_zealand_ministry_of_health_number` finds content that matches the pattern.
+- A keyword from `Keyword_nz_terms` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_new_zealand_ministry_of_health_number` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- New Zealand Health Number -->
+ <Entity id="2b71c1c8-d14e-4430-82dc-fd1ed6bf05c7" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_new_zealand_ministry_of_health_number" />
+ <Match idRef="Keyword_nz_terms" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_new_zealand_ministry_of_health_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_nz_terms
+
+- NHI
+- New Zealand
+- National Health Index
+- NHI#
+- National Health Index#
compliance Sit Defn New Zealand Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-new-zealand-physical-addresses.md
+
+ Title: "New Zealand physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "New Zealand physical addresses sensitive information type entity definition."
++
+# New Zealand physical addresses
+
+This unbundled named entity detects patterns related to physical address from New Zealand. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn New Zealand Social Welfare Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-new-zealand-social-welfare-number.md
+
+ Title: "New Zealand social welfare number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "New Zealand social welfare number sensitive information type entity definition."
++
+# New Zealand social welfare number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+nine digits
+
+## Pattern
+
+nine digits
+
+- three digits
+- an optional hyphen
+- three digits
+- an optional hyphen
+- three digits
+
+## Checksum
+
+Yes
+
+### Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_newzealand_social_welfare_number` finds content that matches the pattern.
+- A keyword from `Keywords_newzealand_social_welfare_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_newzealand_social_welfare_number` finds content that matches the pattern.
+
+```xml
+ <!-- Newzealand Social Welfare Number -->
+ <Entity id="20f3c48d-4ac1-4cd2-86bd-34ecc1826e9d" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_newzealand_social_welfare_number" />
+ <Match idRef="Keywords_newzealand_social_welfare_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_newzealand_social_welfare_number" />
+ </Pattern>
+ </Entity>
+ </Version>
+```
+
+## Keywords
+
+### Keyword_new_zealand_social_welfare_number
+
+- social welfare #
+- social welfare#
+- social welfare No.
+- social welfare number
+- swn#
compliance Sit Defn Norway Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-norway-identification-number.md
+
+ Title: "Norway identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Norway identification number sensitive information type entity definition."
++
+# Norway identification number
+
+## Format
+
+11 digits
+
+## Pattern
+
+11 digits:
+
+- six digits in the format DDMMYY, which are the date of birth
+- three-digit individual number
+- two check digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_norway_id_number` finds content that matches the pattern.
+- A keyword from `Keyword_norway_id_number` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_norway_id_number` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Norway Identification Number -->
+<Entity id="d4c8a798-e9f2-4bd3-9652-500d24080fc3" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_norway_id_number"/>
+ <Match idRef="Keyword_norway_id_number"/>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_norway_id_number"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_norway_id_number
+
+- Personal identification number
+- Norwegian ID Number
+- ID Number
+- Identification
+- Personnummer
+- F├╕dselsnummer
compliance Sit Defn Norway Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-norway-physical-addresses.md
+
+ Title: "Norway physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Norway physical addresses sensitive information type entity definition."
++
+# Norway physical addresses
+
+This unbundled named entity detects patterns related to physical address from Norway. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Philippines Unified Multi Purpose Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-philippines-unified-multi-purpose-identification-number.md
+
+ Title: "Philippines unified multi-purpose identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Philippines unified multi-purpose identification number sensitive information type entity definition."
++
+# Philippines unified multi-purpose identification number
+
+## Format
+
+12 digits separated by hyphens
+
+## Pattern
+
+12 digits:
+
+- four digits
+- a hyphen
+- seven digits
+- a hyphen
+- one digit
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_philippines_unified_id` finds content that matches the pattern.
+- A keyword from `Keyword_philippines_id` is found.
+
+```xml
+<!-- Philippines Unified Multi-Purpose ID number -->
+<Entity id="019b39dd-8c25-4765-91a3-d9c6baf3c3b3" recommendedConfidence="75" patternsProximity="300">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_philippines_unified_id"/>
+ <Match idRef="Keyword_philippines_id"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_philippines_id
+
+- Unified Multi-Purpose ID
+- UMID
+- Identity Card
+- Pinag-isang Multi-Layunin ID
compliance Sit Defn Poland Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-poland-drivers-license-number.md
+
+ Title: "Poland drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Poland driver's license number sensitive information type entity definition."
++
+# Poland drivers license number
+
+## Format
+
+14 digits containing two forward slashes
+
+## Pattern
+
+14 digits and two forward slashes:
+
+- five digits
+- a forward slash
+- two digits
+- a forward slash
+- seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_poland_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_poland_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Poland Driver's License Number -->
+ <Entity id="24d51f99-ee9e-4060-a077-cae58cab1ee4" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_poland_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_poland_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_poland_eu_driver's_license_number
+
+- prawo jazdy
+- prawa jazdy
compliance Sit Defn Poland Identity Card https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-poland-identity-card.md
+
+ Title: "Poland identity card entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Poland identity card sensitive information type entity definition."
++
+# Poland identity card
+
+## Format
+
+three letters and six digits
+
+## Pattern
+
+three letters (not case-sensitive) followed by six digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_polish_national_id` finds content that matches the pattern.
+- A keyword from `Keyword_polish_national_id_passport_number` is found.
+- The checksum passes.
+
+```xml
+<!-- Poland Identity Card-->
+<Entity id="25E64989-ED5D-40CA-A939-6C14183BB7BF" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_polish_national_id" />
+ <Match idRef="Keyword_polish_national_id_passport_number" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_poland_national_id_passport_number
+
+- Dow├│d osobisty
+- Numer dowodu osobistego
+- Nazwa i numer dowodu osobistego
+- Nazwa i nr dowodu osobistego
+- Nazwa i nr dowodu tożsamości
+- Dowód Tożsamości
+- dow. os.
compliance Sit Defn Poland National Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-poland-national-id.md
+
+ Title: "Poland national ID (PESEL) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Poland national ID (PESEL) sensitive information type entity definition."
++
+# Poland national ID (PESEL)
+
+## Format
+
+11 digits
+
+## Pattern
+
+- six digits representing date of birth in the format YYMMDD
+- four digits
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_pesel_identification_number` finds content that matches the pattern.
+- A keyword from `Keyword_pesel_identification_number` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_pesel_identification_number` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- Poland National ID (PESEL) -->
+ <Entity id="E3AAF206-4297-412F-9E06-BA8487E22456" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_pesel_identification_number" />
+ <Match idRef="Keyword_pesel_identification_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_pesel_identification_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_pesel_identification_number
+
+- dowód osobisty
+- dowódosobisty
+- niepowtarzalny numer
+- niepowtarzalnynumer
+- nr.-pesel
+- nr-pesel
+- numer identyfikacyjny
+- pesel
+- tożsamości narodowej
compliance Sit Defn Poland Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-poland-passport-number.md
+
+ Title: "Poland passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Poland passport number sensitive information type entity definition."
++
+# Poland passport number
+
+This sensitive information type entity is included in the EU Passport Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
+
+## Format
+
+two letters and seven digits
+
+## Pattern
+
+Two letters (not case-sensitive) followed by seven digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_polish_passport_number_v2` finds content that matches the pattern.
+- The checksum passes.
+- A keyword from `Keywords_eu_passport_number` or `Keyword_polish_national_passport_number` is found.
+- A keyword from `Keywords_eu_passport_date` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_polish_passport_number_v2` finds content that matches the pattern.
+- The checksum passes.
+- A keyword from `Keywords_eu_passport_number` or `Keyword_polish_national_passport_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_polish_passport_number_v2` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- Poland Passport Number -->
+ <Entity id="03937FB5-D2B6-4487-B61F-0F8BFF7C3517" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_polish_passport_number_v2" />
+ <Match idRef="Keywords_eu_passport_date" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keyword_polish_national_passport_number" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_polish_passport_number_v2" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keyword_polish_national_passport_number" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_polish_passport_number_v2" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keyword_polish_national_passport_number
+
+- numer paszportu
+- numery paszport├│w
+- numery paszportowe
+- nr paszportu
+- nr. paszportu
+- nr paszport├│w
+- n┬░ passeport
+- passeport n┬░
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Poland Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-poland-physical-addresses.md
+
+ Title: "Poland physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Poland physical addresses sensitive information type entity definition."
++
+# Poland physical addresses
+
+This unbundled named entity detects patterns related to physical address from Poland. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Poland Regon Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-poland-regon-number.md
+
+ Title: "Poland REGON number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Poland REGON number sensitive information type entity definition."
++
+# Poland REGON number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+9-digit or 14-digit number
+
+## Pattern
+
+nine digit or 14-digit number:
+
+- nine digits
+or
+- nine digits
+- hyphen
+- five digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_polish_regon_number` finds content that matches the pattern.
+- A keyword from `Keywords_polish_regon_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_polish_regon_number` finds content that matches the pattern.
+
+```xml
+ <!-- Polish REGON Number -->
+ <Entity id="fc87b421-f437-4f8b-b739-29a735ead0d9" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_polish_regon_number" />
+ <Match idRef="Keywords_polish_regon_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_polish_regon_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_poland_regon_number
+
+- regon id
+- statistical number
+- statistical id
+- statistical no
+- regon number
+- regonid#
+- regonno#
+- company id
+- companyid#
+- companyidno#
+- numer statystyczny
+- numeru regon
+- numerstatystyczny#
+- numeruregon#
compliance Sit Defn Poland Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-poland-tax-identification-number.md
+
+ Title: "Poland tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Poland tax identification number sensitive information type entity definition."
++
+# Poland tax identification number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+11 digits with no spaces or delimiters
+
+## Pattern
+
+11 digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_poland_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_poland_eu_tax_file_number` is found.
+
+```xml
+ <!-- Poland Tax Identification Number -->
+ <Entity id="1ff28b4d-40f2-49e9-b677-9606a88e2bca" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_poland_eu_tax_file_number" />
+ <Match idRef="Keywords_poland_eu_tax_file_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_poland_eu_tax_file_number
+
+- nip#
+- nip
+- numer identyfikacji podatkowej
+- numeridentyfikacjipodatkowej#
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
+- vat id#
+- vat id
+- vat no
+- vat number
+- vatid#
+- vatid
+- vatno#
compliance Sit Defn Portugal Citizen Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-portugal-citizen-card-number.md
+
+ Title: "Portugal citizen card number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Portugal citizen card number sensitive information type entity definition."
++
+# Portugal citizen card number
+
+## Format
+
+eight digits
+
+## Pattern
+
+eight digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_portugal_citizen_card` finds content that matches the pattern.
+- A keyword from `Keyword_portugal_citizen_card` is found.
+
+```xml
+<!-- Portugal Citizen Card Number -->
+<Entity id="91a7ece2-add4-4986-9a15-c84544d81ecd" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_portugal_citizen_card"/>
+ <Match idRef="Keyword_portugal_citizen_card"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_portugal_citizen_card
+
+- bilhete de identidade
+- cartão de cidadão
+- citizen card
+- document number
+- documento de identificação
+- id number
+- identification no
+- identification number
+- identity card no
+- identity card number
+- national id card
+- nic
+- n├║mero bi de portugal
+- número de identificação civil
+- número de identificação fiscal
+- n├║mero do documento
+- portugal bi number
compliance Sit Defn Portugal Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-portugal-drivers-license-number.md
+
+ Title: "Portugal drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Portugal driver's license number sensitive information type entity definition."
++
+# Portugal drivers license number
+
+## Format
+
+two patterns - two letters followed by 5-8 digits with special characters
+
+## Pattern
+
+Pattern 1:
+Two letters followed by 5/6 with special characters:
+
+- Two letters (not case-sensitive)
+- A hyphen
+- Five or Six digits
+- A space
+- One digit
+
+Pattern 2:
+One letter followed by 6/8 digits with special characters:
+
+- One letter (not case-sensitive)
+- A hyphen
+- Six or eight digits
+- A space
+- One digit
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_portugal_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_portugal_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Portugal Driver's License Number -->
+ <Entity id="977f1e5a-2c33-4bcc-b516-95bb275cff23" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_portugal_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_portugal_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_portugal_eu_driver's_license_number
+
+- carteira de motorista
+- carteira motorista
+- carteira de habilitação
+- carteira habilitação
+- número de licença
+- número licença
+- permissão de condução
+- permissão condução
+- Licença condução Portugal
+- carta de condução
compliance Sit Defn Portugal Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-portugal-passport-number.md
+
+ Title: "Portugal passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Portugal passport number sensitive information type entity definition."
++
+# Portugal passport number
+
+## Format
+
+one letter followed by six digits with no spaces or delimiters
+
+## Pattern
+
+one letter followed by six digits:
+
+- one letter (not case-sensitive)
+- six digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_portugal_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_portugal_eu_passport_number` is found.
+
+```xml
+ <!-- Portugal Passport Number -->
+ <Entity id="080a52fd-a7bc-431e-b54d-51f08f59db11" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_portugal_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_portugal_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_portugal_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_portugal_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_portugal_eu_passport_number
+
+- n├║mero do passaporte
+- portuguese passport
+- portuguese passeport
+- portuguese passaporte
+- passaporte n┬║
+- passeport n┬║
+- n├║meros de passaporte
+- portuguese passports
+- n├║mero passaporte
+- n├║meros passaporte
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Portugal Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-portugal-physical-addresses.md
+
+ Title: "Portugal physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Portugal physical addresses sensitive information type entity definition."
++
+# Portugal physical addresses
+
+This unbundled named entity detects patterns related to physical address from Portugal. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Portugal Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-portugal-tax-identification-number.md
+
+ Title: "Portugal tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Portugal tax identification number sensitive information type entity definition."
++
+# Portugal tax identification number
+
+## Format
+
+nine digits with optional spaces
+
+## Pattern
+
+- three digits
+- an optional space
+- three digits
+- an optional space
+- three digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_portugal_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_portugal_eu_tax_file_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_portugal_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- Portugal Tax Identification Number -->
+ <Entity id="65372402-3131-4f1e-9983-4439841d1f15" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_portugal_eu_tax_file_number" />
+ <Match idRef="Keywords_portugal_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_portugal_eu_tax_file_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_portugal_eu_tax_file_number
+
+- cpf#
+- cpf
+- nif#
+- nif
+- número de identificação fisca
+- numero fiscal
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Romania Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-romania-drivers-license-number.md
+
+ Title: "Romania drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Romania driver's license number sensitive information type entity definition."
++
+# Romania drivers license number
+
+## Format
+
+one character followed by eight digits
+
+## Pattern
+
+one character followed by eight digits:
+
+- one letter (not case-sensitive) or digit
+- eight digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_romania_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_romania_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Romania Driver's License Number -->
+ <Entity id="b5511ace-2fd8-4ae4-b6fc-c7c6e4689e3c" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_romania_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_romania_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_romania_eu_driver's_license_number
+
+- permis de conducere
+- permisului de conducere
+- permisului conducere
+- permisele de conducere
+- permisele conducere
+- permis conducere
compliance Sit Defn Romania Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-romania-passport-number.md
+
+ Title: "Romania passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Romania passport number sensitive information type entity definition."
++
+# Romania passport number
+
+## Format
+
+eight or nine digits without spaces and delimiters
+
+## Pattern
+
+eight or nine digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.
+- The regular expression `Regex_romania_eu_passport_date` finds date in the format DD MMM/MMM YY (Example- 01 FEB/FEB 10) or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_romania_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_romania_eu_passport_number` is found.
+
+```xml
+ <!-- Romania Passport Number -->
+ <Entity id="5d31b90c-7fe2-4a76-a14b-767b8fd19d6c" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_romania_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_romania_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_romania_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_romania_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_romania_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_romania_eu_passport_number
+
+numărul pașaportului
+numarul pasaportului
+numerele pașaportului
+Pașaport nr
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Romania Personal Numeric Code https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-romania-personal-numeric-code.md
+
+ Title: "Romania personal numeric code (CNP) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Romania personal numeric code (CNP) sensitive information type entity definition."
++
+# Romania personal numeric code (CNP)
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+13 digits without spaces and delimiters
+
+## Pattern
+
+- one digit from 1-9
+- six digits representing date of birth (YYMMDD)
+- two digits, which can be 01-52 or 99
+- four digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_romania_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_romania_eu_national_id_card` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_romania_eu_national_id_card` finds content that matches the pattern.
+
+```xml
+ <!-- Romania Personal Numerical Code (CNP) -->
+ <Entity id="eb5fa399-fe28-4c67-8188-d63a616ed89c" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_romania_eu_national_id_card" />
+ <Match idRef="Keywords_romania_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_romania_eu_national_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_romania_eu_national_id_card
+
+- cnp#
+- cnp
+- cod identificare personal
+- cod numeric personal
+- cod unic identificare
+- codnumericpersonal#
+- codul fiscal nr.
+- identificarea fiscal─â nr#
+- id-ul taxei
+- insurance number
+- insurancenumber#
+- national id#
+- national id
+- national identification number
+- număr identificare personal
+- număr identitate
+- număr personal unic
+- num─âridentitate#
+- număridentitate
+- num─ârpersonalunic#
+- numărpersonalunic
+- num─âru de identificare fiscal─â
+- num─ârul de identificare fiscal─â
+- personal numeric code
+- pin#
+- pin
+- tax file no
+- tax file number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
+- unique identification number
+- unique identity number
+- uniqueidentityno#
+- uniqueidentityno
compliance Sit Defn Romania Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-romania-physical-addresses.md
+
+ Title: "Romania physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Romania physical addresses sensitive information type entity definition."
++
+# Romania physical addresses
+
+This unbundled named entity detects patterns related to physical address from Romania. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Russia Passport Number Domestic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-russia-passport-number-domestic.md
+
+ Title: "Russia passport number domestic entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Russia passport number domestic sensitive information type entity definition."
++
+# Russia passport number domestic
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+10-digit number
+
+## Pattern
+
+10-digit number:
+
+- two digits
+- an optional space or hyphen
+- two digits
+- an optional space
+- six digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regex `Regex_Russian_Passport_Number_Domestic` finds content that matches the pattern.
+- A keyword from `Keyword_Russian_Passport_Number` is found.
+
+```xml
+ <!-- Russian Passport Number Domestic -->
+ <Entity id="76ec2f5d-cedb-48e1-8070-1998794af445" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_Russian_Passport_Number_Domestic" />
+ <Match idRef="Keyword_Russian_Passport_Number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_russia_passport_number_domestic
+
+- passport number
+- passport no
+- passport #
+- passport id
+- passportno#
+- passportnumber#
+- паспорт нет
+- паспорт id
+- pоссийской паспорт
+- pусский номер паспорта
+- паспорт#
+- паспортid#
+- номер паспорта
+- номерпаспорта#
compliance Sit Defn Russia Passport Number International https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-russia-passport-number-international.md
+
+ Title: "Russia passport number international entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Russia passport number international sensitive information type entity definition."
++
+# Russia passport number international
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+nine-digit number
+
+## Pattern
+
+nine-digit number:
+
+- two digits
+- an optional space or hyphen
+- seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regex `Regex_Russian_Passport_Number_International` finds content that matches the pattern.
+- A keyword from `Keyword_Russian_Passport_Number` is found.
+
+```xml
+ <!-- Russian Passport Number International -->
+ <Entity id="ac5f4878-75e4-4b82-af2d-02e13ea9f411" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_Russian_Passport_Number_International" />
+ <Match idRef="Keyword_Russian_Passport_Number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_russia_passport_number_international
+
+- passport number
+- passport no
+- passport #
+- passport id
+- passportno#
+- passportnumber#
+- паспорт нет
+- паспорт id
+- pоссийской паспорт
+- pусский номер паспорта
+- паспорт#
+- паспортid#
+- номер паспорта
+- номерпаспорта#
compliance Sit Defn Saudi Arabia National Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-saudi-arabia-national-id.md
+
+ Title: "Saudi Arabia National ID entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Saudi Arabia National ID sensitive information type entity definition."
++
+# Saudi Arabia National ID
+
+## Format
+
+10 digits
+
+## Pattern
+
+10 consecutive digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_saudi_arabia_national_id` finds content that matches the pattern.
+- A keyword from `Keyword_saudi_arabia_national_id` is found.
+
+```xml
+<!-- Saudi Arabia National ID -->
+<Entity id="8c5a0ba8-404a-41a3-8871-746aa21ee6c0" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_saudi_arabia_national_id" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_saudi_arabia_national_id" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_saudi_arabia_national_id
+
+- Identification Card
+- I card number
+- ID number
+- الوطنية الهوية بطاقة رقم
compliance Sit Defn Singapore National Registration Identity Card Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-singapore-national-registration-identity-card-number.md
+
+ Title: "Singapore national registration identity card (NRIC) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Singapore national registration identity card (NRIC) number sensitive information type entity definition."
++
+# Singapore national registration identity card (NRIC) number
+
+## Format
+
+nine letters and digits
+
+## Pattern
+
+- nine letters and digits:
+
+- the letter "F", "G", "M", "S", or "T" (not case-sensitive)
+- seven digits
+- an alphabetic check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_singapore_nric` finds content that matches the pattern.
+- A keyword from `Keyword_singapore_nric` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_singapore_nric` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Singapore National Registration Identity Card (NRIC) Number -->
+<Entity id="cead390a-dd83-4856-9751-fb6dc98c34da" recommendedConfidence="75" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_singapore_nric"/>
+ <Match idRef="Keyword_singapore_nric"/>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_singapore_nric"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_singapore_nric
+
+- National Registration Identity Card
+- Identity Card Number
+- NRIC
+- IC
+- Foreign Identification Number
+- FIN
+- 身份证
+- 身份證
compliance Sit Defn Slack Access Token https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-slack-access-token.md
+
+ Title: "Slack access token entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Slack access token sensitive information type entity definition."
++
+# Slack access token (preview)
+
+## Format
+
+A combination of up to 34 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+A token prefix (case-sensitive) 'xoxp-', 'xoxb-', 'xoxa-', 'xoxr-', 'xoxo-', 'xoxs-' or 'xoxe-'
+
+A combination of up to 29 characters:
+
+- 29 a-z (not case-sensitive)
+- 0-9 or hyphens (-)
+
+for example:
+
+`xoxp-abcdef-abcdef-abcdef-abcdef`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used to access [Slack platform functionalities](https://api.slack.com/docs/token-type) (for example Bot tokens, User tokens and App-level tokens).
+
+It uses several primary resources:
+
+- Patterns of Slack user/bot/workspace token.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_SlackTokens:
+
+- xox
compliance Sit Defn Slovakia Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-slovakia-drivers-license-number.md
+
+ Title: "Slovakia drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Slovakia driver's license number sensitive information type entity definition."
++
+# Slovakia drivers license number
+
+## Format
+
+one character followed by seven digits
+
+## Pattern
+
+one character followed by seven digits
+
+- one letter (not case-sensitive) or digit
+- seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_slovakia_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_slovakia_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Slovakia Driver's License Number -->
+ <Entity id="14240c22-b6de-4ce5-a90b-137f74252513" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_slovakia_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_slovakia_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_slovakia_eu_driver's_license_number
+
+- vodi─ìsk├╜ preukaz
+- vodičské preukazy
+- vodičského preukazu
+- vodi─ìsk├╜ch preukazov
compliance Sit Defn Slovakia Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-slovakia-passport-number.md
+
+ Title: "Slovakia passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Slovakia passport number sensitive information type entity definition."
++
+# Slovakia passport number
+
+## Format
+
+eight or nine character alphanumeric pattern
+
+## Pattern
+
+one letter (not case-sensitive) followed by seven digits
+or
+two letters (not case-sensitive) followed by six or seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_slovakia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovakia_eu_passport_number` is found.
+
+```xml
+ <!-- Slovakia Passport Number -->
+ <Entity id="238e1f08-d80e-4793-af33-9b57918335b7" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_slovakia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_slovakia_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_slovakia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_slovakia_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_slovakia_eu_passport_number
+
+- číslo pasu
+- čísla pasov
+- pas ─ì.
+- Passeport n┬░
+- n┬░ Passeport
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Slovakia Personal Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-slovakia-personal-number.md
+
+ Title: "Slovakia personal number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Slovakia personal number sensitive information type entity definition."
++
+# Slovakia personal number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+nine or 10 digits containing optional backslash
+
+## Pattern
+
+- six digits representing date of birth
+- optional slash (/)
+- three digits
+- one optional check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_slovakia_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_slovakia_eu_national_id_card` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_slovakia_eu_national_id_card` finds content that matches the pattern.
+
+```xml
+ <!-- Slovakia Personal Number -->
+ <Entity id="951c26b7-3b35-4f73-924b-15dd599cb9ab" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_slovakia_eu_national_id_card" />
+ <Match idRef="Keywords_slovakia_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_slovakia_eu_national_id_card" />
+ </Pattern>
+ </Entity>
+ </Version>
+```
+
+## Keywords
+
+### Keywords_slovakia_eu_national_id_card
+
+- azonosító szám
+- birth number
+- číslo národnej identifikačnej karty
+- číslo občianského preukazu
+- daňové číslo
+- id number
+- identification no
+- identification number
+- identifikačná karta č
+- identifikačné číslo
+- identity card no
+- identity card number
+- národná identifikačná značka č
+- national number
+- nationalnumber#
+- nemzeti személyazonosító igazolvány
+- personalidnumber#
+- r─ì
+- rodne cislo
+- rodné číslo
+- social security number
+- ssn#
+- ssn
+- személyi igazolvány szám
+- személyi igazolvány száma
+- személyigazolvány szám
+- tax file no
+- tax file number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Slovakia Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-slovakia-physical-addresses.md
+
+ Title: "Slovakia physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Slovakia physical addresses sensitive information type entity definition."
++
+# Slovakia physical addresses
+
+This unbundled named entity detects patterns related to physical address from Slovakia. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Slovenia Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-slovenia-drivers-license-number.md
+
+ Title: "Slovenia drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Slovenia driver's license number sensitive information type entity definition."
++
+# Slovenia drivers license number
+
+## Format
+
+nine digits without spaces and delimiters
+
+## Pattern
+
+nine digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_slovenia_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_slovenia_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Slovenia Driver's License Number -->
+ <Entity id="d5bc089a-f2ee-433d-a6b1-5c253051d6f2" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_slovenia_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_slovenia_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_slovenia_eu_driver's_license_number
+
+- vozniško dovoljenje
+- vozniška številka licence
+- vozniških dovoljenj
+- številka vozniškega dovoljenja
+- številke vozniških dovoljenj
compliance Sit Defn Slovenia Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-slovenia-passport-number.md
+
+ Title: "Slovenia passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Slovenia passport number sensitive information type entity definition."
++
+# Slovenia passport number
+
+## Format
+
+two letters followed by seven digits with no spaces or delimiters
+
+## Pattern
+
+two letters followed by seven digits:
+
+- the letter "P"
+- one uppercase letter
+- seven digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.
+- The regular expression `Regex_eu_passport_date1` finds date in the format DD.MM.YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_slovenia_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_slovenia_eu_passport_number` is found.
+
+```xml
+ <!-- Slovenia Passport Number -->
+ <Entity id="235b7976-7bbe-4df5-bb40-08678e749d1a" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_slovenia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_slovenia_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_eu_passport_date1" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_slovenia_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_slovenia_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_slovenia_eu_passport_number
+
+- številka potnega lista
+- potek veljavnosti
+- potni list#
+- datum rojstva
+- potni list
+- številke potnih listov
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Slovenia Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-slovenia-physical-addresses.md
+
+ Title: "Slovenia physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Slovenia physical addresses sensitive information type entity definition."
++
+# Slovenia physical addresses
+
+This unbundled named entity detects patterns related to physical address from Slovenia. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Slovenia Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-slovenia-tax-identification-number.md
+
+ Title: "Slovenia tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Slovenia tax identification number sensitive information type entity definition."
++
+# Slovenia tax identification number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+eight digits with no spaces or delimiters
+
+## Pattern
+
+- one digit from 1-9
+- six digits
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_slovenia_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_slovenia_eu_tax_file_number` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_slovenia_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- Slovenia Tax Identification Number -->
+ <Entity id="e47b071e-c352-4d70-8241-8c215ad65505" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_slovenia_eu_tax_file_number" />
+ <Match idRef="Keywords_slovenia_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_slovenia_eu_tax_file_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_slovenia_eu_tax_file_number
+
+- davčna številka
+- identifikacijska številka davka
+- številka davčne datoteke
+- tax file no
+- tax file number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Slovenia Unique Master Citizen Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-slovenia-unique-master-citizen-number.md
+
+ Title: "Slovenia Unique Master Citizen Number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Slovenia Unique Master Citizen Number sensitive information type entity definition."
++
+# Slovenia Unique Master Citizen Number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+13 digits without spaces or delimiters
+
+## Pattern
+
+13 digits in the specified pattern:
+
+- seven digits that correspond to the birth date (DDMMLLL) where "LLL" corresponds to the last three digits of the birth year
+- two digits that correspond to the area of birth "50"
+- three digits that correspond to a combination of gender and serial number for persons born on the same day. 000-499 for male and 500-999 for female.
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_slovenia_eu_national_id_card` finds content that matches the pattern.
+- A keyword from `Keywords_slovenia_eu_national_id_card` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_slovenia_eu_national_id_card` finds content that matches the pattern.
+
+```xml
+ <!-- Slovenia Unique Master Citizen Number -->
+ <Entity id="68948b27-803d-41e4-adf1-13e05eb541bb" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_slovenia_eu_national_id_card" />
+ <Match idRef="Keywords_slovenia_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_slovenia_eu_national_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_slovenia_eu_national_id_card
+
+- edinstvena številka glavnega državljana
+- emšo
+- enotna maticna številka obcana
+- id card
+- identification number
+- identifikacijska številka
+- identity card
+- nacionalna id
+- nacionalni potni list
+- national id
+- osebna izkaznica
+- osebni koda
+- osebni ne
+- osebni številka
+- personal code
+- personal number
+- personal numeric code
+- številka državljana
+- unique citizen number
+- unique id number
+- unique identity number
+- unique master citizen number
+- unique registration number
+- uniqueidentityno #
+- uniqueidentityno#
compliance Sit Defn South Africa Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-south-africa-identification-number.md
+
+ Title: "South Africa identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "South Africa identification number sensitive information type entity definition."
++
+# South Africa identification number
+
+### Format
+
+13 digits that may contain spaces
+
+## Pattern
+
+13 digits:
+
+- six digits in the format YYMMDD, which are the date of birth
+- four digits
+- a single-digit citizenship indicator
+- the digit "8" or "9"
+- one digit, which is a checksum digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_south_africa_identification_number` finds content that matches the pattern.
+- A keyword from `Keyword_south_africa_identification_number` is found.
+- The checksum passes.
+
+```xml
+<!-- South Africa Identification Number -->
+<Entity id="e2adf7cb-8ea6-4048-a2ed-d89eb65f2780" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_south_africa_identification_number"/>
+ <Match idRef="Keyword_south_africa_identification_number"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_south_africa_identification_number
+
+- Identity card
+- ID
+- Identification
compliance Sit Defn South Korea Resident Registration Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-south-korea-resident-registration-number.md
+
+ Title: "South Korea resident registration number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "South Korea resident registration number sensitive information type entity definition."
++
+# South Korea resident registration number
+
+## Format
+
+13 digits containing a hyphen
+
+## Pattern
+
+13 digits:
+
+- six digits in the format YYMMDD, which are the date of birth
+- a hyphen
+- one digit determined by the century and gender
+- four-digit region-of-birth code
+- one digit used to differentiate people for whom the preceding numbers are identical
+- a check digit.
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_south_korea_resident_number` finds content that matches the pattern.
+- A keyword from `Keyword_south_korea_resident_number` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_south_korea_resident_number` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- South Korea Resident Registration Number -->
+<Entity id="5b802e18-ba80-44c4-bc83-bf2ad36ae36a" recommendedConfidence="85" patternsProximity="300">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_south_korea_resident_number"/>
+ <Match idRef="Keyword_south_korea_resident_number"/>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_south_korea_resident_number"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_south_korea_resident_number
+
+- National ID card
+- Citizen's Registration Number
+- Jumin deungnok beonho
+- RRN
+- 주민등록번호
compliance Sit Defn Spain Dni https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-spain-dni.md
+
+ Title: "Spain DNI entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Spain DNI sensitive information type entity definition."
++
+# Spain DNI
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+eight digits followed by one character
+
+## Pattern
+
+seven digits followed by one character
+
+- eight digits
+- An optional space or hyphen
+- one check letter (not case-sensitive)
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.
+- A keyword from `Keywords_spain_eu_national_id_card"` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.
+
+```xml
+ <!-- Spain DNI -->
+ <Entity id="8e6251b9-47b4-40e8-a42b-0f80876be192" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
+ <Match idRef="Keywords_spain_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
+ </Pattern>
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_spain_eu_DL_and_NI_number_foreigner" />
+ <Match idRef="Keywords_spain_eu_national_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_spain_eu_DL_and_NI_number_foreigner" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_spain_eu_national_id_card
+
+- carné de identidad
+- dni#
+- dni
+- dnin├║mero#
+- documento nacional de identidad
+- identidad ├║nico
+- identidad├║nico#
+- insurance number
+- national identification number
+- national identity
+- nationalid#
+- nationalidno#
+- nie#
+- nie
+- nien├║mero#
+- n├║mero de identificaci├│n
+- n├║mero nacional identidad
+- personal identification number
+- personal identity no
+- unique identity number
+- uniqueid#
compliance Sit Defn Spain Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-spain-drivers-license-number.md
+
+ Title: "Spain drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Spain driver's license number sensitive information type entity definition."
++
+# Spain drivers license number
+
+## Format
+
+eight digits followed by one character
+
+## Pattern
+
+eight digits followed by one character:
+
+- eight digits
+- one digit or letter (not case-sensitive)
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_spain_eu_driver's_license_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_spain_eu_DL_and_NI_number_citizen` or `Func_spain_eu_DL_and_NI_number_foreigner` finds content that matches the pattern.
+
+```xml
+ <!-- Spain Driver's License Number -->
+ <Entity id="d5a82922-b501-4f40-8868-341321146aa2" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_spain_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
+ </Pattern>
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_spain_eu_DL_and_NI_number_foreigner" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_spain_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_spain_eu_DL_and_NI_number_foreigner" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_spain_eu_driver's_license_number
+
+- permiso de conducci├│n
+- permiso conducci├│n
+- licencia de conducir
+- licencia conducir
+- permiso conducir
+- permiso de conducir
+- permisos de conducir
+- permisos conducir
+- carnet conducir
+- carnet de conducir
+- licencia de manejo
+- licencia manejo
compliance Sit Defn Spain Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-spain-passport-number.md
+
+ Title: "Spain passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Spain passport number sensitive information type entity definition."
++
+# Spain passport number
+
+## Format
+
+an eight- or nine-character combination of letters and numbers with no spaces or delimiters
+
+## Pattern
+
+an eight- or nine-character combination of letters and numbers:
+
+- two digits or letters
+- one digit or letter (optional)
+- six digits
+
+## Checksum
+
+Not applicable
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.
+- The regular expression `Regex_spain_eu_passport_date` finds date in the format DD-MM-YYYY or a keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_spain_eu_passport_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_spain_eu_passport_number` is found.
+
+```xml
+ <!-- Spain Passport Number -->
+ <Entity id="d17a57de-9fa5-4e9f-85d3-85c26d89686e" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_spain_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_spain_eu_passport_number" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_spain_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_spain_eu_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_spain_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_spain_eu_passport_number
+
+- libreta pasaporte
+- n├║mero pasaporte
+- espa├▒a pasaporte
+- n├║meros de pasaporte
+- n├║mero de pasaporte
+- n├║meros pasaporte
+- pasaporte no
+- Passeport n┬░
+- n┬░ Passeport
+- pasaporte no.
+- pasaporte n┬░
+- spain passport
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Spain Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-spain-physical-addresses.md
+
+ Title: "Spain physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Spain physical addresses sensitive information type entity definition."
+++
+# Spain physical addresses
+
+This unbundled named entity detects patterns related to physical address from Spain. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Spain Social Security Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-spain-social-security-number.md
+
+ Title: "Spain social security number (SSN) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Spain social security number (SSN) sensitive information type entity definition."
++
+# Spain social security number (SSN)
+
+## Format
+
+11-12 digits
+
+## Pattern
+
+11-12 digits:
+
+- two digits
+- a forward slash (optional)
+- seven to eight digits
+- a forward slash (optional)
+- two digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_spanish_social_security_number` finds content that matches the pattern.
+- The checksum passes.
+ - A keyword from `Keywords_spain_eu_ssn_or_equivalent` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_spanish_social_security_number` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- Spain SSN -->
+ <Entity id="5df987c0-8eae-4bce-ace7-b316347f3070" patternsProximity="300" recommendedConfidence="85" relaxProximity="true" >
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_spanish_social_security_number" />
+ <Match idRef="Keywords_spain_eu_ssn_or_equivalent" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_spanish_social_security_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_spain_eu_passport_number
+
+- ssn
+- ssn#
+- socialsecurityno
+- social security no
+- social security number
+- n├║mero de la seguridad social
compliance Sit Defn Spain Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-spain-tax-identification-number.md
+
+ Title: "Spain tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Spain tax identification number sensitive information type entity definition."
++
+# Spain tax identification number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+seven or eight digits and one or two letters in the specified pattern
+
+## Pattern
+
+Spanish Natural Persons with a Spain National Identity Card:
+
+- eight digits
+- one uppercase letter (case-sensitive)
+
+Non-resident Spaniards without a Spain National Identity Card
+
+- one uppercase letter "L" (case-sensitive)
+- seven digits
+- one uppercase letter (case-sensitive)
+
+Resident Spaniards under the age of 14 years without a Spain National Identity Card:
+
+- one uppercase letter "K" (case-sensitive)
+- seven digits
+- one uppercase letter (case-sensitive)
+
+Foreigners with a Foreigner's Identification Number
+
+- one uppercase letter that is "X", "Y", or "Z" (case-sensitive)
+- seven digits
+- one uppercase letter (case-sensitive)
+
+Foreigners without a Foreigner's Identification Number
+
+- one uppercase letter that is "M" (case-sensitive)
+- seven digits
+- one uppercase letter (case-sensitive)
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_spain_eu_tax_file_number` or `Func_spain_eu_DL_and_NI_number_citizen` finds content that matches the pattern.
+- A keyword from `Keywords_spain_eu_tax_file_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_spain_eu_tax_file_number` or `Func_spain_eu_DL_and_NI_number_citizen` finds content that matches the pattern.
+
+```xml
+ <!-- Spain Tax Identification Number -->
+ <Entity id="10f0d113-b0e1-47dc-872a-a4f45b9376a3" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_spain_eu_tax_file_number" />
+ <Match idRef="Keywords_spain_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_spain_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
+ <Match idRef="Keywords_spain_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_spain_eu_DL_and_NI_number_citizen" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_spain_eu_tax_file_number
+
+- cif
+- cifid#
+- cifn├║mero#
+- n├║mero de contribuyente
+- n├║mero de identificaci├│n fiscal
+- n├║mero de impuesto corporativo
+- spanishcifid#
+- spanishcifid
+- spanishcifno#
+- spanishcifno
+- tax file no
+- tax file number
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Sql Server Connection String https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-sql-server-connection-string.md
+
+ Title: "SQL Server connection string entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "SQL Server connection string sensitive information type entity definition."
++
+# SQL Server connection string
+
+## Format
+
+The string `User Id`, `User ID`, `uid`, or `UserId` followed by the characters and strings outlined in the pattern below.
+
+## Pattern
+
+- the string `User Id`, `User ID`, `uid`, or `UserId`
+- any combination of between 1-200 lower- or uppercase letters, digits, symbols, special characters, or spaces
+- the string `Password` or `pwd` where `pwd` isn't preceded by a lowercase letter
+- an equal sign (=)
+- any character that isn't a dollar sign ($), percent symbol (%), greater than symbol (>), at symbol (@), quotation mark ("), semicolon (;), left brace([), or left bracket ({)
+- any combination of 7-128 characters that aren't a semicolon (;), forward slash (/), or quotation mark (")
+- a semicolon (;) or quotation mark (")
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `CEP_Regex_SQLServerConnectionString` finds content that matches the pattern.
+- A keyword from `CEP_GlobalFilter` isn't found.
+- The regular expression `CEP_PasswordPlaceHolder` doesn't find content that matches the pattern.
+- The regular expression `CEP_CommonExampleKeywords` doesn't find content that matches the pattern.
+
+```sql
+<!SQL Server Connection String>
+<Entity id="e76b6205-d3cb-46f2-bd63-c90153f2f97d" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="CEP_Regex_SQLServerConnectionString" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="CEP_GlobalFilter" />
+ <Match idRef="CEP_PasswordPlaceHolder" />
+ <Match idRef="CEP_CommonExampleKeywords" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### CEP_GlobalFilter
+
+- some-password
+- somepassword
+- secretPassword
+- sample
+
+### CEP_PasswordPlaceHolder
+
+This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
+
+- `Password` or `pwd` followed by 0-2 spaces, an equal sign (=), 0-2 spaces, and an asterisk (*)
+-OR-
+- `Password` or `pwd` followed by:
+ - Equal sign (=)
+ - Less than symbol (<)
+ - Any combination of 1-200 characters that are upper- or lowercase letters, digits, an asterisk (*), hyphen (-), underline (_), or whitespace character
+ - Greater than symbol (>)
+
+### CEP_CommonExampleKeywords
+
+This sensitive information type identifies these keywords by using a regular expression, not a keyword list.
+
+- contoso
+- fabrikam
+- northwind
+- sandbox
+- onebox
+- localhost
+- 127.0.0.1
+- testacs.<!--no-hyperlink-->com
+- s-int.<!--no-hyperlink-->net
compliance Sit Defn Surgical Procedures https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-surgical-procedures.md
+
+ Title: "Surgical procedures entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Surgical procedures sensitive information type entity definition."
++
+# Surgical procedures
+
+This unbundled named entity detects terms related to surgical procedures, such as *appendectomy*. It supports English terms only. It's also included in the [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+High
compliance Sit Defn Sweden Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-sweden-drivers-license-number.md
+
+ Title: "Sweden drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Sweden driver's license number sensitive information type entity definition."
++
+# Sweden drivers license number
+
+## Format
+
+10 digits containing a hyphen
+
+## Pattern
+
+10 digits containing a hyphen:
+
+- six digits
+- a hyphen
+- four digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_sweden_eu_driver's_license_number` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` or `Keywords_sweden_eu_driver's_license_number` is found.
+
+```xml
+ <!-- Sweden Driver's License Number -->
+ <Entity id="70088720-90dd-47f5-805e-5525f3567391" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_sweden_eu_driver's_license_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ <Match idRef="Keywords_sweden_eu_driver's_license_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+
+### Keywords_sweden_eu_driver's_license_number
+
+- ajokortti
+- permis de conducere
+- ajokortin numero
+- kuljettajat lic.
+- drivere lic.
+- k├╢rkort
+- num─ârul permisului de conducere
+- שאָפער דערלויבעניש נומער
+- f├╢rare lic.
+- דריווערס דערלויבעניש
+- k├╢rkortsnummer
compliance Sit Defn Sweden National Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-sweden-national-id.md
+
+ Title: "Sweden national ID entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Sweden national ID sensitive information type entity definition."
++
+# Sweden national ID
+
+## Format
+
+10 or 12 digits and an optional delimiter
+
+## Pattern
+
+10 or 12 digits and an optional delimiter:
+
+- two digits (optional)
+- Six digits in date format YYMMDD
+- delimiter of "-" or "+" (optional)
+- four digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_swedish_national_identifier` finds content that matches the pattern.
+- A keyword from `Keywords_swedish_national_identifier` is found
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_swedish_national_identifier` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- Sweden National ID -->
+ <Entity id="f69aaf40-79be-4fac-8f05-fd1910d272c8" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_swedish_national_identifier" />
+ <Match idRef="Keywords_swedish_national_identifier" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_swedish_national_identifier" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_swedish_national_identifier
+
+- id no
+- id number
+- id#
+- identification no
+- identification number
+- identifikationsnumret#
+- identifikationsnumret
+- identitetshandling
+- identity document
+- identity no
+- identity number
+- id-nummer
+- personal id
+- personnummer#
+- personnummer
+- skatteidentifikationsnummer
compliance Sit Defn Sweden Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-sweden-passport-number.md
+
+ Title: "Sweden passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Sweden passport number sensitive information type entity definition."
++
+# Sweden passport number
+
+## Format
+
+eight digits
+
+## Pattern
+
+eight consecutive digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- the regular expression Regex_sweden_passport_number finds content that matches the pattern.
+- a keyword from `Keywords_eu_passport_number` or `Keyword_sweden_passport` is found.
+- the regular expression `Regex_sweden_eu_passport_date` finds a date in the format DD MMM/MMM YY (01 JAN/JAN 12) or a keyword from `Keywords_eu_passport_date` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- the regular expression Regex_sweden_passport_number finds content that matches the pattern.
+- a keyword from `Keywords_eu_passport_number` or `Keyword_sweden_passport` is found.
+
+```xml
+ <!-- Sweden Passport Number -->
+ <Entity id="ba4e7456-55a9-4d89-9140-c33673553526" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_sweden_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keyword_sweden_passport" />
+ </Any>
+ <Any minMatches="1">
+ <Match idRef="Regex_sweden_eu_passport_date" />
+ <Match idRef="Keywords_eu_passport_date" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_sweden_passport_number" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keyword_sweden_passport" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keyword_sweden_passport
+
+- alien registration card
+- g3 processing fees
+- multiple entry
+- Numéro de passeport
+- passeport n ┬░
+- passeport non
+- passeport #
+- passeport#
+- passeportnon
+- passeportn ┬░
+- passnummer
+- pass nr
+- schengen visa
+- schengen visas
+- single entry
+- sverige pass
+- visa requirements
+- visa processing
+- visa type
+
+### Keywords_eu_passport_date
+
+- date of issue
+- date of expiry
compliance Sit Defn Sweden Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-sweden-physical-addresses.md
+
+ Title: "Sweden physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Sweden physical addresses sensitive information type entity definition."
++
+# Sweden physical addresses
+
+This unbundled named entity detects patterns related to physical address from Sweden. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Sweden Tax Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-sweden-tax-identification-number.md
+
+ Title: "Sweden tax identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Sweden tax identification number sensitive information type entity definition."
++
+# Sweden tax identification number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+10 digits and a symbol in the specified pattern
+
+## Pattern
+
+10 digits and a symbol:
+
+- six digits that correspond to the birth date (YYMMDD)
+- a plus sign or minus sign
+- three digits that make the identification number unique where:
+ - for numbers issued before 1990, the seventh and eighth digit identify the county of birth or foreign-born people
+ - the digit in the ninth position indicates gender by either odd for male or even for female
+- one check digit
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_sweden_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_sweden_eu_tax_file_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_sweden_eu_tax_file_number` finds content that matches the pattern.
+
+```xml
+ <!-- Sweden Tax Identification Number -->
+ <Entity id="139acba0-a5bc-4fbb-876d-f7a493ae8a40" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_sweden_eu_tax_file_number" />
+ <Match idRef="Keywords_sweden_eu_tax_file_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_sweden_eu_tax_file_number" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keywords_sweden_eu_telephone_number" />
+ <Match idRef="Keywords_sweden_eu_mobile_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_sweden_eu_tax_file_number
+
+- personal id number
+- personnummer
+- skatt id nummer
+- skatt identifikation
+- skattebetalarens identifikationsnummer
+- sverige tin
+- tax file
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax number
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Swift Code https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-swift-code.md
+
+ Title: "SWIFT code entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "SWIFT code sensitive information type entity definition."
++
+# SWIFT code
+
+## Format
+
+four letters followed by 5-31 letters or digits
+
+## Pattern
+
+four letters followed by 5-31 letters or digits:
+
+- four-letter bank code (not case-sensitive)
+- an optional space
+- 4-28 letters or digits (the Basic Bank Account Number (BBAN))
+- an optional space
+- one to three letters or digits (remainder of the BBAN)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_swift` finds content that matches the pattern.
+- A keyword from `Keyword_swift` is found.
+
+```xml
+<Entity id="cb2ab58c-9cb8-4c81-baf8-a4e106791df4" patternsProximity="300" recommendedConfidence="75">
+<Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_swift" />
+ <Match idRef="Keyword_swift" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_swift
+
+- international organization for standardization 9362
+- iso 9362
+- iso9362
+- swift#
+- swiftcode
+- swiftnumber
+- swiftroutingnumber
+- swift code
+- swift number #
+- swift routing number
+- bic number
+- bic code
+- bic #
+- bic#
+- bank identifier code
+- Organisation internationale de normalisation 9362
+- rapide #
+- code SWIFT
+- le numéro de swift
+- swift numéro d'acheminement
+- le numéro BIC
+- \# BIC
+- code identificateur de banque
+- SWIFTコード
+- SWIFT番号
+- BIC番号
+- BICコード
+- SWIFT コード
+- SWIFT 番号
+- BIC 番号
+- BIC コード
+- 金融機関識別コード
+- 金融機関コード
+- 銀行コード
compliance Sit Defn Switzerland Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-switzerland-physical-addresses.md
+
+ Title: "Switzerland physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Switzerland physical addresses sensitive information type entity definition."
++
+# Switzerland physical addresses
+
+This unbundled named entity detects patterns related to physical address from Switzerland. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Switzerland Ssn Ahv Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-switzerland-ssn-ahv-number.md
+
+ Title: "Switzerland SSN AHV number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Switzerland SSN AHV number sensitive information type entity definition."
++
+# Switzerland SSN AHV number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+13-digit number
+
+## Pattern
+
+13-digit number:
+
+- three digits - 756
+- an optional dot
+- four digits
+- an optional dot
+- four digits
+- an optional dot
+- two digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_swiss_social_security_number_ahv` finds content that matches the pattern.
+- A keyword from `Keywords_swiss_social_security_number_ahv` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_swiss_social_security_number_ahv` finds content that matches the pattern.
+
+```xml
+ <!-- Swiss SSN AHV Number -->
+ <Entity id="277cfa4b-6eaa-4a1b-9492-099dec849971" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_swiss_social_security_number_ahv" />
+ <Match idRef="Keywords_swiss_social_security_number_ahv" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_swiss_social_security_number_ahv" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_swiss_ssn_AHV_number
+
+- ahv
+- ssn
+- pid
+- insurance number
+- personalidno#
+- social security number
+- personal id number
+- personal identification no.
+- insuranceno#
+- uniqueidno#
+- unique identification no.
+- avs number
+- personal identity no versicherungsnummer
+- identifikationsnummer
+- einzigartige identität nicht
+- sozialversicherungsnummer
+- identification personnelle id
+- numéro de sécurité sociale
compliance Sit Defn Taiwan National Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-taiwan-national-identification-number.md
+
+ Title: "Taiwan national identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Taiwan national identification number sensitive information type entity definition."
++
+# Taiwan national identification number
+
+## Format
+
+one letter (in English) followed by nine digits
+
+## Pattern
+
+one letter (in English) followed by nine digits:
+
+- one letter (in English, not case-sensitive)
+- the digit "1" or "2"
+- eight digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_taiwanese_national_id` finds content that matches the pattern.
+- A keyword from `Keyword_taiwanese_national_id` is found.
+- The checksum passes.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_taiwanese_national_id` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+<!-- Taiwanese National ID -->
+<Entity id="4C7BFC34-8DD1-421D-8FB7-6C6182C2AF03" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_taiwanese_national_id" />
+ <Match idRef="Keyword_taiwanese_national_id" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_taiwanese_national_id" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_taiwan_national_id
+
+- 身份證字號
+- 身份證
+- 身份證號碼
+- 身份證號
+- 身分證字號
+- 身分證
+- 身分證號碼
+- 身份證號
+- 身分證統一編號
+- 國民身分證統一編號
+- 簽名
+- 蓋章
+- 簽名或蓋章
+- 簽章
compliance Sit Defn Taiwan Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-taiwan-passport-number.md
+
+ Title: "Taiwan passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Taiwan passport number sensitive information type entity definition."
++
+# Taiwan passport number
+
+## Format
+
+- biometric passport number: nine digits
+- non-biometric passport number: nine digits
+
+## Pattern
+
+biometric passport number:
+
+- the character "3"
+- eight digits
+
+non-biometric passport number:
+
+- nine digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_taiwan_passport` finds content that matches the pattern.
+- A keyword from `Keyword_taiwan_passport` is found.
+
+```xml
+<!-- Taiwan Passport Number -->
+<Entity id="e7251cb4-4c2c-41df-963e-924eb3dae04a" recommendedConfidence="75" patternsProximity="300">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_taiwan_passport"/>
+ <Match idRef="Keyword_taiwan_passport"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_taiwan_passport
+
+- ROC passport number
+- Passport number
+- Passport no
+- Passport Num
+- Passport #
+- 护照
+- 中華民國護照
+- Zhōnghuá Mínguó hùzhào
compliance Sit Defn Taiwan Resident Certificate Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-taiwan-resident-certificate-number.md
+
+ Title: "Taiwan-resident certificate (ARC/TARC) number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Taiwan-resident certificate (ARC/TARC) number sensitive information type entity definition."
++
+# Taiwan-resident certificate (ARC/TARC) number
+
+## Format
+
+10 letters and digits
+
+## Pattern
+
+10 letters and digits:
+
+- two letters (not case-sensitive)
+- eight digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_taiwan_resident_certificate` finds content that matches the pattern.
+- A keyword from `Keyword_taiwan_resident_certificate` is found.
+
+```xml
+<!-- Taiwan Resident Certificate (ARC/TARC) -->
+<Entity id="48269fec-05ea-46ea-b326-f5623a58c6e9" recommendedConfidence="75" patternsProximity="300">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_taiwan_resident_certificate"/>
+ <Match idRef="Keyword_taiwan_resident_certificate"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_taiwan_resident_certificate
+
+- Resident Certificate
+- Resident Cert
+- Resident Cert.
+- Identification card
+- Alien Resident Certificate
+- ARC
+- Taiwan Area Resident Certificate
+- TARC
+- 居留證
+- 外僑居留證
+- 台灣地區居留證
compliance Sit Defn Thai Population Identification Code https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-thai-population-identification-code.md
+
+ Title: "Thai population identification code entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Thai population identification code sensitive information type entity definition."
++
+# Thai population identification code
+
+## Format
+
+13 digits
+
+## Pattern
+
+13 digits:
+
+- first digit isn't zero or nine
+- 12 digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_Thai_Citizen_Id` finds content that matches the pattern.
+- A keyword from `Keyword_Thai_Citizen_Id` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_Thai_Citizen_Id` finds content that matches the pattern.
+
+```xml
+<!-- Thai Citizen ID -->
+-<Entity id="44ca9e86-ead7-4c5d-884a-e2eaa401515e" recommendedConfidence="75" patternsProximity="300">
+ -<Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_Thai_Citizen_Id"/>
+ <Match idRef="Keyword_Thai_Citizen_Id"/>
+ </Pattern>
+ -<Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_Thai_Citizen_Id"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_thai_citizen_Id
+
+- ID Number
+- Identification Number
+- บัตรประชาชน
+- รหัสบัตรประชาชน
+- บัตรประชาชน
+- รหัสบัตรประชาชน
compliance Sit Defn Turkey National Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-turkey-national-identification-number.md
+
+ Title: "Turkey national identification number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Turkey national identification number sensitive information type entity definition."
++
+# Turkey national identification number
+
+## Format
+
+11 digits
+
+## Pattern
+
+11 digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_Turkish_National_Id` finds content that matches the pattern.
+- A keyword from `Keyword_Turkish_National_Id` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_Turkish_National_Id` finds content that matches the pattern.
+
+```xml
+<!-- Turkish National Identity -->
+-<Entity id="fb621f20-3876-4cfc-acec-8c8e73ca32c7" recommendedConfidence="75" patternsProximity="300">
+ -<Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_Turkish_National_Id"/>
+ <Match idRef="Keyword_Turkish_National_Id"/>
+ </Pattern>
+ -<Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_Turkish_National_Id"/>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_turkish_national_id
+
+- TC Kimlik No
+- TC Kimlik numaras─▒
+- Vatandaşlık numarası
+- Vatandaşlık no
compliance Sit Defn Turkey Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-turkey-physical-addresses.md
+
+ Title: "Turkey physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Turkey physical addresses sensitive information type entity definition."
++
+# Turkey physical addresses
+
+This unbundled named entity detects patterns related to physical address from Turkey. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Types Of Medication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-types-of-medication.md
+
+ Title: "Types of medication entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Types of medication sensitive information type entity definition."
++
+# Types of medication
+
+This unbundled named entity detects medication names, such as *insulin*. It supports English terms only. It's also included in the [All medical terms and conditions](sit-defn-all-medical-terms-conditions.md) bundled named entity SIT.
+
+## Confidence level
+
+High
compliance Sit Defn Uk Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-uk-drivers-license-number.md
+
+ Title: "U.K. drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.K. driver's license number sensitive information type entity definition."
++
+# U.K. drivers license number
+
+## Format
+
+Combination of 18 letters and digits in the specified format
+
+## Pattern
+
+18 letters and digits:
+
+- Five letters (not case-sensitive) or the digit "9" in place of a letter.
+- One digit.
+- Five digits in the date format MMDDY for date of birth. The seventh character is incremented by 50 if driver is female; for example, 51 to 62 instead of 01 to 12.
+- Two letters (not case-sensitive) or the digit "9" in place of a letter.
+- Five digits.
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_uk_drivers_license` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number` is found.
+- The checksum passes.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_uk_drivers_license` finds content that matches the pattern.
+- The checksum passes.
+
+```xml
+ <!-- U.K. Driver's License Number -->
+ <Entity id="f93de4be-d94c-40df-a8be-461738047551" patternsProximity="300" recommendedConfidence="75" relaxProximity="true" >
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_uk_drivers_license" />
+ <Match idRef="Keywords_eu_driver's_license_number" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_uk_drivers_license" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_driver's_license_number
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
compliance Sit Defn Uk Electoral Roll Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-uk-electoral-roll-number.md
+
+ Title: "U.K. electoral roll number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.K. electoral roll number sensitive information type entity definition."
++
+# U.K. electoral roll number
+
+## Format
+
+two letters followed by 1-4 digits
+
+## Pattern
+
+two letters (not case-sensitive) followed by 1-4 numbers
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_uk_electoral` finds content that matches the pattern.
+- A keyword from `Keyword_uk_electoral` is found.
+
+```xml
+<!-- U.K. Electoral Number -->
+<Entity id="a3eea206-dc0c-4f06-9e22-aa1be3059963" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_uk_electoral" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_uk_electoral" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_uk_electoral
+
+- council nomination
+- nomination form
+- electoral register
+- electoral roll
compliance Sit Defn Uk National Health Service Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-uk-national-health-service-number.md
+
+ Title: "U.K. national health service number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.K. national health service number sensitive information type entity definition."
++
+# U.K. national health service number
+
+## Format
+
+10-17 digits separated by spaces
+
+## Pattern
+
+10-17 digits:
+
+- either 3 or 10 digits
+- a space
+- three digits
+- a space
+- four digits
+
+## Checksum
+
+Yes
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_uk_nhs_number` finds content that matches the pattern.
+- One of the following is true:
+ - A keyword from `Keyword_uk_nhs_number` is found.
+ - A keyword from `Keyword_uk_nhs_number1` is found.
+ - A keyword from `Keyword_uk_nhs_number_dob` is found.
+- The checksum passes.
+
+```xml
+<!-- U.K. NHS Number -->
+<Entity id="3192014e-2a16-44e9-aa69-4b20375c9a78" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_uk_nhs_number" />
+ <Any minMatches="1">
+ <Match idRef="Keyword_uk_nhs_number" />
+ <Match idRef="Keyword_uk_nhs_number1" />
+ <Match idRef="Keyword_uk_nhs_number_dob" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_uk_nhs_number
+
+- national health service
+- nhs
+- health services authority
+- health authority
+
+### Keyword_uk_nhs_number1
+
+- patient id
+- patient identification
+- patient no
+- patient number
+
+### Keyword_uk_nhs_number_dob
+
+- GP
+- DOB
+- D.O.B
+- Date of Birth
+- Birth Date
compliance Sit Defn Uk National Insurance Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-uk-national-insurance-number.md
+
+ Title: "U.K. national insurance number (NINO) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.K. national insurance number (NINO) sensitive information type entity definition."
++
+# U.K. national insurance number (NINO)
+
+This sensitive information type entity is included in the EU National Identification Number sensitive information type. It's also available as a stand-alone sensitive information type entity.
+
+## Format
+
+seven characters or nine characters separated by spaces or dashes
+
+## Pattern
+
+two possible patterns:
+
+- two letters (valid NINOs use only certain characters in this prefix, which this pattern validates; not case-sensitive)
+- six digits
+- either 'A', 'B', 'C', or 'D' (like the prefix, only certain characters are allowed in the suffix; not case-sensitive)
+
+OR
+
+- two letters
+- a space or dash
+- two digits
+- a space or dash
+- two digits
+- a space or dash
+- two digits
+- a space or dash
+- either 'A', 'B', 'C', or 'D'
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_uk_nino` finds content that matches the pattern.
+- A keyword from `Keyword_uk_nino` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_uk_nino` finds content that matches the pattern.
+
+```xml
+ <!-- U.K. NINO -->
+ <Entity id="16c07343-c26f-49d2-a987-3daf717e94cc" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_uk_nino" />
+ <Match idRef="Keyword_uk_nino" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_uk_nino" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_uk_nino
+
+- national insurance number
+- national insurance contributions
+- protection act
+- insurance
+- social security number
+- insurance application
+- medical application
+- social insurance
+- medical attention
+- social security
+- great britain
+- NI Number
+- NI No.
+- NI #
+- NI#
+- insurance#
+- insurancenumber
+- nationalinsurance#
+- nationalinsurancenumber
compliance Sit Defn Uk Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-uk-physical-addresses.md
+
+ Title: "U.K. physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.K. physical addresses sensitive information type entity definition."
++
+# U.K. physical addresses
+
+This unbundled named entity detects patterns related to physical address from the U.K.. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Uk Unique Taxpayer Reference Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-uk-unique-taxpayer-reference-number.md
+
+ Title: "U.K. Unique Taxpayer Reference Number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.K. Unique Taxpayer Reference Number sensitive information type entity definition."
++
+# U.K. Unique Taxpayer Reference Number
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+10 digits without spaces and delimiters
+
+## Pattern
+
+10 digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_uk_eu_tax_file_number` finds content that matches the pattern.
+- A keyword from `Keywords_uk_eu_tax_file_number` is found.
+
+```xml
+ <!-- U.K. Unique Taxpayer Reference Number -->
+ <Entity id="ad4a8116-0db8-439a-b545-6d967642f0ec" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_uk_eu_tax_file_number" />
+ <Match idRef="Keywords_uk_eu_tax_file_number" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_uk_eu_tax_file_number
+
+- tax number
+- tax file
+- tax id
+- tax identification no
+- tax identification number
+- tax no#
+- tax no
+- tax registration number
+- taxid#
+- taxidno#
+- taxidnumber#
+- taxno#
+- taxnumber#
+- taxnumber
+- tin id
+- tin no
+- tin#
compliance Sit Defn Ukraine Passport Domestic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-ukraine-passport-domestic.md
+
+ Title: "Ukraine passport domestic entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Ukraine passport domestic sensitive information type entity definition."
++
+# Ukraine passport domestic
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+nine digits
+
+## Pattern
+
+nine digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regex `Regex_Ukraine_Passport_Domestic` finds content that matches the pattern.
+- A keyword from `Keyword_Ukraine_Passport_Domestic` is found.
+
+```xml
+ <!-- Ukraine Passport Domestic -->
+ <Entity id="1817a540-221f-4459-9202-3bd78b81d803" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_Ukraine_Passport_Domestic"/>
+ <Match idRef="Keyword_Ukraine_Passport_Domestic"/>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_ukraine_passport_domestic
+
+- ukraine passport
+- passport number
+- passport no
+- паспорт України
+- номер паспорта
+- персональний
compliance Sit Defn Ukraine Passport International https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-ukraine-passport-international.md
+
+ Title: "Ukraine passport international entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "Ukraine passport international sensitive information type entity definition."
++
+# Ukraine passport international
+
+This sensitive information type is only available for use in:
+
+- data loss prevention policies
+- communication compliance policies
+- data lifecycle management
+- records management
+- Microsoft Defender for Cloud Apps
+
+## Format
+
+eight-character alphanumeric pattern
+
+## Pattern
+
+eight-character alphanumeric pattern:
+
+- two letters or digits
+- six digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regex `Regex_Ukraine_Passport_International` finds content that matches the pattern.
+- A keyword from `Keyword_Ukraine_Passport_International` is found.
+
+```xml
+ <!-- Ukraine Passport International -->
+ <Entity id="cfbe032d-22e0-4f28-ab68-d66e9641f1e2" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_Ukraine_Passport_International"/>
+ <Match idRef="Keyword_Ukraine_Passport_International"/>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_ukraine_passport_international
+
+- ukraine passport
+- passport number
+- passport no
+- паспорт України
+- номер паспорта
compliance Sit Defn Us Bank Account Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-us-bank-account-number.md
+
+ Title: "U.S. bank account number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.S. bank account number sensitive information type entity definition."
++
+# U.S. bank account number
+
+## Format
+
+6-17 digits
+
+## Pattern
+
+6-17 consecutive digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The regular expression `Regex_usa_bank_account_number` finds content that matches the pattern.
+- A keyword from `Keyword_usa_Bank_Account` is found.
+
+```xml
+<!-- U.S. Bank Account Number -->
+<Entity id="a2ce32a8-f935-4bb6-8e96-2a5157672e2c" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_usa_bank_account_number" />
+ <Match idRef="Keyword_usa_Bank_Account" />
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_usa_Bank_Account
+
+- Checking Account Number
+- Checking Account
+- Checking Account #
+- Checking Acct Number
+- Checking Acct #
+- Checking Acct No.
+- Checking Account No.
+- Bank Account Number
+- Bank Account #
+- Bank Acct Number
+- Bank Acct #
+- Bank Acct No.
+- Bank Account No.
+- Savings Account Number
+- Savings Account.
+- Savings Account #
+- Savings Acct Number
+- Savings Acct #
+- Savings Acct No.
+- Savings Account No.
+- Debit Account Number
+- Debit Account
+- Debit Account #
+- Debit Acct Number
+- Debit Acct #
+- Debit Acct No.
+- Debit Account No.
compliance Sit Defn Us Drivers License Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-us-drivers-license-number.md
+
+ Title: "U.S. drivers license number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.S. driver's license number sensitive information type entity definition."
++
+# U.S. drivers license number
+
+## Format
+
+Depends on the state
+
+## Pattern
+
+depends on the state - for example, New York:
+
+- nine digits formatted like ddd ddd ddd will match.
+- nine digits like ddddddddd won't match.
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_new_york_drivers_license_number` finds content that matches the pattern.
+- A keyword from `Keyword_[state_name]_drivers_license_name` is found.
+- A keyword from `Keyword_us_drivers_license` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_new_york_drivers_license_number` finds content that matches the pattern.
+- A keyword from `Keyword_[state_name]_drivers_license_name` is found.
+- A keyword from `Keyword_us_drivers_license_abbreviations` is found.
+- No keyword from `Keyword_us_drivers_license` is found.
+
+```xml
+<Entity id="dfeb356f-61cd-459e-bf0f-7c6d28b458c6 patternsProximity="300">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_new_york_drivers_license_number" />
+ <Match idRef="Keyword_new_york_drivers_license_name" />
+ <Match idRef="Keyword_us_drivers_license" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_new_york_drivers_license_number" />
+ <Match idRef="Keyword_new_york_drivers_license_name" />
+ <Match idRef="Keyword_us_drivers_license_abbreviations" />
+ <Any minMatches="0" maxMatches="0">
+ <Match idRef="Keyword_us_drivers_license" />
+ </Any>
+ </Pattern>
+</Entity>
+```
+
+## Keywords
+
+### Keyword_us_drivers_license_abbreviations
+
+- DL
+- DLS
+- CDL
+- CDLS
+- ID
+- IDs
+- DL#
+- DLS#
+- CDL#
+- CDLS#
+- ID#
+- IDs#
+- ID number
+- ID numbers
+- LIC
+- LIC#
+- DLN
+
+### Keyword_us_drivers_license
+
+- DriverLic
+- DriverLics
+- DriverLicense
+- DriverLicenses
+- Driver Lic
+- Driver Lics
+- Driver License
+- Driver Licenses
+- DriversLic
+- DriversLics
+- DriversLicense
+- DriversLicenses
+- Drivers Lic
+- Drivers Lics
+- Drivers License
+- Drivers Licenses
+- Driver'Lic
+- Driver'Lics
+- Driver'License
+- Driver'Licenses
+- Driver' Lic
+- Driver' Lics
+- Driver' License
+- Driver' Licenses
+- Driver'sLic
+- Driver'sLics
+- Driver'sLicense
+- Driver'sLicenses
+- Driver's Lic
+- Driver's Lics
+- Driver's License
+- Driver's Licenses
+- identification number
+- identification numbers
+- identification #
+- id card
+- id cards
+- identification card
+- identification cards
+- DriverLic#
+- DriverLics#
+- DriverLicense#
+- DriverLicenses#
+- Driver Lic#
+- Driver Lics#
+- Driver License#
+- Driver Licenses#
+- DriversLic#
+- DriversLics#
+- DriversLicense#
+- DriversLicenses#
+- Drivers Lic#
+- Drivers Lics#
+- Drivers License#
+- Drivers Licenses#
+- Driver'Lic#
+- Driver'Lics#
+- Driver'License#
+- Driver'Licenses#
+- Driver' Lic#
+- Driver' Lics#
+- Driver' License#
+- Driver' Licenses#
+- Driver'sLic#
+- Driver'sLics#
+- Driver'sLicense#
+- Driver'sLicenses#
+- Driver's Lic#
+- Driver's Lics#
+- Driver's License#
+- Driver's Licenses#
+- id card#
+- id cards#
+- identification card#
+- identification cards#
+
+### Keyword_[state_name]_drivers_license_name
+
+- state abbreviation (for example, "NY")
+- state name (for example, "New York")
compliance Sit Defn Us Individual Taxpayer Identification Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-us-individual-taxpayer-identification-number.md
+
+ Title: "U.S. individual taxpayer identification number (ITIN) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.S. individual taxpayer identification number (ITIN) sensitive information type entity definition."
++
+# U.S. individual taxpayer identification number (ITIN)
+
+## Format
+
+nine digits that start with a "9" and contain a "7" or "8" as the fourth digit, optionally formatted with spaces or dashes
+
+## Pattern
+
+formatted:
+
+- the digit "9"
+- two digits
+- a space or dash
+- a "7" or "8"
+- a digit
+- a space, or dash
+- four digits
+
+unformatted:
+
+- the digit "9"
+- two digits
+- a "7" or "8"
+- five digits
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_formatted_itin` finds content that matches the pattern.
+- A keyword from `Keyword_itin` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_unformatted_itin` finds content that matches the pattern.
+- A keyword from `Keyword_itin` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_formatted_itin` or `Func_unformatted_itin` finds content that matches the pattern.
+
+```xml
+ <!-- U.S. Individual Taxpayer Identification Number (ITIN) -->
+ <Entity id="e55e2a32-f92d-4985-a35d-a0b269eb687b" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_formatted_itin" />
+ <Match idRef="Keyword_itin" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_unformatted_itin" />
+ <Match idRef="Keyword_itin" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_formatted_itin" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_unformatted_itin" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_itin
+
+- taxpayer
+- tax id
+- tax identification
+- itin
+- i.t.i.n.
+- ssn
+- tin
+- social security
+- tax payer
+- itins
+- taxid
+- individual taxpayer
compliance Sit Defn Us Physical Addresses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-us-physical-addresses.md
+
+ Title: "U.S. physical addresses entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.S. physical addresses sensitive information type entity definition."
++
+# U.S. physical addresses
+
+This unbundled named entity detects patterns related to physical address from the U.S.. It's also included in the [All Physical Addresses](sit-defn-all-physical-addresses.md) bundled named entity SIT.
+
+## Confidence level
+
+Medium
compliance Sit Defn Us Social Security Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-us-social-security-number.md
+
+ Title: "U.S. social security number (SSN) entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.S. social security number (SSN) sensitive information type entity definition."
++
+# U.S. social security number (SSN)
+
+## Format
+
+nine digits, which may be in a formatted or unformatted pattern
+
+> [!NOTE]
+> If issued before mid-2011, an SSN has strong formatting where certain parts of the number must fall within certain ranges to be valid (but there's no checksum).
+
+## Pattern
+
+four functions look for SSNs in four different patterns:
+
+- `Func_ssn` finds SSNs with pre-2011 strong formatting that are formatted with dashes or spaces (ddd-dd-dddd OR ddd dd dddd)
+- `Func_unformatted_ssn` finds SSNs with pre-2011 strong formatting that are unformatted as nine consecutive digits (ddddddddd)
+- `Func_randomized_formatted_ssn` finds post-2011 SSNs that are formatted with dashes or spaces (ddd-dd-dddd OR ddd dd dddd)
+- `Func_randomized_unformatted_ssn` finds post-2011 SSNs that are unformatted as nine consecutive digits (ddddddddd)
+
+## Checksum
+
+No
+
+## Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_ssn` finds content that matches the pattern.
+- A keyword from `Keyword_ssn` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_unformatted_ssn` finds content that matches the pattern.
+- A keyword from `Keyword_ssn` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_randomized_formatted_ssn` or `Func_randomized_unformatted_ssn` finds content that matches the pattern.
+- A keyword from `Keyword_ssn` is found.
+
+```xml
+<!-- U.S. Social Security Number (SSN) -->
+ <Entity id="a44669fe-0d48-453d-a9b1-2cc83f2cba77" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_ssn" />
+ <Match idRef="Keyword_ssn" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_unformatted_ssn" />
+ <Match idRef="Keyword_ssn" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Func_randomized_formatted_ssn" />
+ <Match idRef="Keyword_ssn" />
+ </Pattern>
+ <Pattern confidenceLevel="55">
+ <IdMatch idRef="Func_randomized_unformatted_ssn" />
+ <Match idRef="Keyword_ssn" />
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keyword_ssn
+
+- SSA Number
+- social security number
+- social security #
+- social security#
+- social security no
+- Social Security#
+- Soc Sec
+- SSN
+- SSNS
+- SSN#
+- SS#
+- SSID
compliance Sit Defn Us Uk Passport Number https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-us-uk-passport-number.md
+
+ Title: "U.S./U.K. passport number entity definition"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "U.S./U.K. passport number sensitive information type entity definition."
++
+# U.S./U.K. passport number
+
+## Format
+
+nine digits
+
+## Pattern
+
+- one letter or digit
+- eight digits
+
+## Checksum
+
+No
+
+### Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_usa_uk_passport` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_uk_eu_passport_number` is found.
+- A keyword from `Keywords_eu_passport_date` is found
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+
+- The function `Func_usa_uk_passport` finds content that matches the pattern.
+- A keyword from `Keywords_eu_passport_number` or `Keywords_uk_eu_passport_number` is found.
+
+```xml
+ <!-- U.S. / U.K. Passport Number -->
+ <Entity id="178ec42a-18b4-47cc-85c7-d62c92fd67f8" patternsProximity="300" recommendedConfidence="75">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_usa_uk_passport" />
+ <Match idRef="Keywords_eu_passport_date" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_uk_eu_passport_number" />
+ </Any>
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_usa_uk_passport" />
+ <Any minMatches="1">
+ <Match idRef="Keywords_eu_passport_number" />
+ <Match idRef="Keywords_uk_eu_passport_number" />
+ </Any>
+ </Pattern>
+ </Entity>
+```
+
+## Keywords
+
+### Keywords_eu_passport_number
+
+- passport#
+- passport #
+- passportid
+- passports
+- passportno
+- passport no
+- passportnumber
+- passport number
+- passportnumbers
+- passport numbers
+
+### Keywords_uk_eu_passport_number
+
+- british passport
+- uk passport
compliance Sit Defn User Login Credentials https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-user-login-credentials.md
+
+ Title: "User login credentials entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "User login credentials sensitive information type entity definition."
++
+# User login credentials (preview)
+
+## Format
+
+A paired username and password used in general authentication process.
+
+or
+
+A paired username and password used in PuTTY connection manager.
+
+or
+
+Plain text password used in code snippets.
+
+or
+
+A combination of 88 characters consisting of letters, digits, and special characters.
+
+## Pattern
+
+Various username and password formats, for example:
+
+`username=...;password=********;` <br>
+`user id=...;password=********;` <br>
+`uid=...;pwd=********;` <br>
+`DB_USER=...;DB_PASS=********;` <br>
+`Service Account=...;Password=********;` <br>
+
+or
+
+```xml
+An XML element <login>
+An embeded XML element <login>
+Inner XML content
+An embeded XML element </login>
+An embeded XML element <password>
+Inner XML content
+An embeded XML element </password>
+An XML element </login>
+```
+
+for example
+
+`<login> <login>ZYXWVU_1</login> <password>ZY…`
+
+or
+
+Various password formats in code snippets, for example:
+
+`new X509Certificates2(` <br>
+`ConvertTo-SecureString -String ********` <br>
+`password = "********"` <br>
+`"password" : "********"`<br>
+`UserPasswordCredential(` <br>
+
+or
+
+A combination of 86 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+- ends with two equal signs (=)
+
+for example:
+
+`abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==`
+
+## Checksum
+
+No
+
+## Definition
+
+This SIT is designed to match the security information that's used in general [user login process](/azure/key-vault/quick-create-portal).
+
+It uses several primary resources:
+
+- Patterns of Plain-text username and password.
+- Patterns of Plain-text username and password in PuTTYcm database file.
+- Patterns of Password context in code.
+- Patterns of Base64 encoded 512 bits symmetric key.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_LoginCredentials:
+
+- password
+- pw
+- DB_
+
+### Keyword_LoginCredentialsPutty:
+
+- login
+
+### Keyword_PasswordContextInCode:
+
+- key
+- x509c
+- credential
+- password
+- pw
+- securestring
+
+### Keyword_SymmetricKey512:
+
+- SharedAccessKey
+- AccountKey
compliance Sit Defn X 509 Certificate Private Key https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-x-509-certificate-private-key.md
+
+ Title: "X.509 certificate private key entity definition (preview)"
+f1.keywords:
+- CSH
+++ Last updated :
+audience: Admin
+search.appverid: MET150
+
+f1_keywords:
+- 'ms.o365.cc.UnifiedDLPRuleContainsSensitiveInformation'
+
+ms.localizationpriority: medium
+
+- M365-security-compliance
+hideEdit: true
+feedback_system: None
+recommendations: false
+description: "X.509 certificate private key sensitive information type entity definition."
++
+# X.509 certificate private key (preview)
+
+## Format
+
+A combination of up to 20,000 characters consisting of letters, digits, and special characters.
+
+or
+
+A combination of up to 40 characters consisting of upper-case letters, space, and dashes.
+
+## Pattern
+
+A combination of up to 20,000 characters:
+
+- a-z (not case-sensitive)
+- 0-9
+- forward slashes (/)
+- or plus signs (+)
+
+Up to two equal signs (==)
+
+for example:
+
+`MIIKcQIBAzCCCi0GCSqGSIb3DQEHAaCCCh4EggoaMIIKFjCCBg8GCSqGSIb3DQEHAaCCBgAEggX8MIIF+DCCBfQGCyqGSIb3DQEM`
+
+or
+
+5 dashes (-)
+
+And a combination of up to 30 characters:
+
+- A-Z (case-sensitive)
+- spaces
+- 5 dashes (-)
+
+for example:
+
+`--BEGIN PRIVATE KEY--`
++
+## Checksum
+
+Yes
+
+## Definition
+
+This SIT is designed to match the security information that's used as a private component in [SSL certificates.](/azure/key-vault/certificate-scenarios)
+
+It uses several primary resources:
+
+- Patterns of Base64 encoded string literal.
+- Patterns of Certificate private key header.
+- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
+- Patterns of mockup values, redactions, and placeholders.
+- A dictionary of vocabulary.
+
+The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
+
+## Keywords
+
+### Keyword_Base64EncodedStringLiteral:
+
+- MII
+
+### Keyword_CertificatePrivateKeyHeader:
+
+- key
compliance Sit Edm Notifications Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-edm-notifications-activities.md
When you [create custom sensitive information types with exact data match (EDM)](sit-learn-about-exact-data-match-based-sits.md#learn-about-exact-data-match-based-sensitive-information-types), there are a number of activities that are created in the [audit log](search-the-audit-log-in-security-and-compliance.md#before-you-search-the-audit-log). You can use the [New-ProtectionAlert](/powershell/module/exchange/new-protectionalert) PowerShell cmdlet to create notifications that let you know when these activities occur: -- CreateSchema-- EditSchema-- RemoveSchema-- UploadDataFailed-- UploadDataCompleted
+- `CreateSchema`
+- `EditSchema`
+- `RemoveSchema`
+- `UploadDataFailed`
+- `UploadDataCompleted`
> [!NOTE] The ability to create notifications for EDM activities is available for the World Wide and GCC clouds only.
To learn more about DLP licensing, see [Microsoft 365 licensing guidance for sec
1. Connect to the [Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell).
-2. Run the `New-ProtectionAlert` cmdlet using the activity that you want to create the notification for. For example, if you want to be notified when the **UploadDataCompleted** action occurred, run:
+2. Run the `New-ProtectionAlert` cmdlet using the activity that you want to create the notification for. For example, if you want to be notified when the `UploadDataCompleted` action occurred, run:
```powershell New-ProtectionAlert -Name "EdmUploadCompleteAlertPolicy" -Category Others -NotifyUser <address to send notification to> -ThreatType Activity -Operation UploadDataCompleted -Description "Custom alert policy to track when EDM upload Completed" -AggregationType None ```
- For the **UploadDataFailed** you can run:
+ For the `UploadDataFailed` you can run:
```powershell New-ProtectionAlert -Name "EdmUploadFailAlertPolicy" -Category Others -NotifyUser <SMTP address to send notification to> -ThreatType Activity -Operation UploadDataFailed -Description "Custom alert policy to track when EDM upload Failed" -AggregationType None -Severity High
compliance Sit Learn About Exact Data Match Based Sits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits.md
Proximity - Number of characters between primary and supporting element
### Primary and secondary support elements
-When you create an EDM SIT, you define a *primary element* field in the rule package. Primary fields are the elements for which all your content will be searched, and that need to follow a defined pattern in order to be identified. When the primary element is found in scanned items, EDM will then look for the *secondary* or supporting elements, which don't need to follow a pattern, and their proximity to the primary element. EDM requires that the primary element be first discoverable through an existing SIT. See, [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md) for a complete list of the available SITs. You'll have to find one of those that detects the class you want your EDM SIT to detect. For example, if your EDM SIT schema has U.S. social security number as the primary element, when you create your EDM schema, you'd associated it with the [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn) SIT.
+When you create an EDM SIT, you define a *primary element* field in the rule package. Primary fields are the elements for which all your content will be searched, and that need to follow a defined pattern in order to be identified. When the primary element is found in scanned items, EDM will then look for the *secondary* or supporting elements, which don't need to follow a pattern, and their proximity to the primary element. EDM requires that the primary element be first discoverable through an existing SIT. See, [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md) for a complete list of the available SITs. You'll have to find one of those that detects the class you want your EDM SIT to detect. For example, if your EDM SIT schema has U.S. social security number as the primary element, when you create your EDM schema, you'd associated it with the [U.S. social security number (SSN)](sit-defn-us-social-security-number.md) SIT.
## How matching works
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin c
14. Next, select Application permissions
-15. Then, under Select permissions, expand Mailbox, and check Mailbox.Migration, and Add permissions at the bottom on the screen.
+15. Then, under Select permissions, expand Mailbox, check Mailbox.Migration, and Add permissions at the bottom on the screen.
![Set API](../media/tenant-to-tenant-mailbox-move/0038a4cf74bb13de0feb51800e078803.png)
This can be done before the migration is complete, but you should not assign a l
| Information Protection for Office 365 - Premium | | Information Protection for Office 365 - Standard | | Insights by MyAnalytics |
- | Microsoft 365 Advanced Auditing |
+ | Microsoft Purview Audit (Premium) |
| Microsoft Bookings | | Microsoft Business Center | | Microsoft MyAnalytics (Full) |
enterprise Microsoft 365 Mailbox Utilization Service Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-mailbox-utilization-service-alerts.md
description: "Use mailbox utilization service advisories to monitor mailboxes on
# Service advisories for mailbox utilization in Exchange Online monitoring
-We've released a new Exchange Online service advisories that informs you of mailboxes that are on hold that are at risk of reaching or exceeding their quota. These service advisories provide visibility to the number of mailboxes in your organization that may require admin intervention.
+We've released a new Exchange Online service advisory that informs you of mailboxes that are on hold that are at risk of reaching or exceeding their quota. These service advisories provide visibility to the number of mailboxes in your organization that may require admin intervention.
These service advisories are displayed in the Microsoft 365 admin center. To view these service advisories, go to **Health** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842900" target="_blank">**Service health**</a> > **Exchange Online** and then click the **Active issues** tab. Here's an example of a mailbox utilization service advisory.
enterprise Microsoft 365 U S Government Dod Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-u-s-government-dod-endpoints.md
Title: Office 365 US Government DOD endpoints
Previously updated : 06/01/2022 Last updated : 06/29/2022 audience: ITPro
Office 365 requires connectivity to the Internet. The endpoints below should be
|Notes|Download| |||
-|**Last updated:** 06/01/2022 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVDoD?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVDoD?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|
+|**Last updated:** 06/29/2022 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVDoD?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVDoD?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|
| Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
enterprise Microsoft 365 U S Government Gcc High Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints.md
Title: "Office 365 U.S. Government GCC High endpoints"
Previously updated : 06/01/2022 Last updated : 06/29/2022 audience: ITPro
Office 365 requires connectivity to the Internet. The endpoints below should be
|Notes|Download| |||
-|**Last updated:** 06/01/2022 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVGCCHigh?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVGCCHigh?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|
+|**Last updated:** 06/29/2022 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVGCCHigh?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVGCCHigh?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|
| Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
enterprise Urls And Ip Address Ranges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md
Title: "Office 365 URLs and IP address ranges"
Previously updated : 06/01/2022 Last updated : 06/29/2022 audience: Admin
Office 365 requires connectivity to the Internet. The endpoints below should be
|Notes|Download|Use| ||||
-|**Last updated:** 06/01/2022 - ![RSS.](../medi#pacfiles)|
+|**Last updated:** 06/29/2022 - ![RSS.](../medi#pacfiles)|
| Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This cadence allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
frontline Deploy Teams At Scale https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/deploy-teams-at-scale.md
You use the ```New-CsBatchTeamsDeployment``` cmdlet to submit a batch of teams t
``` If you get an error message, you're already set. Go to the next step.
-1. Download and install the [latest version of the Teams PowerShell module](https://www.powershellgallery.com/packages/MicrosoftTeams).
+1. Download and install the [latest preview version of the Teams PowerShell module](https://www.powershellgallery.com/packages/MicrosoftTeams). You must be running version 4.3.1 (preview) or a later preview version.
1. Run the following to connect to Teams.
frontline Ehr Admin Cerner https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/ehr-admin-cerner.md
This article describes how to set up and configure the Teams EHR connector to in
Before you integrate the Teams EHR connector in your healthcare organization, you must have the following: -- An active subscriptionΓüá to Microsoft Cloud for Healthcare or a subscription to Microsoft Teams EHR connector standalone offer.
+- An active subscription to Microsoft Cloud for Healthcare or a subscription to Microsoft Teams EHR connector standalone offer.
- Users have an appropriate Microsoft 365 or Office 365 license that includes Teams meetings. - Teams is adopted and used in your healthcare organization. - Your systems meet all [software and browser requirements](/microsoftteams/hardware-requirements-for-the-teams-app) for Teams.
frontline Get Up And Running https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/get-up-and-running.md
To create a schedule in Shifts:
1. Go into the app and select **Create a new schedule**. 2. Then select **Add group** to organize the schedule based on job type or location. You can have multiple groups on one schedule. For example, a healthcare organization could have a group for receptionists and a group for nurses.
-3. Select the ellipses (**…**) and then **Rename** to name the group.
+3. Select the ellipses (**...**) and then **Rename** to name the group.
4. To create a shift for a team member, select their row and then select **More options > add shift**. Watch [this video](https://support.microsoft.com/office/create-a-shifts-schedule-2b94ca38-36db-4a1c-8fee-f8f0fec9a984) to learn more about creating schedules in shifts.
frontline Virtual Appointments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/virtual-appointments.md
To learn more, see:
## Teams Electronic Health Record (EHR) connector
-If your healthcare organization uses an EHR system, you can use the Teams EHR connector to integrate Teams for a more seamless virtual care experience. The Teams EHR connector requires an active subscriptionΓüá to Microsoft Cloud for Healthcare or a subscription to Microsoft Teams EHR connector standalone offer.
+If your healthcare organization uses an EHR system, you can use the Teams EHR connector to integrate Teams for a more seamless virtual care experience. The Teams EHR connector requires an active subscription to Microsoft Cloud for Healthcare or a subscription to Microsoft Teams EHR connector standalone offer.
After you set up the Teams EHR connector, clinicians can launch visits with patients and consultations with other providers in Teams directly from the EHR system.
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
+## Week of July 25, 2022
++
+| Published On |Topic title | Change |
+|||--|
+| 7/25/2022 | [Microsoft 365 admin center mailbox usage reports](/microsoft-365/admin/activity-reports/mailbox-usage?view=o365-21vianet) | modified |
+| 7/25/2022 | [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |
+| 7/25/2022 | Turn on protocol recognition for Microsoft Defender Antivirus | removed |
+| 7/26/2022 | [Configure Microsoft 365 user account properties with PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell?view=o365-21vianet) | modified |
+| 7/26/2022 | [Configure and validate exclusions based on extension, name, or location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 7/26/2022 | [Change a Windows 365 Business Cloud PC account type in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-change-cloud-pc-account-type?view=o365-21vianet) | added |
+| 7/26/2022 | [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-21vianet) | modified |
+| 7/26/2022 | [Microsoft 365 Business Premium - Productivity and security](/microsoft-365/business-premium/m365bp-secure-users?view=o365-21vianet) | modified |
+| 7/27/2022 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-21vianet) | modified |
+| 7/27/2022 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |
+| 7/27/2022 | [Microsoft Defender Offline in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-offline?view=o365-21vianet) | modified |
+| 7/27/2022 | [Go to the Action center to view and approve your automated investigation and remediation tasks](/microsoft-365/security/defender/m365d-action-center?view=o365-21vianet) | modified |
+| 7/27/2022 | [Automated investigation and response in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir?view=o365-21vianet) | modified |
+| 7/27/2022 | [User-reported email settings for spam, phish, as malicious mail](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
+| 7/27/2022 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-21vianet) | modified |
+| 7/27/2022 | [Compare device compliance policy settings in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-compare-compliance-policies?view=o365-21vianet) | modified |
+| 7/27/2022 | [Deploy Microsoft 365 Lighthouse baselines](/microsoft-365/lighthouse/m365-lighthouse-deploy-baselines?view=o365-21vianet) | modified |
+| 7/27/2022 | [Manage multifactor authentication in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-mfa?view=o365-21vianet) | modified |
+| 7/27/2022 | [Manage your tenant list in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-tenant-list?view=o365-21vianet) | modified |
+| 7/27/2022 | [Mitigate threats in Microsoft 365 Lighthouse with Microsoft Defender Antivirus](/microsoft-365/lighthouse/m365-lighthouse-mitigate-threats?view=o365-21vianet) | modified |
+| 7/27/2022 | [Overview of Quarantined Messages in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-quarantine-messages-overview?view=o365-21vianet) | modified |
+| 7/27/2022 | [Overview of the Tenants page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-tenants-page-overview?view=o365-21vianet) | modified |
+| 7/27/2022 | [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-21vianet) | modified |
+| 7/28/2022 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-21vianet) | modified |
+| 7/28/2022 | [Detect and Remediate Illicit Consent Grants](/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-21vianet) | modified |
+| 7/28/2022 | [Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/virus-detection-in-spo?view=o365-21vianet) | modified |
+| 7/28/2022 | [Configure a default sensitivity label for a SharePoint document library](/microsoft-365/compliance/sensitivity-labels-sharepoint-default-label?view=o365-21vianet) | added |
+| 7/28/2022 | [Learn about Microsoft Purview Records Management](/microsoft-365/compliance/records-management?view=o365-21vianet) | modified |
+| 7/28/2022 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-21vianet) | modified |
+| 7/29/2022 | [Set up and configure the Moodle LMS plugins](/microsoft-365/lti/moodle-plugin-configuration?view=o365-21vianet) | modified |
+| 7/29/2022 | [Set up and configure the Moodle LMS plugins for Open LMS](/microsoft-365/lti/open-lms-plugin-configuration?view=o365-21vianet) | modified |
+| 7/29/2022 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-21vianet) | modified |
+| 7/29/2022 | [User-reported email settings for spam, phish, as malicious mail](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
+| 7/29/2022 | [Contextual file and folder exclusions](/microsoft-365/security/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 7/29/2022 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-21vianet) | modified |
+| 7/29/2022 | [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-21vianet) | modified |
+| 7/29/2022 | [Trial playbook - Microsoft Defender Vulnerability Management (public preview)](/microsoft-365/security/defender-vulnerability-management/trial-playbook-defender-vulnerability-management?view=o365-21vianet) | modified |
+| 7/29/2022 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-21vianet) | modified |
+| 7/29/2022 | [Anti-malware protection](/microsoft-365/security/office-365-security/anti-malware-protection?view=o365-21vianet) | modified |
++
+## Week of July 18, 2022
++
+| Published On |Topic title | Change |
+|||--|
+| 7/18/2022 | [Understand the Defender Experts for Hunting report in Microsoft 365 Defender](/microsoft-365/security/defender/defender-experts-report?view=o365-21vianet) | added |
+| 7/18/2022 | [Configure privacy settings in Microsoft Whiteboard](/microsoft-365/whiteboard/configure-privacy-settings?view=o365-21vianet) | modified |
+| 7/18/2022 | [Microsoft Purview eDiscovery Graph connectors](/microsoft-365/compliance/ediscovery-graph-connector?view=o365-21vianet) | added |
+| 7/18/2022 | [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |
+| 7/18/2022 | [Microsoft Threat Experts in Microsoft 365 Defender overview](/microsoft-365/security/defender/microsoft-threat-experts?view=o365-21vianet) | modified |
+| 7/18/2022 | [Overview of the eDiscovery (Premium) solution in Microsoft Purview](/microsoft-365/compliance/overview-ediscovery-20?view=o365-21vianet) | modified |
+| 7/18/2022 | [What's new in Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-whats-new?view=o365-21vianet) | modified |
+| 7/19/2022 | [About the Microsoft Defender Vulnerability Management public preview trial](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-trial?view=o365-21vianet) | added |
+| 7/19/2022 | [Trial playbook - Microsoft Defender Vulnerability Management (public preview)](/microsoft-365/security/defender-vulnerability-management/trial-playbook-defender-vulnerability-management?view=o365-21vianet) | added |
+| 7/19/2022 | [Microsoft Defender Vulnerability Management public preview](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management?view=o365-21vianet) | modified |
+| 7/19/2022 | [Prerequisites & permissions for Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-prerequisites?view=o365-21vianet) | modified |
+| 7/19/2022 | [Configure privacy settings in Microsoft Whiteboard](/microsoft-365/whiteboard/configure-privacy-settings?view=o365-21vianet) | modified |
+| 7/19/2022 | [Troubleshoot AuditD performance issues with Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/troubleshoot-auditd-performance-issues?view=o365-21vianet) | added |
+| 7/19/2022 | [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-21vianet) | modified |
+| 7/19/2022 | [User-reported email settings for spam, phish, as malicious mail](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
+| 7/19/2022 | [Use this step-by-step guide to add Autopilot devices and profile](/microsoft-365/business-premium/m365bp-add-autopilot-devices-and-profile?view=o365-21vianet) | modified |
+| 7/19/2022 | [Set app protection settings for Android or iOS devices](/microsoft-365/business-premium/m365bp-app-protection-settings-for-android-and-ios?view=o365-21vianet) | modified |
+| 7/19/2022 | [About Autopilot Profile settings](/microsoft-365/business-premium/m365bp-autopilot-profile-settings?view=o365-21vianet) | modified |
+| 7/19/2022 | [Security defaults and Conditional Access](/microsoft-365/business-premium/m365bp-conditional-access?view=o365-21vianet) | modified |
+| 7/19/2022 | [Create and edit Autopilot devices](/microsoft-365/business-premium/m365bp-create-and-edit-autopilot-devices?view=o365-21vianet) | modified |
+| 7/19/2022 | [Device states](/microsoft-365/business-premium/m365bp-device-states?view=o365-21vianet) | modified |
+| 7/19/2022 | [Install Office apps on all devices in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-install-office-apps?view=o365-21vianet) | modified |
+| 7/19/2022 | [Enable domain-joined Windows 10 devices to be managed by Microsoft 365 for business](/microsoft-365/business-premium/m365bp-manage-windows-devices?view=o365-21vianet) | modified |
+| 7/19/2022 | [How do protection features in Microsoft 365 Business Premium map to Intune settings](/microsoft-365/business-premium/m365bp-map-protection-features-to-intune-settings?view=o365-21vianet) | modified |
+| 7/19/2022 | [Protect unmanaged Windows PCs and Macs in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-protect-pcs-macs?view=o365-21vianet) | modified |
+| 7/19/2022 | [Edit or set application protection settings for Windows devices](/microsoft-365/business-premium/m365bp-protection-settings-for-windows-10-devices?view=o365-21vianet) | modified |
+| 7/19/2022 | [Remove company data from devices](/microsoft-365/business-premium/m365bp-remove-company-data?view=o365-21vianet) | modified |
+| 7/19/2022 | [Reset Windows devices to their factory settings](/microsoft-365/business-premium/m365bp-reset-devices-to-factory-settings?view=o365-21vianet) | modified |
+| 7/19/2022 | [Secure Windows devices](/microsoft-365/business-premium/m365bp-secure-windows-devices?view=o365-21vianet) | modified |
+| 7/19/2022 | [A security operations guide for Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-incident-quick-start?view=o365-21vianet) | modified |
+| 7/19/2022 | [Validate app protection settings on Android or iOS devices](/microsoft-365/business-premium/m365bp-validate-settings-on-android-or-ios?view=o365-21vianet) | modified |
+| 7/20/2022 | [Microsoft Defender Vulnerability Management frequently asked questions](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-faq?view=o365-21vianet) | added |
+| 7/20/2022 | [Sign up for Microsoft 365 Business Premium](/microsoft-365/business-premium/get-microsoft-365-business-premium?view=o365-21vianet) | modified |
+| 7/20/2022 | [Set up Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-setup?view=o365-21vianet) | modified |
+| 7/20/2022 | [Labeling actions reported in Activity explorer](/microsoft-365/compliance/data-classification-activity-explorer-available-events?view=o365-21vianet) | modified |
+| 7/20/2022 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-21vianet) | modified |
+| 7/21/2022 | [Integrate Microsoft Teams classes and meetings LTI apps with Desire2Learn Brightspace LMS](/microsoft-365/lti/teams-classes-meetings-with-brightspace?view=o365-21vianet) | added |
+| 7/21/2022 | [An overview of Microsoft LTI apps](/microsoft-365/lti/index?view=o365-21vianet) | modified |
+| 7/21/2022 | [Integrate Microsoft Teams classes and meetings with Open LMS](/microsoft-365/lti/open-lms-teams-classes-and-meetings?view=o365-21vianet) | modified |
+| 7/21/2022 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-21vianet) | modified |
+| 7/21/2022 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-21vianet) | modified |
+| 7/21/2022 | [Set preferences for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-21vianet) | modified |
+| 7/21/2022 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-21vianet) | modified |
+| 7/21/2022 | [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-21vianet) | modified |
+| 7/21/2022 | [Incident response with Microsoft 365 Defender](/microsoft-365/security/defender/incidents-overview?view=o365-21vianet) | modified |
+| 7/21/2022 | [Manage submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
+| 7/21/2022 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |
+| 7/21/2022 | [Japan My Number - Personal entity definition](/microsoft-365/compliance/sit-defn-japan-my-number-personal?view=o365-21vianet) | added |
+| 7/21/2022 | [Japan passport number entity definition](/microsoft-365/compliance/sit-defn-japan-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Japan residence card number entity definition](/microsoft-365/compliance/sit-defn-japan-residence-card-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Japan resident registration number entity definition](/microsoft-365/compliance/sit-defn-japan-resident-registration-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Japan social insurance number (SIN) entity definition](/microsoft-365/compliance/sit-defn-japan-social-insurance-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Lab test terms entity definition](/microsoft-365/compliance/sit-defn-lab-test-terms?view=o365-21vianet) | added |
+| 7/21/2022 | [Latvia drivers license number terms entity definition](/microsoft-365/compliance/sit-defn-latvia-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Latvia passport number terms entity definition](/microsoft-365/compliance/sit-defn-latvia-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Latvia personal code entity definition](/microsoft-365/compliance/sit-defn-latvia-personal-code?view=o365-21vianet) | added |
+| 7/21/2022 | [Latvia physical addresses entity definition](/microsoft-365/compliance/sit-defn-latvia-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Liechtenstein physical addresses entity definition](/microsoft-365/compliance/sit-defn-liechtenstein-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Lifestyles that relate to medical conditions entity definition](/microsoft-365/compliance/sit-defn-lifestyles-relate-to-medical-conditions?view=o365-21vianet) | added |
+| 7/21/2022 | [Lithuania drivers license number entity definition](/microsoft-365/compliance/sit-defn-lithuania-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Lithuania passport number entity definition](/microsoft-365/compliance/sit-defn-lithuania-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Lithuania personal code entity definition](/microsoft-365/compliance/sit-defn-lithuania-personal-code?view=o365-21vianet) | added |
+| 7/21/2022 | [Lithuania physical addresses entity definition](/microsoft-365/compliance/sit-defn-lithuania-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Luxemburg drivers license number entity definition](/microsoft-365/compliance/sit-defn-luxemburg-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Luxemburg national identification number (natural persons) entity definition](/microsoft-365/compliance/sit-defn-luxemburg-national-identification-number-natural-persons?view=o365-21vianet) | added |
+| 7/21/2022 | [Luxemburg national identification number (non-natural persons) entity definition](/microsoft-365/compliance/sit-defn-luxemburg-national-identification-number-non-natural-persons?view=o365-21vianet) | added |
+| 7/21/2022 | [Luxemburg passport number entity definition](/microsoft-365/compliance/sit-defn-luxemburg-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Luxemburg physical addresses entity definition](/microsoft-365/compliance/sit-defn-luxemburg-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Malaysia identification card number entity definition](/microsoft-365/compliance/sit-defn-malaysia-identification-card-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Malta drivers license number entity definition](/microsoft-365/compliance/sit-defn-malta-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Malta identity card number entity definition](/microsoft-365/compliance/sit-defn-malta-identity-card-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Malta passport number entity definition](/microsoft-365/compliance/sit-defn-malta-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Malta physical addresses entity definition](/microsoft-365/compliance/sit-defn-malta-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Malta tax identification number entity definition](/microsoft-365/compliance/sit-defn-malta-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Medical specialities entity definition](/microsoft-365/compliance/sit-defn-medical-specialities?view=o365-21vianet) | added |
+| 7/21/2022 | [Medicare Beneficiary Identifier (MBI) card entity definition](/microsoft-365/compliance/sit-defn-medicare-beneficiary-identifier-card?view=o365-21vianet) | added |
+| 7/21/2022 | [Mexico Unique Population Registry Code (CURP) entity definition](/microsoft-365/compliance/sit-defn-mexico-unique-population-registry-code?view=o365-21vianet) | added |
+| 7/21/2022 | [Microsoft Bing maps key entity definition (preview)](/microsoft-365/compliance/sit-defn-microsoft-bing-maps-key?view=o365-21vianet) | added |
+| 7/21/2022 | [Netherlands citizens service (BSN) number entity definition](/microsoft-365/compliance/sit-defn-netherlands-citizens-service-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Netherlands drivers license number entity definition](/microsoft-365/compliance/sit-defn-netherlands-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Netherlands passport number entity definition](/microsoft-365/compliance/sit-defn-netherlands-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Netherlands physical addresses entity definition](/microsoft-365/compliance/sit-defn-netherlands-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Netherlands tax identification number entity definition](/microsoft-365/compliance/sit-defn-netherlands-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Netherlands value added tax number entity definition](/microsoft-365/compliance/sit-defn-netherlands-value-added-tax-number?view=o365-21vianet) | added |
+| 7/21/2022 | [New Zealand bank account number entity definition](/microsoft-365/compliance/sit-defn-new-zealand-bank-account-number?view=o365-21vianet) | added |
+| 7/21/2022 | [New Zealand drivers license number entity definition](/microsoft-365/compliance/sit-defn-new-zealand-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [New Zealand inland revenue number entity definition](/microsoft-365/compliance/sit-defn-new-zealand-inland-revenue-number?view=o365-21vianet) | added |
+| 7/21/2022 | [New Zealand ministry of health number entity definition](/microsoft-365/compliance/sit-defn-new-zealand-ministry-of-health-number?view=o365-21vianet) | added |
+| 7/21/2022 | [New Zealand physical addresses entity definition](/microsoft-365/compliance/sit-defn-new-zealand-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [New Zealand social welfare number entity definition](/microsoft-365/compliance/sit-defn-new-zealand-social-welfare-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Norway identification number entity definition](/microsoft-365/compliance/sit-defn-norway-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Norway physical addresses entity definition](/microsoft-365/compliance/sit-defn-norway-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Philippines unified multi-purpose identification number entity definition](/microsoft-365/compliance/sit-defn-philippines-unified-multi-purpose-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Poland drivers license number entity definition](/microsoft-365/compliance/sit-defn-poland-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Poland identity card entity definition](/microsoft-365/compliance/sit-defn-poland-identity-card?view=o365-21vianet) | added |
+| 7/21/2022 | [Poland national ID (PESEL) entity definition](/microsoft-365/compliance/sit-defn-poland-national-id?view=o365-21vianet) | added |
+| 7/21/2022 | [Poland passport number entity definition](/microsoft-365/compliance/sit-defn-poland-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Poland physical addresses entity definition](/microsoft-365/compliance/sit-defn-poland-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Poland REGON number entity definition](/microsoft-365/compliance/sit-defn-poland-regon-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Poland tax identification number entity definition](/microsoft-365/compliance/sit-defn-poland-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Portugal citizen card number entity definition](/microsoft-365/compliance/sit-defn-portugal-citizen-card-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Portugal drivers license number entity definition](/microsoft-365/compliance/sit-defn-portugal-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Portugal passport number entity definition](/microsoft-365/compliance/sit-defn-portugal-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Portugal physical addresses entity definition](/microsoft-365/compliance/sit-defn-portugal-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Portugal tax identification number entity definition](/microsoft-365/compliance/sit-defn-portugal-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Romania drivers license number entity definition](/microsoft-365/compliance/sit-defn-romania-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Romania passport number entity definition](/microsoft-365/compliance/sit-defn-romania-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Romania personal numeric code (CNP) entity definition](/microsoft-365/compliance/sit-defn-romania-personal-numeric-code?view=o365-21vianet) | added |
+| 7/21/2022 | [Romania physical addresses entity definition](/microsoft-365/compliance/sit-defn-romania-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Russia passport number domestic entity definition](/microsoft-365/compliance/sit-defn-russia-passport-number-domestic?view=o365-21vianet) | added |
+| 7/21/2022 | [Russia passport number international entity definition](/microsoft-365/compliance/sit-defn-russia-passport-number-international?view=o365-21vianet) | added |
+| 7/21/2022 | [Saudi Arabia National ID entity definition](/microsoft-365/compliance/sit-defn-saudi-arabia-national-id?view=o365-21vianet) | added |
+| 7/21/2022 | [Singapore national registration identity card (NRIC) number entity definition](/microsoft-365/compliance/sit-defn-singapore-national-registration-identity-card-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Slack access token entity definition (preview)](/microsoft-365/compliance/sit-defn-slack-access-token?view=o365-21vianet) | added |
+| 7/21/2022 | [Slovakia drivers license number entity definition](/microsoft-365/compliance/sit-defn-slovakia-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Slovakia passport number entity definition](/microsoft-365/compliance/sit-defn-slovakia-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Slovakia personal number entity definition](/microsoft-365/compliance/sit-defn-slovakia-personal-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Slovakia physical addresses entity definition](/microsoft-365/compliance/sit-defn-slovakia-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Slovenia drivers license number entity definition](/microsoft-365/compliance/sit-defn-slovenia-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Slovenia passport number entity definition](/microsoft-365/compliance/sit-defn-slovenia-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Slovenia physical addresses entity definition](/microsoft-365/compliance/sit-defn-slovenia-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Slovenia tax identification number entity definition](/microsoft-365/compliance/sit-defn-slovenia-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Slovenia Unique Master Citizen Number entity definition](/microsoft-365/compliance/sit-defn-slovenia-unique-master-citizen-number?view=o365-21vianet) | added |
+| 7/21/2022 | [South Africa identification number entity definition](/microsoft-365/compliance/sit-defn-south-africa-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [South Korea resident registration number entity definition](/microsoft-365/compliance/sit-defn-south-korea-resident-registration-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Spain DNI entity definition](/microsoft-365/compliance/sit-defn-spain-dni?view=o365-21vianet) | added |
+| 7/21/2022 | [Spain drivers license number entity definition](/microsoft-365/compliance/sit-defn-spain-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Spain passport number entity definition](/microsoft-365/compliance/sit-defn-spain-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Spain physical addresses entity definition](/microsoft-365/compliance/sit-defn-spain-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Spain social security number (SSN) entity definition](/microsoft-365/compliance/sit-defn-spain-social-security-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Spain tax identification number entity definition](/microsoft-365/compliance/sit-defn-spain-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [SQL Server connection string entity definition](/microsoft-365/compliance/sit-defn-sql-server-connection-string?view=o365-21vianet) | added |
+| 7/21/2022 | [Surgical procedures entity definition](/microsoft-365/compliance/sit-defn-surgical-procedures?view=o365-21vianet) | added |
+| 7/21/2022 | [Sweden drivers license number entity definition](/microsoft-365/compliance/sit-defn-sweden-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Sweden national ID entity definition](/microsoft-365/compliance/sit-defn-sweden-national-id?view=o365-21vianet) | added |
+| 7/21/2022 | [Sweden passport number entity definition](/microsoft-365/compliance/sit-defn-sweden-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Sweden physical addresses entity definition](/microsoft-365/compliance/sit-defn-sweden-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Sweden tax identification number entity definition](/microsoft-365/compliance/sit-defn-sweden-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [SWIFT code entity definition](/microsoft-365/compliance/sit-defn-swift-code?view=o365-21vianet) | added |
+| 7/21/2022 | [Switzerland physical addresses entity definition](/microsoft-365/compliance/sit-defn-switzerland-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Switzerland SSN AHV number entity definition](/microsoft-365/compliance/sit-defn-switzerland-ssn-ahv-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Taiwan national identification number entity definition](/microsoft-365/compliance/sit-defn-taiwan-national-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Taiwan passport number entity definition](/microsoft-365/compliance/sit-defn-taiwan-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Taiwan-resident certificate (ARC/TARC) number entity definition](/microsoft-365/compliance/sit-defn-taiwan-resident-certificate-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Thai population identification code entity definition](/microsoft-365/compliance/sit-defn-thai-population-identification-code?view=o365-21vianet) | added |
+| 7/21/2022 | [Turkey national identification number entity definition](/microsoft-365/compliance/sit-defn-turkey-national-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Turkey physical addresses entity definition](/microsoft-365/compliance/sit-defn-turkey-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Types of medication entity definition](/microsoft-365/compliance/sit-defn-types-of-medication?view=o365-21vianet) | added |
+| 7/21/2022 | [U.K. drivers license number entity definition](/microsoft-365/compliance/sit-defn-uk-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [U.K. electoral roll number entity definition](/microsoft-365/compliance/sit-defn-uk-electoral-roll-number?view=o365-21vianet) | added |
+| 7/21/2022 | [U.K. national health service number entity definition](/microsoft-365/compliance/sit-defn-uk-national-health-service-number?view=o365-21vianet) | added |
+| 7/21/2022 | [U.K. national insurance number (NINO) entity definition](/microsoft-365/compliance/sit-defn-uk-national-insurance-number?view=o365-21vianet) | added |
+| 7/21/2022 | [U.K. physical addresses entity definition](/microsoft-365/compliance/sit-defn-uk-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [U.K. Unique Taxpayer Reference Number entity definition](/microsoft-365/compliance/sit-defn-uk-unique-taxpayer-reference-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Ukraine passport domestic entity definition](/microsoft-365/compliance/sit-defn-ukraine-passport-domestic?view=o365-21vianet) | added |
+| 7/21/2022 | [Ukraine passport international entity definition](/microsoft-365/compliance/sit-defn-ukraine-passport-international?view=o365-21vianet) | added |
+| 7/21/2022 | [U.S. bank account number entity definition](/microsoft-365/compliance/sit-defn-us-bank-account-number?view=o365-21vianet) | added |
+| 7/21/2022 | [U.S. drivers license number entity definition](/microsoft-365/compliance/sit-defn-us-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [U.S. individual taxpayer identification number (ITIN) entity definition](/microsoft-365/compliance/sit-defn-us-individual-taxpayer-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [U.S. physical addresses entity definition](/microsoft-365/compliance/sit-defn-us-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [U.S. social security number (SSN) entity definition](/microsoft-365/compliance/sit-defn-us-social-security-number?view=o365-21vianet) | added |
+| 7/21/2022 | [U.S./U.K. passport number entity definition](/microsoft-365/compliance/sit-defn-us-uk-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [User login credentials entity definition (preview)](/microsoft-365/compliance/sit-defn-user-login-credentials?view=o365-21vianet) | added |
+| 7/21/2022 | [X.509 certificate private key entity definition (preview)](/microsoft-365/compliance/sit-defn-x-509-certificate-private-key?view=o365-21vianet) | added |
+| 7/21/2022 | [EU Tax identification number entity definition](/microsoft-365/compliance/sit-defn-eu-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Finland drivers license number entity definition](/microsoft-365/compliance/sit-defn-finland-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Finland european health insurance number entity definition](/microsoft-365/compliance/sit-defn-finland-european-health-insurance-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Finland national ID entity definition](/microsoft-365/compliance/sit-defn-finland-national-id?view=o365-21vianet) | added |
+| 7/21/2022 | [Finland passport number entity definition](/microsoft-365/compliance/sit-defn-finland-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Finland physical addresses entity definition](/microsoft-365/compliance/sit-defn-finland-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [France drivers license number entity definition](/microsoft-365/compliance/sit-defn-france-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [France health insurance number entity definition](/microsoft-365/compliance/sit-defn-france-health-insurance-number?view=o365-21vianet) | added |
+| 7/21/2022 | [France national id card (CNI) entity definition](/microsoft-365/compliance/sit-defn-france-national-id-card?view=o365-21vianet) | added |
+| 7/21/2022 | [France passport number entity definition](/microsoft-365/compliance/sit-defn-france-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [France physical addresses entity definition](/microsoft-365/compliance/sit-defn-france-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [France social security number entity definition](/microsoft-365/compliance/sit-defn-france-social-security-number?view=o365-21vianet) | added |
+| 7/21/2022 | [France tax identification number entity definition](/microsoft-365/compliance/sit-defn-france-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [France value added tax number entity definition](/microsoft-365/compliance/sit-defn-france-value-added-tax-number?view=o365-21vianet) | added |
+| 7/21/2022 | [General password entity definition (preview)](/microsoft-365/compliance/sit-defn-general-password?view=o365-21vianet) | added |
+| 7/21/2022 | [General Symmetric key entity definition (preview)](/microsoft-365/compliance/sit-defn-general-symmetric-key?view=o365-21vianet) | added |
+| 7/21/2022 | [Generic medication names entity definition](/microsoft-365/compliance/sit-defn-generic-medication-names?view=o365-21vianet) | added |
+| 7/21/2022 | [Germany drivers license number entity definition](/microsoft-365/compliance/sit-defn-germany-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Germany identity card number entity definition](/microsoft-365/compliance/sit-defn-germany-identity-card-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Germany passport number entity definition](/microsoft-365/compliance/sit-defn-germany-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Germany physical addresses entity definition](/microsoft-365/compliance/sit-defn-germany-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Germany tax identification number entity definition](/microsoft-365/compliance/sit-defn-germany-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Germany value added tax number entity definition](/microsoft-365/compliance/sit-defn-germany-value-added-tax-number?view=o365-21vianet) | added |
+| 7/21/2022 | [GitHub personal access token entity definition (preview)](/microsoft-365/compliance/sit-defn-github-personal-access-token?view=o365-21vianet) | added |
+| 7/21/2022 | [Google API key entity definition (preview)](/microsoft-365/compliance/sit-defn-google-api-key?view=o365-21vianet) | added |
+| 7/21/2022 | [Greece drivers license number entity definition](/microsoft-365/compliance/sit-defn-greece-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Greece national ID card entity definition](/microsoft-365/compliance/sit-defn-greece-national-id-card?view=o365-21vianet) | added |
+| 7/21/2022 | [Greece passport number entity definition](/microsoft-365/compliance/sit-defn-greece-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Greece physical addresses entity definition](/microsoft-365/compliance/sit-defn-greece-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Greece Social Security Number (AMKA) entity definition](/microsoft-365/compliance/sit-defn-greece-social-security-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Greece tax identification number entity definition](/microsoft-365/compliance/sit-defn-greece-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Hong Kong identity card (HKID) number entity definition](/microsoft-365/compliance/sit-defn-hong-kong-identity-card-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Http authorization header entity definition (preview)](/microsoft-365/compliance/sit-defn-http-authorization-header?view=o365-21vianet) | added |
+| 7/21/2022 | [Hungary drivers license number entity definition](/microsoft-365/compliance/sit-defn-hungary-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Hungary passport number entity definition](/microsoft-365/compliance/sit-defn-hungary-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Hungary personal identification number entity definition](/microsoft-365/compliance/sit-defn-hungary-personal-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Hungary physical addresses entity definition](/microsoft-365/compliance/sit-defn-hungary-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Hungary social security number (TAJ) entity definition](/microsoft-365/compliance/sit-defn-hungary-social-security-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Hungary tax identification number entity definition](/microsoft-365/compliance/sit-defn-hungary-tax-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Hungary value added tax number entity definition](/microsoft-365/compliance/sit-defn-hungary-value-added-tax-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Iceland physical addresses entity definition](/microsoft-365/compliance/sit-defn-iceland-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Impairments Listed In The U.S. Disability Evaluation Under Social Security entity definition](/microsoft-365/compliance/sit-defn-impairments-us-disability-evaluation-under-social-security?view=o365-21vianet) | added |
+| 7/21/2022 | [India Drivers License Number entity definition](/microsoft-365/compliance/sit-defn-india-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [India GST Number entity definition](/microsoft-365/compliance/sit-defn-india-gst-number?view=o365-21vianet) | added |
+| 7/21/2022 | [India permanent account number (PAN) entity definition](/microsoft-365/compliance/sit-defn-india-permanent-account-number?view=o365-21vianet) | added |
+| 7/21/2022 | [India unique identification (Aadhaar) number entity definition](/microsoft-365/compliance/sit-defn-india-unique-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [India Voter Id Card entity definition](/microsoft-365/compliance/sit-defn-india-voter-id-card?view=o365-21vianet) | added |
+| 7/21/2022 | [Indonesia identity card (KTP) number entity definition](/microsoft-365/compliance/sit-defn-indonesia-identity-card-number?view=o365-21vianet) | added |
+| 7/21/2022 | [International banking account number (IBAN) entity definition](/microsoft-365/compliance/sit-defn-international-banking-account-number?view=o365-21vianet) | added |
+| 7/21/2022 | [International classification of diseases (ICD-10-CM) entity definition](/microsoft-365/compliance/sit-defn-international-classification-of-diseases-icd-10-cm?view=o365-21vianet) | added |
+| 7/21/2022 | [International classification of diseases (ICD-9-CM) entity definition](/microsoft-365/compliance/sit-defn-international-classification-of-diseases-icd-9-cm?view=o365-21vianet) | added |
+| 7/21/2022 | [IP address v4 entity definition](/microsoft-365/compliance/sit-defn-ip-address-v4?view=o365-21vianet) | added |
+| 7/21/2022 | [IP address v6 entity definition](/microsoft-365/compliance/sit-defn-ip-address-v6?view=o365-21vianet) | added |
+| 7/21/2022 | [IP address entity definition](/microsoft-365/compliance/sit-defn-ip-address?view=o365-21vianet) | added |
+| 7/21/2022 | [Ireland drivers license number entity definition](/microsoft-365/compliance/sit-defn-ireland-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Ireland passport number entity definition](/microsoft-365/compliance/sit-defn-ireland-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Ireland personal public service (PPS) number entity definition](/microsoft-365/compliance/sit-defn-ireland-personal-public-service-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Ireland physical addresses entity definition](/microsoft-365/compliance/sit-defn-ireland-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Israel bank account number entity definition](/microsoft-365/compliance/sit-defn-israel-bank-account-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Israel national identification number entity definition](/microsoft-365/compliance/sit-defn-israel-national-identification-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Italy drivers license number entity definition](/microsoft-365/compliance/sit-defn-italy-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Italy fiscal code entity definition](/microsoft-365/compliance/sit-defn-italy-fiscal-code?view=o365-21vianet) | added |
+| 7/21/2022 | [Italy passport number entity definition](/microsoft-365/compliance/sit-defn-italy-passport-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Italy physical addresses entity definition](/microsoft-365/compliance/sit-defn-italy-physical-addresses?view=o365-21vianet) | added |
+| 7/21/2022 | [Italy value added tax number entity definition](/microsoft-365/compliance/sit-defn-italy-value-added-tax-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Japan bank account number entity definition](/microsoft-365/compliance/sit-defn-japan-bank-account-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Japan drivers license number entity definition](/microsoft-365/compliance/sit-defn-japan-drivers-license-number?view=o365-21vianet) | added |
+| 7/21/2022 | [Japan My Number - Corporate entity definition](/microsoft-365/compliance/sit-defn-japan-my-number-corporate?view=o365-21vianet) | added |
+| 7/21/2022 | [Create notifications for exact data match activities](/microsoft-365/compliance/sit-edm-notifications-activities?view=o365-21vianet) | modified |
+| 7/22/2022 | [Apply encryption using sensitivity labels](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-21vianet) | modified |
+| 7/22/2022 | [Onboard devices without Internet access to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-offline-machines?view=o365-21vianet) | modified |
++ ## Week of July 11, 2022
| 7/2/2022 | [Login pages in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-login-pages?view=o365-21vianet) | modified | | 7/2/2022 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-21vianet) | modified | | 7/2/2022 | [Simulate a phishing attack with Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-21vianet) | modified |--
-## Week of June 20, 2022
--
-| Published On |Topic title | Change |
-|||--|
-| 6/20/2022 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |
-| 6/20/2022 | [Customize and publish your booking page](/microsoft-365/bookings/customize-booking-page?view=o365-21vianet) | modified |
-| 6/20/2022 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |
-| 6/20/2022 | [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-21vianet) | modified |
-| 6/20/2022 | [Microsoft Purview solution catalog](/microsoft-365/compliance/microsoft-365-solution-catalog?view=o365-21vianet) | modified |
-| 6/20/2022 | [Stream Microsoft 365 Defender events to Azure Event Hubs](/microsoft-365/security/defender/streaming-api-event-hub?view=o365-21vianet) | modified |
-| 6/21/2022 | [Microsoft Defender for Business and MSP resources](/microsoft-365/security/defender-business/mdb-partners?view=o365-21vianet) | added |
-| 6/21/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 6/21/2022 | [Add-in deployment email alerts](/microsoft-365/admin/manage/add-in-deployment-email-alerts?view=o365-21vianet) | added |
-| 6/21/2022 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-21vianet) | modified |
-| 6/21/2022 | [Microsoft Purview solution catalog](/microsoft-365/compliance/microsoft-365-solution-catalog?view=o365-21vianet) | modified |
-| 6/21/2022 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-21vianet) | modified |
-| 6/21/2022 | [Allow or block emails using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/allow-block-email-spoof?view=o365-21vianet) | modified |
-| 6/21/2022 | [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/manage-tenant-allow-block-list?view=o365-21vianet) | modified |
-| 6/21/2022 | [Set up Customer Key](/microsoft-365/compliance/customer-key-set-up?view=o365-21vianet) | modified |
-| 6/21/2022 | [Setup guides for Microsoft 365 and Office 365 services](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-21vianet) | modified |
-| 6/22/2022 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) | modified |
-| 6/22/2022 | [Anti-malware protection](/microsoft-365/security/office-365-security/anti-malware-protection?view=o365-21vianet) | modified |
-| 6/22/2022 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |
-| 6/22/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |
-| 6/22/2022 | [Communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-21vianet) | modified |
-| 6/22/2022 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) | modified |
-| 6/22/2022 | [Use sensitivity labels to configure the default sharing link type](/microsoft-365/compliance/sensitivity-labels-default-sharing-link?view=o365-21vianet) | modified |
-| 6/22/2022 | [Web content filtering](/microsoft-365/security/defender-endpoint/web-content-filtering?view=o365-21vianet) | modified |
-| 6/22/2022 | [Manage submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
-| 6/22/2022 | [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-21vianet) | modified |
-| 6/22/2022 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-21vianet) | modified |
-| 6/22/2022 | [Allow or block emails using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/allow-block-email-spoof?view=o365-21vianet) | modified |
-| 6/22/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 6/22/2022 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-21vianet) | modified |
-| 6/23/2022 | [Export software vulnerabilities assessment per device](/microsoft-365/security/defender-endpoint/get-assessment-software-vulnerabilities?view=o365-21vianet) | modified |
-| 6/23/2022 | [Vulnerabilities in my organization](/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses?view=o365-21vianet) | modified |
-| 6/23/2022 | [Identify the available PowerShell cmdlets for retention](/microsoft-365/compliance/retention-cmdlets?view=o365-21vianet) | added |
-| 6/23/2022 | [Create and edit Autopilot profiles](/microsoft-365/business-premium/create-and-edit-autopilot-profiles?view=o365-21vianet) | modified |
-| 6/23/2022 | [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-21vianet) | modified |
-| 6/23/2022 | [Use this step-by-step guide to add Autopilot devices and profile](/microsoft-365/business-premium/m365bp-add-autopilot-devices-and-profile?view=o365-21vianet) | modified |
-| 6/23/2022 | [Add a new user to your network and systems](/microsoft-365/business-premium/m365bp-add-users?view=o365-21vianet) | modified |
-| 6/23/2022 | [Set app protection settings for Android or iOS devices](/microsoft-365/business-premium/m365bp-app-protection-settings-for-android-and-ios?view=o365-21vianet) | modified |
-| 6/23/2022 | [About Autopilot Profile settings](/microsoft-365/business-premium/m365bp-autopilot-profile-settings?view=o365-21vianet) | modified |
-| 6/23/2022 | [Create and edit Autopilot devices](/microsoft-365/business-premium/m365bp-create-and-edit-autopilot-devices?view=o365-21vianet) | modified |
-| 6/23/2022 | [Working with device groups in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-device-groups-mdb?view=o365-21vianet) | modified |
-| 6/23/2022 | [Enable domain-joined Windows 10 devices to be managed by Microsoft 365 for business](/microsoft-365/business-premium/m365bp-manage-windows-devices?view=o365-21vianet) | modified |
-| 6/23/2022 | [Set up managed devices](/microsoft-365/business-premium/m365bp-managed-devices-setup?view=o365-21vianet) | modified |
-| 6/23/2022 | [How do protection features in Microsoft 365 Business Premium map to Intune settings](/microsoft-365/business-premium/m365bp-map-protection-features-to-intune-settings?view=o365-21vianet) | modified |
-| 6/23/2022 | [Edit or set application protection settings for Windows devices](/microsoft-365/business-premium/m365bp-protection-settings-for-windows-10-devices?view=o365-21vianet) | modified |
-| 6/23/2022 | [Remove company data from devices](/microsoft-365/business-premium/m365bp-remove-company-data?view=o365-21vianet) | modified |
-| 6/23/2022 | [Reset passwords](/microsoft-365/business-premium/m365bp-reset-passwords?view=o365-21vianet) | modified |
-| 6/23/2022 | [Review detected threats on devices and take action](/microsoft-365/business-premium/m365bp-review-threats-take-action?view=o365-21vianet) | modified |
-| 6/23/2022 | [Validate app protection settings on Android or iOS devices](/microsoft-365/business-premium/m365bp-validate-settings-on-android-or-ios?view=o365-21vianet) | modified |
-| 6/23/2022 | [Validate app protection settings for Windows 10 PCs](/microsoft-365/business-premium/m365bp-validate-settings-on-windows-10-pcs?view=o365-21vianet) | modified |
-| 6/23/2022 | [Microsoft 365 Business Premium frequently asked questions](/microsoft-365/business-premium/microsoft-365-business-faqs?view=o365-21vianet) | modified |
-| 6/23/2022 | [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-21vianet) | modified |
-| 6/23/2022 | [Schedule Microsoft Defender Antivirus protection updates](/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 6/23/2022 | [Contextual file and folder exclusions](/microsoft-365/security/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | added |
-| 6/23/2022 | Glossary of terms | removed |
-| 6/23/2022 | [Use DLP policies for non-Microsoft cloud apps](/microsoft-365/compliance/dlp-use-policies-non-microsoft-cloud-apps?view=o365-21vianet) | modified |
-| 6/23/2022 | [What's new in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365?view=o365-21vianet) | modified |
-| 6/23/2022 | [Sign up for Microsoft 365 Business Premium](/microsoft-365/business-premium/get-microsoft-365-business-premium?view=o365-21vianet) | modified |
-| 6/23/2022 | [Double Key Encryption (DKE)](/microsoft-365/compliance/double-key-encryption?view=o365-21vianet) | modified |
-| 6/23/2022 | [Learn about the default labels and policies to protect your data](/microsoft-365/compliance/mip-easy-trials?view=o365-21vianet) | modified |
-| 6/24/2022 | [Host firewall reporting in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/host-firewall-reporting?view=o365-21vianet) | modified |
-| 6/24/2022 | [Manage submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
-| 6/24/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |
-| 6/24/2022 | [Assign licenses to users in the Microsoft 365 admin center](/microsoft-365/admin/manage/assign-licenses-to-users?view=o365-21vianet) | modified |
-| 6/24/2022 | [Unassign licenses from users](/microsoft-365/admin/manage/remove-licenses-from-users?view=o365-21vianet) | modified |
-| 6/24/2022 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-21vianet) | modified |
--
-## Week of June 13, 2022
--
-| Published On |Topic title | Change |
-|||--|
-| 6/13/2022 | [Investigate data loss incidents with Microsoft 365 Defender](/microsoft-365/security/defender/investigate-dlp?view=o365-21vianet) | added |
-| 6/13/2022 | [Microsoft Defender for Cloud Apps in Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps?view=o365-21vianet) | added |
-| 6/13/2022 | [Microsoft 365 Defender streaming event types supported in Event Streaming API](/microsoft-365/security/defender/supported-event-types?view=o365-21vianet) | modified |
-| 6/13/2022 | [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |
-| 6/14/2022 | [Manage submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
-| 6/14/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |
-| 6/14/2022 | [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
-| 6/14/2022 | [Add a new user to your network and systems](/microsoft-365/business-premium/m365bp-add-users?view=o365-21vianet) | added |
-| 6/14/2022 | [Reset passwords](/microsoft-365/business-premium/m365bp-reset-passwords?view=o365-21vianet) | added |
-| 6/14/2022 | [Audit new search](/microsoft-365/compliance/audit-new-search?view=o365-21vianet) | added |
-| 6/14/2022 | [Security incident management](/microsoft-365/business-premium/m365bp-security-incident-management?view=o365-21vianet) | modified |
-| 6/14/2022 | [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-21vianet) | modified |
-| 6/14/2022 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-21vianet) | modified |
-| 6/14/2022 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |
-| 6/14/2022 | [Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/purview-compliance?view=o365-21vianet) | added |
-| 6/15/2022 | [Compare Microsoft Defender for Endpoint plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |
-| 6/15/2022 | [Partner access through Microsoft Defender for Endpoint APIs](/microsoft-365/security/defender-endpoint/exposed-apis-create-app-partners?view=o365-21vianet) | modified |
-| 6/15/2022 | [Create an app to access Microsoft Defender for Endpoint without a user](/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-21vianet) | modified |
-| 6/15/2022 | [Create an app to access Microsoft 365 Defender APIs on behalf of a user](/microsoft-365/security/defender/api-create-app-user-context?view=o365-21vianet) | modified |
-| 6/15/2022 | [Create an app to access Microsoft 365 Defender without a user](/microsoft-365/security/defender/api-create-app-web?view=o365-21vianet) | modified |
-| 6/15/2022 | [Partner access through Microsoft 365 Defender APIs](/microsoft-365/security/defender/api-partner-access?view=o365-21vianet) | modified |
-| 6/15/2022 | [Automatically apply a retention label](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-21vianet) | modified |
-| 6/15/2022 | [Learn about trainable classifiers](/microsoft-365/compliance/classifier-learn-about?view=o365-21vianet) | modified |
-| 6/15/2022 | [Learn about assessment templates in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates?view=o365-21vianet) | modified |
-| 6/15/2022 | [Network connectivity in the Microsoft 365 Admin Center](/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-21vianet) | modified |
-| 6/15/2022 | [Anti-malware protection](/microsoft-365/security/office-365-security/anti-malware-protection?view=o365-21vianet) | modified |
-| 6/15/2022 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies?view=o365-21vianet) | modified |
-| 6/15/2022 | [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop?view=o365-21vianet) | modified |
-| 6/15/2022 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/configure-mdo-anti-phishing-policies?view=o365-21vianet) | modified |
-| 6/15/2022 | [Configure outbound spam filtering](/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-21vianet) | modified |
-| 6/15/2022 | [Configure spam filter policies](/microsoft-365/security/office-365-security/configure-your-spam-filter-policies?view=o365-21vianet) | modified |
-| 6/15/2022 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-21vianet) | modified |
-| 6/15/2022 | [Safe Attachments](/microsoft-365/security/office-365-security/safe-attachments?view=o365-21vianet) | modified |
-| 6/15/2022 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |
-| 6/15/2022 | [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-safe-attachments-policies?view=o365-21vianet) | modified |
-| 6/15/2022 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-safe-links-policies?view=o365-21vianet) | modified |
-| 6/16/2022 | [Request to change access level](/microsoft-365/test-base/accesslevel?view=o365-21vianet) | added |
-| 6/16/2022 | [Admin training video library # < 60 chars](/microsoft-365/admin/admin-video-library?view=o365-21vianet) | modified |
-| 6/16/2022 | [Common mistakes to avoid when defining exclusions](/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 6/16/2022 | [Microsoft Defender Antivirus Virtual Desktop Infrastructure deployment guide](/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 6/16/2022 | [Protect your organization's data with device control](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-21vianet) | modified |
-| 6/16/2022 | [Microsoft Defender for Business Premium trial playbook](/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium?view=o365-21vianet) | modified |
-| 6/16/2022 | [Use Office 365 Content Delivery Network (CDN) with SharePoint Online](/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo?view=o365-21vianet) | modified |
-| 6/16/2022 | [Compare Microsoft Defender for Endpoint plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |
-| 6/16/2022 | [View the results of an automated investigation in Microsoft 365](/microsoft-365/security/office-365-security/air-view-investigation-results?view=o365-21vianet) | modified |
-| 6/16/2022 | [Ensuring you always have the optimal security controls with preset security policies](/microsoft-365/security/office-365-security/step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies?view=o365-21vianet) | modified |
-| 6/17/2022 | [Microsoft 365 admin center Project activity ](/microsoft-365/admin/activity-reports/project-activity?view=o365-21vianet) | added |
-| 6/17/2022 | [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-21vianet) | modified |
-| 6/17/2022 | [Allow or block emails using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/allow-block-email-spoof?view=o365-21vianet) | added |
-| 6/17/2022 | [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/allow-block-files?view=o365-21vianet) | added |
-| 6/17/2022 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/allow-block-urls?view=o365-21vianet) | added |
-| 6/17/2022 | [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/manage-tenant-allow-block-list?view=o365-21vianet) | added |
-| 6/17/2022 | [Deploy Microsoft Whiteboard on Windows 10 devices](/microsoft-365/whiteboard/deploy-on-windows-organizations?view=o365-21vianet) | added |
-| 6/17/2022 | [Enable and manage access to Microsoft Whiteboard for GCC High environments](/microsoft-365/whiteboard/enable-whiteboard-access-gcc-high?view=o365-21vianet) | added |
-| 6/17/2022 | [Enable and manage access to Microsoft Whiteboard for your organization](/microsoft-365/whiteboard/enable-whiteboard-access-organizations?view=o365-21vianet) | added |
-| 6/17/2022 | [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-21vianet) | added |
-| 6/17/2022 | [Manage clients for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-clients-gcc-high?view=o365-21vianet) | added |
-| 6/17/2022 | [Manage data for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-data-gcc-high?view=o365-21vianet) | added |
-| 6/17/2022 | [Manage data for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-data-organizations?view=o365-21vianet) | added |
-| 6/17/2022 | [Manage sharing for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-sharing-gcc-high?view=o365-21vianet) | added |
-| 6/17/2022 | [Manage sharing for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-sharing-organizations?view=o365-21vianet) | added |
-| 6/17/2022 | Manage your allows in the Tenant Allow/Block List | removed |
-| 6/17/2022 | Manage your blocks in the Tenant Allow/Block List | removed |
-| 6/17/2022 | Modify and remove entries in the Tenant Allow/Block List | removed |
includes Office 365 Operated By 21Vianet Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-operated-by-21vianet-endpoints.md
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--China endpoints version 2022060100-->
-<!--File generated 2022-06-01 08:00:09.1278-->
+<!--China endpoints version 2022072800-->
+<!--File generated 2022-07-29 08:00:05.7421-->
## Exchange Online ID | Category | ER | Addresses | Ports -- | -- | -- | - |
-1 | Optimize<BR>Required | No | `*.partner.outlook.cn`<BR>`40.73.132.0/24, 40.73.164.128/25, 40.73.165.0/26, 42.159.40.0/24, 42.159.163.128/25, 42.159.165.0/24` | **TCP:** 443, 80
+1 | Optimize<BR>Required | No | `*.partner.outlook.cn`<BR>`40.73.132.0/24, 40.73.164.128/25, 40.73.165.0/26, 42.159.40.0/24, 42.159.44.0/22, 42.159.163.128/25, 42.159.165.0/24, 42.159.172.0/22` | **TCP:** 443, 80
2 | Allow<BR>Required | No | `42.159.33.192/27, 42.159.36.0/24, 42.159.161.192/27, 42.159.164.0/24, 139.219.16.0/27, 139.219.17.0/24, 139.219.24.0/22, 139.219.145.0/27, 139.219.146.0/24, 139.219.156.0/22, 2406:e500:4420::/43, 2406:e500:4440::/43, 2406:e500:c020::/44, 2406:e500:c120::/44` | **TCP:** 25, 443, 53, 80 12 | Default<BR>Required | No | `attachments.office365-net.cn` | **TCP:** 443, 80
includes Office 365 Worldwide Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/office-365-worldwide-endpoints.md
<!--THIS FILE IS AUTOMATICALLY GENERATED. MANUAL CHANGES WILL BE OVERWRITTEN.--> <!--Please contact the Office 365 Endpoints team with any questions.-->
-<!--Worldwide endpoints version 2022062900-->
-<!--File generated 2022-06-29 08:00:15.9343-->
+<!--Worldwide endpoints version 2022072800-->
+<!--File generated 2022-07-29 08:00:03.8046-->
## Exchange Online
lighthouse M365 Lighthouse Block User Signin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-block-user-signin.md
You can block a user account if you think it's compromised. When you block a use
4. In the user details pane, select **Block sign-in**.
-5. In the Manage sign-in status pane, select **Block users from signing in**.
+5. In the **Block sign-in** pane, select **Block this user from signing in**.
-6. Select **Save**.
+6. Select **Save changes**.
## Block sign-in for risky users
-1. In the left navigation pane in Lighthouse, select **Users** > **Risky Users**.
+1. In the left navigation pane in Lighthouse, select **Users** > **Risky users**.
2. On the **Risky Users** tab, select the set of users you want to take action on. 3. Select **Block sign-in**.
-4. In the Manage sign-in status pane, select **Block users from signing in**.
+4. In the **Manage sign-in status** pane, select **Block users from signing in**.
5. Select **Save**.
lighthouse M365 Lighthouse Change Cloud Pc Account Type https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-change-cloud-pc-account-type.md
+
+ Title: "Change a Windows 365 Business Cloud PC account type in Microsoft 365 Lighthouse"
+f1.keywords: NOCSH
++++
+audience: Admin
+
+ms.localizationpriority: medium
+
+- M365-subscription-management
+- Adm_O365
+
+- AdminSurgePortfolio
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to set or change a Windows 365 Business Cloud PC account type."
++
+# Change a Windows 365 Business Cloud PC account type in Microsoft 365 Lighthouse
+
+Managed Service Provider (MSP) technicians may set the account type for a Business Cloud PC or make changes to an existing account type. The following account types are available:
+
+- **Standard user (Recommended)** - Standard user accounts have permission to install software only from the Microsoft Store.
+
+- **Local administrator** - Local administrator accounts have permission to install any software and make changes to any part of the operating system. Select this account type only when needed, since malware may use administrator permissions to infect or damage files.
+
+> [!NOTE]
+> You can set or change the account type only for Cloud PCs with a Business license. You can't change the account type for Cloud PCs with an Enterprise license.
+
+## Before you begin
+
+You must be either a Windows 365 Administrator or a Global Administrator in the partner tenant.
+
+## Set or change a Windows 365 Business Cloud PC account type
+
+1. In the left navigation pane in Lighthouse, select **Devices** > **Windows 365**.
+
+2. Select the **All Cloud PCs** tab.
+
+3. Use the colored count-annotation bar to drill into Cloud PCs that have a **Provisioned** status.
+
+4. From the **Filters** dropdown menu, select the **Business** license type to see a list of all Cloud PCs with a Business license within your customer tenants.
+
+5. From the list of Cloud PCs, select the Cloud PC for which you want to change the account type.
+
+6. In the Cloud PC details pane, select **Change account type**.
+
+7. In the **Change Cloud PC account type** pane, select the account type for the Cloud PC, and then select **Save**.
+
+## Next steps
+
+Once the update is applied, the assigned user of the Cloud PC will need to sign back into the Cloud PC or restart their device. It may take several minutes for the new changes to appear in Microsoft 365 Lighthouse. The Cloud PC Administrator can also remotely restart the Cloud PC, but the user may lose any unsaved data.
+
+## Related content
+
+[Cloud PC role-based access control](/windows-365/enterprise/role-based-access) (article)\
+[Overview of the Windows 365 (Cloud PCs) page in Microsoft 365 Lighthouse](m365-lighthouse-win365-page-overview.md) (article)\
+[Reprovision a Windows 365 Cloud PC in Microsoft 365 Lighthouse](m365-lighthouse-reprovision-cloudpc.md) (article)
lighthouse M365 Lighthouse Compare Compliance Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-compare-compliance-policies.md
Make sure devices have a Microsoft Intune license and are enrolled in Microsoft
## Compare policy settings
-1. In the left navigation pane in Lighthouse, select **Devices** > **Device Compliance**.
+1. In the left navigation pane in Lighthouse, select **Devices** > **Device compliance**.
2. Select the **Policies** tab.
-3. From the **Filters** drop-down list, select an operating system or platform.
+3. From the **Filters** dropdown list, select an operating system or platform.
> [!NOTE] > You can only compare policies with the same operating system or platform.
You can filter the results to see **Settings that differ**, **Settings that matc
## Configure a policy setting
-1. In the left navigation pane in Lighthouse, select **Devices** > **Device Compliance**.
+1. In the left navigation pane in Lighthouse, select **Devices** > **Device compliance**.
2. Select the **Policies** tab.
-3. From the list, select a policy name.
+3. From the list of policies, select the policy that you want to view.
-4. From the Policy details pane, select **View this policy in Microsoft Endpoint Manager**.
+4. In the policy details pane, select **View this policy in Microsoft Endpoint Manager**.
5. In MEM, edit the policy settings as needed.
lighthouse M365 Lighthouse Deploy Baselines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-deploy-baselines.md
Make sure you and your customer tenants meet the requirements listed in [Require
1. In the left navigation pane in Lighthouse, select **Tenants**.
-2. From the tenant list, select the tenant you want to view.
+2. From the list of tenants, select the tenant you want to view.
3. Select the **Deployment Plan** tab.
Make sure you and your customer tenants meet the requirements listed in [Require
| Category | Whether the deployment step is associated with managing Devices, Identity, or Data. | | Last updated | The date at which the deployment step was last updated. |
-4. From the list, select a deployment step you want to review.
+4. From the list of deployment steps, select the deployment step that you want to review.
- The Deployment Step page provides the following information:
+ The deployment step details page provides the following information:
| Column | Description | |-|--|
- | Summary | A summary of the Deployment Step's purpose. |
+ | Summary | A summary of the deployment step's purpose. |
| Baseline | The baseline from which the deployment step is derived. | | Category | Whether the deployment step is associated with managing Devices, Identity, or Data. | | Required SKU | SKUs required to complete the deployment step. |
Make sure you and your customer tenants meet the requirements listed in [Require
| For your users | Links to resources the tenant's users may find helpful. | | Next steps | Links and guidance around any applicable next steps. |
- Deployment steps include one or more processes that need to be completed. The Deployment Step page includes a table that lists each process included in the deployment step and provides the following information:
+ Deployment steps include one or more processes that need to be completed. The deployment step details page includes a table that lists each process included in the deployment step and provides the following information:
| Column | Description | |-|-|
- | Process name | The name of the process, which, when selected, will open the applicable Process tab. |
- | Status | Detected status of these setting configurations included in the deployment process. |
+ | Process name | The name of the process, which, when selected, will open the applicable process tab. |
+ | Status | Detected status of the setting configurations included in the deployment process. |
| Management portal | The portal through which the configurations settings associated with the process are managed. | ## Deploy a deployment step 1. In the left navigation page, select **Tenants**.
-2. From the tenant list, select the tenant you want to view.
+2. From the list of tenants, select the tenant that you want to view.
3. Select the **Deployment Plan** tab.
-4. From the Deployment Step list, select a deployment step you want to deploy.
+4. From the list of deployment steps, select the deployment step that you want to deploy.
5. Select **Review and deploy**.
-6. From the **Confirm Configurations** pane, select **Deploy**.
+6. In the **Confirm configuration** pane, select **Deploy**.
## Test a deployment step
For deployment steps deployed through Conditional Access policies, you can compa
1. In the left navigation page, select **Tenants**.
-2. From the tenant list, select the tenant you want to view.
+2. From the list of tenants, select the tenant that you want to view.
3. Select the **Deployment Plan** tab.
-4. From the Deployment Step list, select a deployment step you want to deploy.
+4. From the list of deployment steps, select the deployment step that you want to deploy.
5. Select **Review and deploy**.
-6. From the **Confirm Configurations** pane, select **Test these settings without a deployment**.
+6. In the **Confirm configuration** pane, select **Test these settings without a deployment**.
7. Select **Test**.
-The Confirm Configurations pane will close and display the policy comparison. Each policy within the existing tenant will be listed in the Detected settings table.
+The **Confirm configuration** pane closes and displays the policy comparison. Each policy within the existing tenant is listed in the Detected settings table.
-The Detected settings table lists each existing policy and summarizes the number of settings and, in parentheses, the number of users that are in one of the following statuses:
+The Detected settings table lists each existing policy and summarizes the number of settings and, in parentheses, the number of users that have one of the following statuses:
| Status | Description |-||
The Detected settings table lists each existing policy and summarizes the number
| Missing settings | Total number of configuration settings in the deployment plan that are missing a value in the tenant. | | Conflicting settings | Total number of configuration settings in the deployment plan that have a conflicting value in the tenant. |
-Detected settings can also be viewed in a modular table that provides configuration setting details for each policy at the setting and user level and can be sorted by each of the following settings statuses:
+You can also view detected settings in a modular table that provides configuration setting details for each policy at the setting and user level and you can sort the table by the following setting statuses:
| Status | Description |-||
Detected settings can also be viewed in a modular table that provides configurat
| Conflicting settings | Total number of configuration settings in the deployment plan that have a conflicting value in the tenant. | | Extra settings | Total number of configuration settings with a value in the tenant but no value in the deployment plan. |
-When this comparison is made, Lighthouse will automatically update the Detected status, Deployment status, and Deployment Step status.
+When this comparison is made, Lighthouse automatically updates the Detected status, Deployment status, and Deployment Step status.
-If there are no existing policies to compare, select Review and deploy to reopen the Confirm configurations pane and select Deploy.
+If there are no existing policies to compare, select **Review and deploy** to reopen the **Confirm configuration** pane, and then select **Deploy**.
If there are existing policies with which to compare, you can either: -- Edit the configuration settings of the deployment plan and retest them against the existing policies, select **Review and deploy** to reopen the Confirm configurations pane, adjust the desired configuration settings, reselect the checkbox, and select **Test** at the bottom of the pane.
+- Edit the configuration settings of the deployment plan and retest them against the existing policies, select **Review and deploy** to reopen the **Confirm configuration** pane, adjust the desired configuration settings, reselect the checkbox, and then select **Test** at the bottom of the pane.
- Edit the existing policies within the applicable management portal to reconcile the differences by either: - Applying missing settings
For each deployment process that can be automated through Lighthouse, there's bo
- The detected status indicates to what extent the settings in this process are currently deployed. - The deployment status is the status of the last deployment to the tenant.
-Deployment steps can be deployed regardless of existing policies but won't be considered complete until there are no conflicting settings. Failure to resolve these conflicting settings may impact the user experience.
+You can deploy deployment steps regardless of existing policies but they won't be considered complete until there are no conflicting settings. Failure to resolve these conflicting settings may impact the user experience.
-The deployment of the deployment step in instances when there are equal settings present in the tenant from an existing policy will result in duplication of the existing settings within the tenant but won't impact the user experience.
+The deployment of the deployment step in instances when there are equal settings present in the tenant from an existing policy results in duplication of the existing settings within the tenant but won't impact the user experience.
Extra settings are provided for your awareness but don't require you to take action.
For more information on policy conflict management, see [Azure AD Conditional Ac
## Update deployment step status
-1. In the left navigation page, select **Tenants**.
+1. In the left navigation page in Lighthouse, select **Tenants**.
-2. From the tenant list, select the tenant you want to view.
+2. From the list of tenants, select the tenant that you want to view.
3. Select the **Deployment Plan** tab.
-4. From the deployment step list, select a deployment step you want to update.
+4. From the list of deployment steps, select the deployment step that you want to update.
-5. From the **To address** drop-down list, select an action status.
+5. From the **To address** dropdown list, select an action status.
- | Action status | Description |
- ||-|
- | To address | The default state of all deployment steps that do NOT include multiple deployment step processes. |
- | Planned | The deployment step has been planned but has yet to be completed. |
- | Risk accepted | The user has accepted the risk that would otherwise have been averted by applying the deployment step. |
- | Risk Resolved Through Third Party | The risk has been resolved by the implementation of a third-party application or software. |
- | Resolved through alternate means | The risk has been resolved through alternate means, such as the implementation of an internal tool. |
- | Manual configuration applied | The configuration prescribed in the deployment plan has been manually applied. |
+ | Action status | Description |
+ |--|--|
+ | To address | The default state of all deployment steps that do NOT include multiple deployment step processes. |
+ | Planned | The deployment step has been planned but has yet to be completed. |
+ | Risk accepted | The user has accepted the risk that would otherwise have been averted by applying the deployment step. |
+ | Risk Resolved Through Third Party | The risk has been resolved by the implementation of a third-party application or software. |
+ | Resolved through alternate means | The risk has been resolved through alternate means, such as the implementation of an internal tool. |
+ | Manual configuration applied | The configuration prescribed in the deployment plan has been manually applied. |
## Share deployment step 1. In the left navigation page, select **Tenants**.
-2. From the tenant list, select the tenant you want to view.
+2. From the list of tenants, select the tenant you want to view.
3. Select the **Deployment Plan** tab.
-4. From the Deployment Step list, select a deployment step you want to share.
+4. From the list of deployment steps, select the deployment step that you want to share.
-5. From the **Share** drop-down list, select one of the following options.
+5. From the **Share** dropdown list, select one of the following options.
| Option | Description | |--|-| | Copy | Copies a link to the deployment step into your clipboard. | | Email | Opens your new email message on your local machine and inserts a link to the deployment step. |
- The link will allow anyone with permissions in your organization to view the tenant's deployment plan.
+ The link allows anyone with permissions in your organization to view the tenant's deployment plan.
## Related content
lighthouse M365 Lighthouse Deploy Standard Tenant Configurations Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-deploy-standard-tenant-configurations-overview.md
description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous
Microsoft 365 Lighthouse baselines provide a repeatable and scalable way for you to manage Microsoft 365 security settings across multiple customer tenants. Baselines provide standard tenant configurations that deploy core security policies and compliance standards that keep your tenants' users, devices, and data secure.
-You can view the default baseline and its deployment steps from within Lighthouse. To apply a baseline to a tenant, select **Tenants** in the left navigation pane, and then select a tenant. Next, go to the **Deployment plans** tab to begin the deployment.
+You can view the default baseline and its deployment steps from within Lighthouse. To apply a baseline to a tenant, select **Tenants** in the left navigation pane, and then select a tenant. Next, go to the **Deployment Plan** tab to begin the deployment.
## Lighthouse baseline
-Lighthouse baseline configurations are designed to make sure all managed tenants are secure and compliant. Select **Baselines** from the left navigation pane to view the default baseline that applies to all tenants. To view the deployment steps included in the default baseline, select **View baseline** to open the **Default baseline** page. Select any of the deployment steps to view deployment details and user impact.
+Lighthouse baseline configurations are designed to make sure all managed tenants are secure and compliant. Select **Baselines** in the left navigation pane to view the default baseline that applies to all tenants. To view the deployment steps included in the default baseline, select **View baseline** to open the **Default baseline** page. Select any of the deployment steps to view deployment details and user impact.
:::image type="content" source="../media/m365-lighthouse-deploy-baselines/default-baseline-page.png" alt-text="Screenshot of the Default baseline page.":::
lighthouse M365 Lighthouse Device Compliance Page Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-device-compliance-page-overview.md
description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous
# Overview of the Device compliance page in Microsoft 365 Lighthouse
-Microsoft 365 Lighthouse lets you view insights and information related to Intune device compliance for all your customer tenants by selecting **Devices** in the left navigation pane to open the Device compliance page. From this page, you can get an overview of compliance status across tenants, view a list of devices for each tenant, and get status reports on compliance policies and settings.
+Microsoft 365 Lighthouse lets you view insights and information related to Intune device compliance for all your customer tenants by selecting **Devices** > **Device compliance** in the left navigation pane to open the Device compliance page. From this page, you can get an overview of compliance status across tenants, view a list of devices for each tenant, and get status reports on compliance policies and settings.
## Overview tab
lighthouse M365 Lighthouse Device Security Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-device-security-overview.md
description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous
# Overview of the Microsoft Defender for Endpoint page in Microsoft 365 Lighthouse
-Microsoft Defender for Endpoint provides endpoint security to secure your customersΓÇÖ devices from ransomware, malware, phishing, and other threats. Microsoft 365 Lighthouse allows you to view endpoint security insights and information for all your customer tenants.
+Microsoft Defender for Endpoint provides endpoint security to secure your customers' devices from ransomware, malware, phishing, and other threats. Microsoft 365 Lighthouse allows you to view endpoint security insights and information for all your customer tenants.
-You can access the Microsoft Defender for Endpoint page in Microsoft 365 Lighthouse from the **Home** page under **Security Incidents** card or from the left navigation pane, **Devices \> Device Security tab**. You'll see any security incidents and alerts in your tenants that need attention, and devices that have been onboarded to Microsoft Defender for Endpoint.
+You can access the Microsoft Defender for Endpoint page in Microsoft 365 Lighthouse from the **Security incidents** card on the Home page or from the left navigation pane by selecting **Devices** > **Device security**. You'll see any security incidents and alerts in your tenants that need attention, and devices that have been onboarded to Microsoft Defender for Endpoint.
## Incidents and alerts tab
-The Incidents and alerts tab provides a multi-tenant incidents queue of incidents and alerts that were flagged from devices in your customersΓÇÖ network. By default, the queue displays any active incidents seen in the last 30 days. You can select any incident or alert to view more information.
+The Incidents and alerts tab provides a multi-tenant incidents queue of incidents and alerts that were flagged from devices in your customers' network. By default, the queue displays any active incidents seen in the last 30 days. You can select any incident or alert to view more information.
:::image type="content" source="../media/m365-lighthouse-device-compliance-page-overview/microsoft-defender-endpoint-incidents.png" alt-text="Microsoft Defender for Endpoint incidents and alerts"::: ## Devices tab
-The Devices tab list of all devices in your customer tenants that have been onboarded to Microsoft Defender for Endpoint. This list includes devices that are managed by Microsoft Endpoint Manager and Microsoft Defender for Endpoint.
+The Devices tab lists all of the devices in your customer tenants that have been onboarded to Microsoft Defender for Endpoint. This list includes devices that are managed by Microsoft Endpoint Manager and Microsoft Defender for Endpoint.
The Devices tab also includes the following options:
lighthouse M365 Lighthouse Known Issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-known-issues.md
This article lists the known issues for Microsoft 365 Lighthouse by feature area
| Issue | Description | Solution | | - | - | - |
-| **Helpdesk Agent is unable to reset a user password** | Managed Service Provider (MSP) technicians who are members of the Helpdesk Agent group are unable to reset passwords for users in customer tenants. When they try to reset the password for a user, they get the following error message: "You don't have permission to do this. [Learn more](m365-lighthouse-configure-portal-security.md)" | To work around the permissions issue, Helpdesk Agents should reset passwords by using the Microsoft 365 admin center or Azure Active Directory. |
-
-## Devices
-
-| Issue | Description | Solution |
-| - | - | - |
-| **Deleted policy appears** | After a device compliance policy has been deleted from Intune, it will temporarily continue to be visible in Lighthouse. If MSP technicians attempt to do a policy comparison that includes a policy that's been deleted, the technicians get the following error: "Something went wrong. Please refresh the page and try again." | To resolve the error, clear the deleted policy from the policy comparison and compare only existing policies. |
+| **No data displays on the OneDrive tab in the user details pane** | When an MSP technician attempts to view OneDrive data on the OneDrive tab in the user details pane, they see the message: "OneDrive isn't set up for this user. Ask the person to go to portal.office.com/onedrive to set it up. It might take a while. If you still see this message 24 hours later, contact support." | The OneDrive tab doesn't support delegated authentication at this time. To work around the issue, MSP technicians should view OneDrive data in the Microsoft 365 admin center by signing in using the customer's credentials. |
## Threat management | Issue | Description | Solution | | - | - | - |
-| **Threat name is missing** | When MSP technicians view the list of threats from the Threat Management page, some threats may be missing the name of the threat. This will occur when the device that the threat was detected on was recently removed from Intune. | The issue will resolve within 48 hours. No additional steps are required. |
+| **Threat name is missing** | When MSP technicians view the list of threats from the Threat management page, some threats may be missing the name of the threat. This will occur when the device that the threat was detected on was recently removed from Intune. | The issue will resolve within 48 hours. No additional steps are required. |
## Baselines
This article lists the known issues for Microsoft 365 Lighthouse by feature area
| Issue | Description | Solution | |--|--|--|
-| **Deactivate and Reactivate actions are not listed in audit logs** | The following activities are currently not reported on the Audit logs page in Lighthouse: <ul><li>Name: offboardTenant \| Action: Inactivate a customer</li> <li>Name: resetTenantOnboardingStatus \| Action: Reactive customer</li></ul> | There's no workaround, but we're working on a fix. These activities will appear in audit logs once the fix is deployed in the service. |
+| **Deactivate and Reactivate actions are not listed in audit logs** | The following activities are currently not reported on the Audit logs page in Lighthouse: <ul><li>Name: offboardTenant \| Action: Inactivate a customer</li> <li>Name: resetTenantOnboardingStatus \| Action: Reactive customer</li></ul> | There's no workaround, but we're working on a fix. These activities will appear in audit logs once the fix is deployed in the service. |
| **Filter is not showing all users** | When MSP technicians try to filter by using **Initiated By**, the list of all User Principal Names (UPNs) ΓÇô corresponding to email IDs of the technicians who initiated actions generating audit logs ΓÇô isn't fully displayed under the filter.<br><br>Note that the audit logs themselves will be fully displayed; only the ability to filter them by using **Initiated By** is impacted. | There's no workaround, but we're working on a fix. The filter will revert to its expected behavior ΓÇô displaying the full list of UPNs to filter by ΓÇô once the fix is deployed in the service. | ## Delegated Admin Privileges (DAP)
lighthouse M365 Lighthouse Manage Mfa https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-mfa.md
The following conditions must be met before a tenant will appear in the list:
## Enable MFA for a tenant
-1. In the left navigation pane in Lighthouse, select **Users** > **Multifactor Authentication**.
+1. In the left navigation pane in Lighthouse, select **Users** > **Multifactor authentication**.
2. On the **Multifactor Authentication** tab, look for a tenant currently not using MFA, and then select that tenant to open the tenant details pane.
-3. On the **MFA enablement** tab, under **MFA with Security defaults**, select **Enable Security Defaults**.
+3. On the **MFA enablement** tab, under **MFA with Security defaults**, select **Enable Security defaults**.
4. Select **Save changes**.
To enable MFA through Conditional Access, see [Tutorial: Secure user sign-in eve
## Notify users who aren't registered for MFA
-1. In the left navigation pane in Lighthouse, select **Users** > **Multifactor Authentication**.
+1. In the left navigation pane in Lighthouse, select **Users** > **Multifactor authentication**.
2. On the **Multifactor Authentication** tab, look for tenants with users not registered for MFA, and then select the tenant to open the tenant details pane.
To enable MFA through Conditional Access, see [Tutorial: Secure user sign-in eve
4. Select all other users in the list who need to register for MFA, and then select **Create email**. > [!TIP]
-> If any of the user accounts in the list are emergency access accounts or service accounts for which you donΓÇÖt want to require MFA, select those user accounts, and then select **Exclude users**. The excluded user accounts will no longer appear in the list of users not registered for MFA.
+> If any of the user accounts in the list are emergency access accounts or service accounts for which you don't want to require MFA, select those user accounts, and then select **Exclude users**. The excluded user accounts will no longer appear in the list of users not registered for MFA.
> [!NOTE]
-> If any shared mailbox accounts or inactive user accounts appear in the list of users not registered for MFA, we recommend that you block signin for those accounts so theyΓÇÖll no longer appear in this list.
+> If any shared mailbox accounts or inactive user accounts appear in the list of users not registered for MFA, we recommend that you block signin for those accounts so they'll no longer appear in this list.
Lighthouse opens your default email client and prepopulates the email message with instructions to register for MFA. All the selected users will be included on the BCC line. If you prefer to individually email users, you can select the email icon next to the username.
lighthouse M365 Lighthouse Manage Sspr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-sspr.md
The following conditions must be met before a tenant will appear in the list:
## View SSPR tenant status -- In the left navigation pane of Lighthouse, select **Users** > **Password reset**.
+- In the left navigation pane in Lighthouse, select **Users** > **Password reset**.
The Password reset tab provides an overview of the tenants that have enabled SSPR through the recommended settings, the number of users who haven't registered for SSPR, and a detailed breakdown by tenant of the SSPR deployment progress across the organizations that you manage.
lighthouse M365 Lighthouse Manage Tenant List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-tenant-list.md
To manage tenant tags, you must:
2. Select **Manage Tags**.
-3. In the **Manage tags** pane, select **Add tag**.
+3. In the **Manage tags** pane, select **Create tag**.
4. Enter a name and description.
To manage tenant tags, you must:
1. In the left navigation pane in Lighthouse, select **Tenants**.
-2. From the tenant list, select the three dots (more actions) next to the tenant you want to tag.
+2. From the list of tenants, select the three dots (more actions) next to the tenant you want to tag.
3. Select **Tags**. 4. Select a tag from the list. You can select only one tag at a time.
-Tags that are already assigned to the tenant will have a check mark to the right of the tag name. You can also assign a tag to multiple tenants by selecting the checkbox next to each tenant in the list, selecting **Assign Tags**, and then selecting a tag from the list.
+Tags that are already assigned to the tenant have a check mark to the right of the tag name. You can also assign a tag to multiple tenants by selecting the checkbox next to each tenant in the list, selecting **Assign Tags**, and then selecting a tag from the list.
> [!NOTE] > You can create up to 30 unique Tags and assign them to as many tenants as needed.
Tags that are already assigned to the tenant will have a check mark to the right
3. In the **Manage tags** pane, select the tag that you want to delete.
-4. Select **Delete tag**.
+4. Select **Delete**.
+
+5. In the confirmation dialog, select **Confirm**.
## Remove a tag 1. In the left navigation pane in Lighthouse, select **Tenants**.
-2. From the tenant list, select the three dots (more actions) next to the tenant you want to edit.
+2. From the list of tenants, select the three dots (more actions) next to the tenant you want to edit.
3. Select **Tags**.
lighthouse M365 Lighthouse Mitigate Threats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-mitigate-threats.md
To investigate a specific threat:
2. Select the **Threats** tab.
-3. From the threat list, select the threat you want to investigate.
+3. From the list of threats, select the threat you want to investigate.
The threat details pane provides the following information:
A quick scan searches common locations where malware could be, such as registry
2. Select the **Antivirus protection** tab.
-3. From the device list, select a device.
+3. From the list of devices, select a device.
4. In the device details pane, select **Run full scan** or **Run quick scan**.
To update Microsoft Defender Antivirus on a single device:
2. Select the **Antivirus protection** tab.
-3. From the device list, select a device.
+3. From the list of devices, select a device.
4. In the device details pane, select **Update antivirus**. You can get updates for multiple devices by selecting the checkbox next to each device name in the list and then select **Update antivirus**.
-If you need to create a new policy, select **Update policy** from the device details pane. Lighthouse will redirect you to Microsoft Endpoint Manager (MEM). For more information about creating a policy, see [Create a compliance policy in Microsoft Intune](/mem/intune/protect/create-compliance-policy).
+If you need to create a new policy, select **Update policy** in the device details pane. Lighthouse will redirect you to Microsoft Endpoint Manager (MEM). For more information about creating a policy, see [Create a compliance policy in Microsoft Intune](/mem/intune/protect/create-compliance-policy).
## Check pending antivirus actions on a device
When consecutive actions are applied to a device, you'll receive an action pendi
2. Select the **Antivirus protection** tab.
-3. From the device list, select a device.
+3. From the list of devices, select a device.
4. In the device details pane, select the **Device action statuses** tab to view pending actions.
Some updates may require a device to restart to install correctly.
2. Select the **Antivirus protection** tab.
-3. From the device list, select a device.
+3. From the list of devices, select a device.
4. In the device details pane, select **Reboot device**.
lighthouse M365 Lighthouse Quarantine Messages Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-quarantine-messages-overview.md
description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous
Microsoft 365 Lighthouse lets you see insights and information about quarantined emails across all your customer tenants. From a single view, you can triage quarantined emails and take the appropriate actions. The data is available if the tenant has implemented Exchange Online Protection (EOP) and Microsoft Defender for Office365 Plan 1 (MDO).
-You can access the information by selecting **Data Protection** from the left navigation or the **Home** page.
+You can access the information by selecting **Home** in the left navigation pane, or by selecting **Data Protection** in the left navigation pane to open the Quarantined messages page.
## Quarantined messages page
The **Status of messages** section provides a consolidated view across eligible
The data reflects the last 30 days; however, you can use the **Time range** filter to modify the view.
-The **Quarantine** **reason** chart contains a breakdown of quarantine counts by Exchange Online Protection (EOP) and Microsoft Defender for Office365 Plan 1 (MDO) policy type. These types include
+The **Quarantine reason** section contains a breakdown of quarantine counts by Exchange Online Protection (EOP) and Microsoft Defender for Office365 Plan 1 (MDO) policy type. These types include
- Malware - Phishing
The **Quarantine** **reason** chart contains a breakdown of quarantine counts by
The quarantine list is a sortable view of quarantine information by tenant. Within this view, you can filter by the following information: -- **Quarantine Reason:** Any, Malware, Phish, High confidence phish, Spam, Bulk Email-- **Policy Type:** Any, Anti-malware, Anti-phishing, Anti-spam, Safe Attachments, Transport Rule, Unknown-- **About to Expire:** Any, Today, within two days, within seven days
+- **Quarantine reason:** Any, Malware, Phish, High confidence phish, Spam, Bulk Email
+- **Policy type:** Any, Anti-malware, Anti-phishing, Anti-spam, Safe Attachments, Transport Rule, Unknown
+- **About to expire:** Any, Today, within two days, within seven days
You also can adjust the columns and sort data based on tenant, message status, and expiration dates. :::image type="content" source="../media/m365-lighthouse-data-protection/quarantine-email-page.png" alt-text="Quarantine messages page in Microsoft 365 Lighthouse" lightbox="../media/m365-lighthouse-data-protection/quarantine-email-page.png":::
-The **Copy Link to Messages in Microsoft** **365 Defender** option provides a link to Microsoft 365 Defender portal where you can access and manage your tenantΓÇÖs email quarantine queue. You must authenticate before you can take any action.
+The **Copy Link to Messages in Microsoft** **365 Defender** option provides a link to Microsoft 365 Defender portal where you can access and manage your tenant's email quarantine queue. You must authenticate before you can take any action.
## Related content
lighthouse M365 Lighthouse Reprovision Cloudpc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-reprovision-cloudpc.md
You must be a Cloud PC Administrator in the partner tenant.
2. Select the **All Cloud PCs** tab.
-3. From the **Filters** drop-down list, select license type.
+3. From the **Filters** dropdown list, select license type.
4. From the filtered list, select a device.
You must be a Cloud PC Administrator in the partner tenant.
2. Select the **All Cloud PCs** tab.
-3. From the device list, select a device.
+3. From the list of devices, select a device.
4. In the device details pane, select the **Device action status** tab.
lighthouse M365 Lighthouse Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-requirements.md
In addition, each MSP customer tenant must qualify for Lighthouse by meeting the
- Must have at least one Microsoft 365 Business Premium, Microsoft 365 E3, Microsoft 365 E5, Windows 365 Business, or Microsoft Defender for Business license - Must have no more than 2500 licensed users
-Either Granular Delegated Admin Privileges (GDAP) plus an indirect reseller relationship or a Delegated Admin Privileges (DAP) relationship is required to onboard customers to Lighthouse. If DAP and GDAP coexist in a customer tenant, GDAP permissions take precedence for MSP technicians in GDAP-enabled security groups. Coming soon, customers with GDAP-only relationships (without indirect reseller relationships) will be able to onboard to Lighthouse.
+ \* Either Granular Delegated Admin Privileges (GDAP or a Delegated Admin Privileges (DAP) relationship is required to onboard customers to Lighthouse. An indirect reseller relationship is no longer required to onboard to Lighthouse. If DAP and GDAP coexist in a customer tenant, GDAP permissions take precedence for MSP technicians in GDAP-enabled security groups.
## Requirements for enabling device management
lighthouse M365 Lighthouse Reset User Password https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-reset-user-password.md
Microsoft 365 Lighthouse lets you change or reset user passwords. You can reset
4. In the user details pane, select **Reset password**.
-5. In the Reset password pane, select **Autogenerate a password** or **Let me create a password**.
+5. In the **Reset password** pane, select **Autogenerate a password** or **Let me create a password**.
- If you choose to create a password, enter a password.
Microsoft 365 Lighthouse lets you change or reset user passwords. You can reset
## Reset a password for a risky user
-1. In the left navigation pane in Lighthouse, select **Users** > **Risky Users**.
+1. In the left navigation pane in Lighthouse, select **Users** > **Risky users**.
2. On the **Risky Users** tab, select a risky user from the list. 3. Select **Reset password**.
-4. In the Reset password pane, select **Autogenerate a password** or **Let me create a password**.
+4. In the **Reset password** pane, select **Autogenerate a password** or **Let me create a password**.
- If you choose to create a password, enter a password.
lighthouse M365 Lighthouse Sign Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-sign-up.md
This article provides instructions for how to sign up for Microsoft 365 Lighthou
To verify that Lighthouse was successfully added to your tenant, look for Microsoft 365 Lighthouse under **Billing > Your Products** in the Microsoft 365 admin center.
-1. If you aren't redirected to the Lighthouse portal, go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2168110" target="_blank">https://lighthouse.microsoft.com</a>.
+5. If you aren't redirected to the Lighthouse portal, go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2168110" target="_blank">https://lighthouse.microsoft.com</a>.
-1. Select **Agree & Continue** to complete the partner agreement amendment.
+6. Select **Agree & Continue** to complete the partner agreement amendment.
> [!NOTE] > After you complete sign-up, it can take up to 48 hours for customer data to appear in Lighthouse.
lighthouse M365 Lighthouse Tenants Page Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-tenants-page-overview.md
To help organize your tenants and easily filter the existing views, you can crea
## Tenant details page
-To view detailed tenant information, select a tenant from the tenant list. The tenant details page contains contact information and deployment plan status.
+To view detailed tenant information, select a tenant from the list of tenants. The tenant details page contains contact information and deployment plan status.
:::image type="content" source="../media/m365-lighthouse-tenants-page-overview/tenant-details-page.png" alt-text="Screenshot of the Tenant details page.":::
To view detailed tenant information, select a tenant from the tenant list. The t
On the Overview tab, you can view tenant overview, contact information, and Microsoft 365 service usage.
-#### Tenant overview card
+#### Tenant overview section
-The Tenant overview card provides information about the tenant from its Microsoft 365 account.<br><br>
+The Tenant overview section provides information about the tenant from its Microsoft 365 account.<br><br>
-| Tenant Information | Description|
+| Tenant information | Description|
|--|| | Headquarters | Where the tenant is located.| | Industry |The organization's industry.|
The Tenant overview card provides information about the tenant from its Microsof
| Total users |The number of users assigned in the tenant. You may select this number to open the Users page for that tenant.| | Total devices|The number of devices enrolled in the tenant. You may select this number to open the Devices page for that tenant.|
-#### Contacts card
+#### Contacts section
-The Contacts card lets you enter information for key contacts within the tenants you manage, such as:
+The Contacts section provides information for key contacts within the tenants you manage, such as:
- Name - Title
The Contacts card lets you enter information for key contacts within the tenants
- Email - Notes
-The Notes section is a text field that you can use to record key information for the tenant, such as engagement preferences, location, time zone, and details about their role within the organization.
+The **Notes** column shows information for the tenant, such as engagement preferences, location, time zone, and details about their role within the organization.
-To edit details or delete an existing contact, select the contact name from the list. In the **Edit contact** pane, edit or delete the contact. To add another contact, select **+Add contact**.
+To edit details, add notes, or delete an existing contact, select the contact name from the list. In the **Edit contact** pane, edit or delete the contact. To add another contact, select **+Add contact**.
-#### Microsoft 365 usage card
+#### Microsoft 365 services usage section
-Lighthouse provides insights into Microsoft 365 services usage, including how many users within a tenant are licensed and actively using each service. Active indicates the number of users or devices that have signed in to the service at least once in the past 28 days. Change indicates change in active users and devices since last month.
+Lighthouse provides insights into Microsoft 365 services usage, including how many users within a tenant are licensed and actively using each service. The **Active users & devices** column indicates the number of users or devices that have signed in to the service at least once in the past 28 days. The **Change in activity** column indicates change in active users and devices since last month.
-The Microsoft 365 Usage card contains two sections:
+The **Microsoft 365 services usage** section contains two sub-sections:
- **Microsoft 365 Lighthouse-enabled - **Additional Microsoft 365
-### Deployment Plans tab
+### Deployment Plan tab
The Deployment Plans tab provides status on a tenant's deployment plan. The deployment steps in the list are based on the baseline applied to the tenant. To see deployment step details, select a deployment step from the list.
-The Deployment Plans tab also includes the following options:
+The Deployment Plan tab also includes the following options:
- **Export:** Select to export deployment step data to an Excel comma-separated values (.csv) file. - **Refresh:** Select to retrieve the most current deployment step data.
lighthouse M365 Lighthouse Threat Management Page Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-threat-management-page-overview.md
description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous
Microsoft Defender Antivirus protects tenants, users, and devices from software threats including viruses, malware, and spyware. It's robust, ongoing protection that's built into Windows.
-To access the Threat management page in Microsoft 365 Lighthouse, select **Devices** > **Threat Management** in the left navigation pane to view your customer tenants' security posture against threats. You'll see tenants, users, and devices that require your attention and recommendations that will help you reduce risk.
+To access the Threat management page in Microsoft 365 Lighthouse, select **Devices** > **Threat management** in the left navigation pane to view your customer tenants' security posture against threats. You'll see tenants, users, and devices that require your attention and recommendations that will help you reduce risk.
## Overview tab
lighthouse M365 Lighthouse Users Page Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-users-page-overview.md
description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous
# Overview of the Users page in Microsoft 365 Lighthouse
-Microsoft 365 Lighthouse lets you manage users across customer tenant accounts by selecting any of the links under **Users** in the left navigation pane. From Users page, you can search for users and assess and act on the security state of your user accounts. You can also view insights into risky users and the status of multifactor authentication and self-service password reset.
+Microsoft 365 Lighthouse lets you manage users across customer tenant accounts by selecting any of the links under **Users** in the left navigation pane. From the Users page, you can search for users and assess and act on the security state of your user accounts. You can also view insights into risky users and the status of multifactor authentication and self-service password reset.
## Search users tab
From the Search users tab, you can quickly search across tenants for specific us
:::image type="content" source="../media/m365-lighthouse-users-page-overview/users-search-users-tab.png" alt-text="Screenshot of the Search users tab.":::
-## Risky users tab
+## Risky Users tab
The Risky Users tab shows user accounts across your tenants that have been flagged for risky behavior. Select any of the users to view more information on a detected risk or to mitigate a risk by resetting a user's password or blocking sign-in. For more information about risk types and detection, see [What is risk?](/azure/active-directory/identity-protection/concept-identity-protection-risks).
lighthouse M365 Lighthouse View Failed Network Connections https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-failed-network-connections.md
Microsoft 365 Lighthouse provides the connection status between your customer te
2. Select the **Azure network connections** tab.
-3. From the connection summary section, select **Failed connections**.
+3. From the colored count-annotation bar, select **Failed connections**.
4. From the filtered list, select **View connection details in Microsoft Endpoint Manager** next to the connection you want to investigate.
lighthouse M365 Lighthouse View Manage Risky Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-manage-risky-users.md
The following conditions must be met before users can appear in the risky users
In Azure AD Identity Protection, risk detections include any identified suspicious actions related to user accounts in Azure AD.
-1. In the left navigation pane in Lighthouse, select **Users** > **Risky Users**.
+1. In the left navigation pane in Lighthouse, select **Users** > **Risky users**.
2. On the **Risky Users** tab, review the users in the list with a risk state of **At risk**.
In Azure AD Identity Protection, risk detections include any identified suspicio
To take action on multiple affected users at once:
-1. In the left navigation pane in Lighthouse, select **Users** > **Risky Users**.
+1. In the left navigation pane in Lighthouse, select **Users** > **Risky users**.
2. On the **Risky Users** tab, select the set of users you want to take action on.
To take action on multiple affected users at once:
## Related content [Tutorial: Use risk detections for user sign-ins to trigger Azure AD Multi-Factor Authentication or password changes](/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa) (article)\ [What is risk?](/azure/active-directory/identity-protection/concept-identity-protection-risks) (article) \
-[Remediate risks and unblock users](/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock) (article)
+[Remediate risks and unblock users](/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock) (article)
lighthouse M365 Lighthouse View Your Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-your-roles.md
You must have access to a partner tenant that has onboarded to the Microsoft 365
1. In the left navigation pane in Lighthouse, select **Tenants**.
-2. From the tenant list, select any tenant name to open the tenant's **Overview** page.
+2. From the list of tenants, select any tenant name to open the tenant's **Overview** page.
3. Next to **Roles**, select the link indicating the number of roles you hold in the tenant. The **Roles** page opens.
lighthouse M365 Lighthouse Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-whats-new.md
We're continuously adding new features to [Microsoft 365 Lighthouse](m365-lighth
> [!NOTE] > Some features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, you should see it soon.
+## July 2022
+
+### Enhanced baseline deployment
+
+Microsoft 365 Lighthouse now makes the deployment of baselines to all of your managed tenants faster and easier by:
+
+- Automatically detecting and reporting the status of each assigned task
+- Consolidating the status reporting and simplifying the logic that determines deployment status
+- Reporting which tasks are complete and which tasks need your attention
+- Reporting user-level deployment status for applicable tasks
+- Detecting existing configurations from within the tenant and comparing them to the baseline
+- Providing details around tasks that have been dismissed
+- Identifying where additional licensing is required to complete an assigned task
+ ## June 2022 ### Support for Microsoft 365 E5 customers
For a full list of requirements, see [Requirements for Microsoft 365 Lighthouse]
### Microsoft Defender for Business integration
-Microsoft 365 Lighthouse now integrates with Microsoft Defender for Business to bring you related insights and management capabilities for all of your customer tenants that have Microsoft Defender for Business. To see the list of customer devices that have been onboarded to Microsoft Defender for Business, select **Devices** from the left navigation pane in Microsoft 365 Lighthouse. To see the list of incidents and alerts flagged across your customer tenants, go to **Devices** > **Device Security**, and then select the **Incidents and alerts** tab.
+Microsoft 365 Lighthouse now integrates with Microsoft Defender for Business to bring you related insights and management capabilities for all of your customer tenants that have Microsoft Defender for Business. To see the list of customer devices that have been onboarded to Microsoft Defender for Business, select **Devices** in the left navigation pane in Microsoft 365 Lighthouse. To see the list of incidents and alerts flagged across your customer tenants, go to **Devices** > **Device Security**, and then select the **Incidents and alerts** tab.
-We've also added a step to the default baseline to help you set up Microsoft Defender for Business for your customer tenants. To see this step, select **Baselines** from the left navigation pane in Microsoft 365 Lighthouse or view the deployment plan for any of your customer tenants.
+We've also added a step to the default baseline to help you set up Microsoft Defender for Business for your customer tenants. To see this step, select **Baselines** in the left navigation pane in Microsoft 365 Lighthouse or view the deployment plan for any of your customer tenants.
### Status of quarantined email messages
-We've added new functionality around email quarantine data for your managed tenants. Accessible by selecting **Data protection** from the left navigation pane in Microsoft 365 Lighthouse, this feature gives you visibility into the status of quarantined email messages across your customer tenants. You can see consolidated information for total quarantine volumes and detailed information for each managed tenant to help you prioritize any tenants that may require action.
+We've added new functionality around email quarantine data for your managed tenants. Accessible by selecting **Data protection** in the left navigation pane in Microsoft 365 Lighthouse, this feature gives you visibility into the status of quarantined email messages across your customer tenants. You can see consolidated information for total quarantine volumes and detailed information for each managed tenant to help you prioritize any tenants that may require action.
### Increase in maximum license limit
We've given the left navigation pane in Microsoft 365 Lighthouse a new look. You
### Enriched user details pane
-We've redesigned the user details pane to include more user information and more actions that you can take to better manage users. It now has the same look and feel as the user details pane in the Microsoft 365 admin center. To access the user details pane in Microsoft 365 Lighthouse, select **Users** from the left navigation pane, and then select either **Search users** or **Risky users**. Select any user to open the details pane.
+We've redesigned the user details pane to include more user information and more actions that you can take to better manage users. It now has the same look and feel as the user details pane in the Microsoft 365 admin center. To access the user details pane in Microsoft 365 Lighthouse, select **Users** in the left navigation pane, and then select either **Search users** or **Risky users**. Select any user to open the details pane.
## April 2022
You can now view usage data for Microsoft 365 services from within Microsoft 365
These insights can help inform your customer engagements and deliver more value to your customers by empowering you to help them understand which services their users actively use and where there may be opportunities to enhance their security or productivity.
-For more information, see [Overview of the Tenants page in Microsoft 365 Lighthouse: Microsoft 365 usage card](m365-lighthouse-tenants-page-overview.md#microsoft-365-usage-card).
+For more information, see [Overview of the Tenants page in Microsoft 365 Lighthouse: Microsoft 365 services usage section](m365-lighthouse-tenants-page-overview.md#microsoft-365-services-usage-section).
### Exchange Online Protection and Microsoft 365 Defender for Office 365 default baseline step
We've made it easier to communicate with users in your customer tenants about ac
### Capability to take action on noncompliant devices
-We've introduced the capability to sync or restart one or more devices across multiple customer tenants. This functionality helps ensure that your customers' devices are protected from risk. To check out this functionality, select **Devices** from the left navigation pane in Microsoft 365 Lighthouse, and then select the **Devices** tab. Look for the **Sync** and **Restart** options above the devices list. You can also access these options from the device details pane of any device.
+We've introduced the capability to sync or restart one or more devices across multiple customer tenants. This functionality helps ensure that your customers' devices are protected from risk. To check out this functionality, select **Devices** in the left navigation pane in Microsoft 365 Lighthouse, and then select the **Devices** tab. Look for the **Sync** and **Restart** options above the devices list. You can also access these options from the device details pane of any device.
### Capability to monitor and manage Windows 365 Cloud PCs
With the new baselines feature, you can now deploy standard configurations to he
- Configure Defender AV policy for Windows devices - Configure Compliance Policy for Windows devices
-To act on these deployment steps, select **Tenants** from the left navigation pane in Microsoft 365 lighthouse, select a tenant from the tenants list, and then select the **Deployment plan** tab.
+To act on these deployment steps, select **Tenants** in the left navigation pane in Microsoft 365 lighthouse, select a tenant from the list of tenants, and then select the **Deployment plan** tab.
## May 2021
lighthouse M365 Lighthouse Win365 Page Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-win365-page-overview.md
Once you've provisioned Cloud PCs for your customer tenant, the Windows 365 card
On the Overview tab, the colored count-annotation bar displays the total number of Cloud PCs or Azure network connections across all your customer tenants that have the following statuses: Failed network connections, Not provisioned, Provisioning failed, and Deprovisioning soon.
-You can see a breakdown of Cloud PC statuses for each customer tenant in the list below the annotation bar. To see which tenants have Cloud PCs with a specific status, select that status from the count-annotation bar to filter the list. To see Cloud PC statuses for one or more specific customer tenants, use the **Tenants** dropdown menu to filter the list.
+You can see a breakdown of Cloud PC statuses for each customer tenant in the list below the count-annotation bar. To see which tenants have Cloud PCs with a specific status, select that status from the count-annotation bar to filter the list. To see Cloud PC statuses for one or more specific customer tenants, use the **Tenants** dropdown menu to filter the list.
-To get detailed status information for a particular customer tenant, select a value under any of the status columns for that tenant. Depending on which column the value is in, the **Azure network connections** or **All cloud PCs** tab will open and show more information.
+To get detailed status information for a particular customer tenant, select a value under any of the status columns for that tenant. Depending on which column the value is in, the **Azure network connections** or **All Cloud PCs** tab will open and show more information.
The Overview tab also includes the following options:
The Overview tab also includes the following options:
On the All Cloud PCs tab, the colored count-annotation bar displays the total number of Cloud PCs across all your customer tenants that have the following statuses: Provisioned, Not provisioned, Provisioning failed, and Deprovisioning soon.
-You can view all Cloud PCs and their provisioning status in the list below the annotation bar. The following information is provided:
+You can view all Cloud PCs and their provisioning status in the list below the count-annotation bar. The following information is provided:
- **Cloud PC name:** Name assigned to the Cloud PC. - **User:** User for whom a Cloud PC has been provisioned or attempted to be provisioned.
lti Moodle Plugin Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/moodle-plugin-configuration.md
In this article, you'll learn how to install and configure the Moodle LMS plugin
Here are the prerequisites to set up an installed Moodle to work with Microsoft Teams:
-* Moodle administrator credentials.
-* Azure AD administrator credentials.
-* An Azure subscription where you can create new resources.
+- Moodle administrator credentials.
+- Azure AD administrator credentials.
+- An Azure subscription where you can create new resources.
## 1. Install the Microsoft 365 Moodle Plugins
Download and install the following items:
> > Also, we recommend installing the [Microsoft 365 Teams Theme](https://moodle.org/plugins/theme_boost_o365teams) plugin.
-### Microsoft 365 Moodle plugins
-
-#### Install plugins
+### Install plugins
1. Download the plugins, extract them, and upload to their corresponding folders.
- * Extract the OpenID Connect plugin (auth_oidc) to a folder called **oidc**, and upload to the **auth** folder of your Moodle document root.
- * Extract the Microsoft 365 Integration plugin (local_o365) to a folder called **o365**, and upload to the **local** folder of your Moodle document root.
+ - Extract the OpenID Connect plugin (auth_oidc) to a folder called **oidc**, and upload to the **auth** folder of your Moodle document root.
+ - Extract the Microsoft 365 Integration plugin (local_o365) to a folder called **o365**, and upload to the **local** folder of your Moodle document root.
1. Sign in to your Moodle site as an administrator and select **Site administration**. 1. Upon detection of new plugins to be installed, Moodle should redirect you to the install new plugins page. If this doesn't happen, in the **Site administration** page, select **Notifications** in the **General** tab, this action should trigger the installation of the plugins. 1. After the new plugins are installed, Moodle will show you a page with all new configurations from the installed plugins. You can safely skip this page by applying the default settings. The plugins will be configured in the following steps.
You must configure the connection between the Microsoft 365 plugins and Microsof
> [!NOTE] > While configuring the integration, keep your Microsoft 365 Moodle Integration configuration page open in a separate browser tab as you need to return to this set of pages throughout the process.
-### The Teams for Moodle set up process
-
-1. Create Azure app
- 1. Navigate to **Site Administration** > **Plugins** > **Local plugins** then select **Microsoft 365 Integration**. This will open the Microsoft 365 Integration configuration page.
-
- 1. From the Microsoft 365 Integration configuration page, select the **Setup** tab.
-
- 1. Select the **Download PowerShell Script** button and save it as a ZIP folder to your local computer.
-
- > [!NOTE]
- > Running the script creates a new Azure AD application in Microsoft 365 tenant, which sets up the required reply URLs and permissions, gives the required permissions, and returns the `AppID` and `Key`.
- >
- > The PowerShell script only works on Windows operation systems.
-
- 1. Prepare the PowerShell script from the ZIP file as follows:
- 1. Download and extract the `Moodle-AzureAD-Powershell.zip` file.
- 1. Open the extracted folder.
- 1. Right-click on the `Moodle-AzureAD-Script.ps1` file and select **Properties**.
- 1. Under the **General** tab of the Properties window, select the `Unblock` checkbox next to the **Security** attribute located at the bottom of the window.
- 1. Select **OK**.
- 1. Copy the directory path to the extracted folder.
-
- 1. Run PowerShell as an administrator:
- 1. In Windows, select **Start**.
- 1. Type `PowerShell`.
- 1. Right-click on **Windows PowerShell**.
- 1. Select **Run as Administrator**.
-
- 1. Navigate to the unzipped directory by typing `cd .../.../Moodle-AzureAD-Powershell` where `.../...` is the path to the directory.
-
- 1. Execute the PowerShell script:
- 1. Enter `./Moodle-AzureAD-Script.ps1`.
- 1. When asked, sign in to your Microsoft 365 administrator account in the pop-up window.
- 1. When asked, enter the name of the Azure AD Application, for example, Moodle or Moodle plugins.
- 1. When asked, enter the URL for your Moodle server.
- 1. When asked, enter the reply URL copied from the OpenID Connect authentication plugin configuration page. This is essentially the URL of your Moodle site, followed by `\auth\oidc\`.
- 1. You may be asked to sign in to your Microsoft 365 account again in a pop-up window in the process. This is to provide admin consent to the permissions added to the app for your organization.
- 1. When the script finishes execution, copy the **Application ID (`AppID`)** and **Application Key(`Key`)** generated by the script and save them.
-
-1. Set Azure app details in Moodle
- 1. Return to the OpenID Connect authentication plugin configuration page.
- 1. Paste the `AppID` value into the **Application ID** box and the `Key` value into the **Key** box, and then select **Save changes**.
-
-1. Configure connection between Microsoft plugins and Microsoft services
- 1. From the Microsoft 365 Integration configuration page, select the **Setup** tab.
- 1. In **Choose connection method**, select **Application access**, and then select **Save changes** again.
- 1. After the page refreshes, you can see another new section **Admin consent & additional information**.
- 1. Select **Provide Admin Consent** link, enter your Microsoft 365 Global Administrator credentials, then **Accept** to grant the permissions.
- 1. Next to the **Azure AD Tenant** field, select the **Detect** button.
- 1. Next to the **OneDrive for Business URL**, select the **Detect** button.
- 1. After the fields populate, select the **Save changes** button again.
-
- 1. Select the **Update** button to verify the installation. If no error is reported at this stage, it means the Microsoft plugins can communicate with Microsoft server via Microsoft Graph APIs.
-
-1. Configure user and course synchronization
- 1. Synchronize users between your Moodle server and Azure AD. Depending on your environment, you can select different options during this stage. To get started:
- 1. From the Microsoft 365 Integration configuration page, select the **Sync Settings** tab.
-
- 1. In the **Sync users with Azure AD** setting, select the checkboxes that apply to your environment. You must select the following options:
- Γ£ö Create accounts in Moodle for users in Azure AD.
- Γ£ö Update all accounts in Moodle for users in Azure AD.
-
- 1. In the **User Creation Restriction** section, you can set up a filter to limit the Azure AD users that are synced to Moodle.
-
- > [!NOTE]
- > It's not required to turn on user sync; however, it will make connecting Moodle users with Microsoft 365 accounts much easier.
- >
- > User sync is performed by running the **Sync users with Azure AD** scheduled task.
-
- 1. In the **Course Sync** section, you can select **Course sync customization** option to turn on the automatic creation of Teams for some or all of your existing Moodle courses.
-
- > [!NOTE]
- > Course sync is performed by running the **Sync Moodle courses to Microsoft Teams** scheduled task.
-
- 1. Save changes.
-
- 1. To validate sync configuration, you'll need to run the scheduled tasks manually for the first time, navigate to **Site administration** > **Server** > **Tasks** > **Scheduled tasks**.
-
- 1. Scroll down and find the task **Sync users with Azure AD** and select **Run now**.
- 1. This will sync Azure AD users to your Moodle site according to the user sync options.
- 1. Next, find the **Sync Moodle courses to Microsoft Teams** task and select **Run now**.
- 1. This task will create Groups for all Moodle courses with sync option turn on, and also Teams if a **Team owner** can be found in the course.
- 1. The task will also sync Moodle users enrolled in the course to Teams as owners or members.
- 1. A Team **owner** is a Moodle user who
- 1. is connected to a Microsoft 365 account, AND
- 2. is enrolled in the course, AND
- 3. has the `local/o365:teamowner` capability in the course context.
- 1. Similarly, a Team **member** is a Moodle user who
- 1. is connected to a Microsoft 365 account, AND
- 2. is enrolled in the course, AND
- 3. has the `local/o365:teamember` capability in the course context.
- 1. The default *Teacher* role has the `local/o365:teamowner` capability, and the default *Student* role has the `local/o365:teammember` capability.
+### Create Azure app
+
+1. Navigate to **Site Administration** > **Plugins** > **Local plugins** then select **Microsoft 365 Integration**. This will open the Microsoft 365 Integration configuration page.
+
+1. From the Microsoft 365 Integration configuration page, select the **Setup** tab.
+
+1. Select the **Download PowerShell Script** button and save it as a ZIP folder to your local computer.
+
+ > [!NOTE]
+ > Running the script creates a new Azure AD application in Microsoft 365 tenant, which sets up the required reply URLs and permissions, gives the required permissions, and returns the `AppID` and `Key`.
+ >
+ > The PowerShell script only works on Windows operation systems.
+
+1. Prepare the PowerShell script from the ZIP file as follows:
+ 1. Download and extract the `Moodle-AzureAD-Powershell.zip` file.
+ 1. Open the extracted folder.
+ 1. Right-click on the `Moodle-AzureAD-Script.ps1` file and select **Properties**.
+ 1. Under the **General** tab of the Properties window, select the `Unblock` checkbox next to the **Security** attribute located at the bottom of the window.
+ 1. Select **OK**.
+ 1. Copy the directory path to the extracted folder.
+
+1. Run PowerShell as an administrator:
+ 1. In Windows, select **Start**.
+ 1. Type `PowerShell`.
+ 1. Right-click on **Windows PowerShell**.
+ 1. Select **Run as Administrator**.
+
+1. Navigate to the unzipped directory by typing `cd .../.../Moodle-AzureAD-Powershell` where `.../...` is the path to the directory.
+
+1. Execute the PowerShell script:
+ 1. Enter `./Moodle-AzureAD-Script.ps1`.
+ 1. When asked, sign in to your Microsoft 365 administrator account in the pop-up window.
+ 1. When asked, enter the name of the Azure AD Application, for example, Moodle or Moodle plugins.
+ 1. When asked, enter the URL for your Moodle server.
+ 1. When asked, enter the reply URL copied from the OpenID Connect authentication plugin configuration page. This is essentially the URL of your Moodle site, followed by `\auth\oidc\`.
+ 1. You may be asked to sign in to your Microsoft 365 account again in a pop-up window in the process. This is to provide admin consent to the permissions added to the app for your organization.
+ 1. When the script finishes execution, copy the **Application ID (`AppID`)** and **Application Key(`Key`)** generated by the script and save them.
+
+### Set Azure app details in Moodle
+
+1. Return to the OpenID Connect authentication plugin configuration page.
+1. Paste the `AppID` value into the **Application ID** box and the `Key` value into the **Key** box, and then select **Save changes**.
+
+### Configure connection between Microsoft plugins and Microsoft services
+
+1. From the Microsoft 365 Integration configuration page, select the **Setup** tab.
+1. In **Choose connection method**, select **Application access**, and then select **Save changes** again.
+1. After the page refreshes, you can see another new section **Admin consent & additional information**.
+ 1. Select **Provide Admin Consent** link, enter your Microsoft 365 Global Administrator credentials, then **Accept** to grant the permissions.
+ 1. Next to the **Azure AD Tenant** field, select the **Detect** button.
+ 1. Next to the **OneDrive for Business URL**, select the **Detect** button.
+ 1. After the fields populate, select the **Save changes** button again.
+1. Select the **Update** button to verify the installation. If no error is reported at this stage, it means the Microsoft plugins can communicate with Microsoft server via Microsoft Graph APIs.
+
+### Configure user and course synchronization
+
+1. Synchronize users between your Moodle server and Azure AD. Depending on your environment, you can select different options during this stage. To get started:
+ 1. From the Microsoft 365 Integration configuration page, select the **Sync Settings** tab.
+
+ 1. In the **Sync users with Azure AD** setting, select the checkboxes that apply to your environment. You must select the following options:
+ Γ£ö Create accounts in Moodle for users in Azure AD.
+ Γ£ö Update all accounts in Moodle for users in Azure AD.
+
+ 1. In the **User Creation Restriction** section, you can set up a filter to limit the Azure AD users that are synced to Moodle.
> [!NOTE]
- > The scheduled tasks are triggered by [Moodle Cron](https://docs.moodle.org/400/en/Cron), which needs to be configured to run frequently. Each scheduled task can have a default schedule, which can be customized.
+ > It's not required to turn on user sync; however, it will make connecting Moodle users with Microsoft 365 accounts much easier.
>
- > * The default schedule of the **Sync users with Azure AD** task is every minute.
- > * The default schedule of the **Sync Moodle courses to Microsoft Teams** task is daily at 1am in the Moodle server default time zone.
+ > User sync is performed by running the **Sync users with Azure AD** scheduled task.
+
+1. In the **Course Sync** section, you can select **Course sync customization** option to turn on the automatic creation of Teams for some or all of your existing Moodle courses.
+
+ > [!NOTE]
+ > Course sync is performed by running the **Sync Moodle courses to Microsoft Teams** scheduled task.
+
+1. Save changes.
+
+1. To validate sync configuration, you'll need to run the scheduled tasks manually for the first time, navigate to **Site administration** > **Server** > **Tasks** > **Scheduled tasks**.
+
+ 1. Scroll down and find the task **Sync users with Azure AD** and select **Run now**.
+ 1. This will sync Azure AD users to your Moodle site according to the user sync options.
+ 1. Next, find the **Sync Moodle courses to Microsoft Teams** task and select **Run now**.
+ 1. This task will create Groups for all Moodle courses with sync option turn on, and also Teams if a **Team owner** can be found in the course.
+ 1. The task will also sync Moodle users enrolled in the course to Teams as owners or members.
+ 1. A Team **owner** is a Moodle user who
+ 1. is connected to a Microsoft 365 account, AND
+ 2. is enrolled in the course, AND
+ 3. has the `local/o365:teamowner` capability in the course context.
+ 1. Similarly, a Team **member** is a Moodle user who
+ 1. is connected to a Microsoft 365 account, AND
+ 2. is enrolled in the course, AND
+ 3. has the `local/o365:teamember` capability in the course context.
+ 1. The default *Teacher* role has the `local/o365:teamowner` capability, and the default *Student* role has the `local/o365:teammember` capability.
+
+> [!NOTE]
+> The scheduled tasks are triggered by [Moodle Cron](https://docs.moodle.org/400/en/Cron), which needs to be configured to run frequently. Each scheduled task can have a default schedule, which can be customized.
+>
+> - The default schedule of the **Sync users with Azure AD** task is every minute.
+> - The default schedule of the **Sync Moodle courses to Microsoft Teams** task is daily at 1am in the Moodle server default time zone.
After the plugins are installed and configured, you can:
-* [Deploy Moodle Assistant Bot to Azure](/microsoftteams/install-moodle-integration#step-3-deploy-the-moodle-assistant-bot-to-azure).
-* [Add Moodle tabs to Teams classes](/microsoftteams/install-moodle-integration#step-4-deploy-your-microsoft-teams-app).
-* [Add Teams classes and meetings to the Moodle LMS](teams-classes-meetings-with-moodle.md).
+- [Deploy Moodle Assistant Bot to Azure](/microsoftteams/install-moodle-integration#step-3-deploy-the-moodle-assistant-bot-to-azure).
+- [Add Moodle tabs to Teams classes](/microsoftteams/install-moodle-integration#step-4-deploy-your-microsoft-teams-app).
+- [Add Teams classes and meetings to the Moodle LMS](teams-classes-meetings-with-moodle.md).
## Extra Moodle plugin documentation If you would like to review Moodle's Microsoft 365 integration guides and release notes, see these resources:
-* [Microsoft 365 integration documentation on Moodle Docs](https://docs.moodle.org/400/en/Microsoft_365).
+- [Microsoft 365 integration documentation on Moodle Docs](https://docs.moodle.org/400/en/Microsoft_365).
lti Open Lms Plugin Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/open-lms-plugin-configuration.md
Title: Set up and configure the Moodle plugin for Open LMS
+ Title: Set up and configure the Moodle LMS plugins for Open LMS
f1.keywords:
- CSH ms.localizationpriority: medium
-description: Get ready to integrate One LMS and Microsoft Teams by setting up and configuring the Moodle plugin.
+description: Get ready to integrate Open LMS and Microsoft Teams by setting up and configuring the Moodle LMS plugins.
-# Set up and configure the Moodle plugin
+# Set up and configure the Moodle LMS plugins for Open LMS
-In this article, you'll learn how to install and configure the Moodle plugin to incorporate Microsoft Teams with your Open LMS experience.
+In this article, you'll learn how to install and configure the Moodle LMS plugins to integrate Microsoft Teams with your Open LMS experience.
## Prerequisites
-Here are the prerequisites to install the Moodle plugin:
+To set up and configure an installed Open LMS to work with Microsoft Teams:
-* Moodle administrator credentials.
-* Microsoft Azure Active Directory (Azure AD) administrator credentials.
-* An Azure subscription where you can create new resources.
+- Verify the [Moodle OpenID Connect](https://moodle.org/plugins/auth_oidc) and the [Microsoft 365 integration](https://moodle.org/plugins/local_o365) plugins are active.
-## 1. Install the Microsoft 365 Moodle Plugin
+## Configure the connection between the Microsoft 365 plugins and Microsoft services
-Open LMS integration in Microsoft Teams is powered by the open source [Microsoft 365 Moodle plugin set](https://moodle.org/plugins/browse.php?list=set&id=72).
+You must configure the connection between the Microsoft 365 plugins and Microsoft services before they can work together.
-### Requisite applications and plugins
+> [!NOTE]
+> While configuring the integration, keep your Microsoft 365 integration configuration page open in a separate browser tab because you'll need to return to these pages throughout the process.
-Install and download the following items before proceeding with the Microsoft 365 Moodle plugin installation:
+### Enable the OpenID Connect authentication plugin
-1. A [current stable version of Moodle](https://download.moodle.org/releases/latest/).
-1. Download and save the Moodle [OpenID Connect](https://moodle.org/plugins/auth_oidc) and the [Microsoft 365 Integration](https://moodle.org/plugins/local_o365) plugins to your local computer.
-
- > [!NOTE]
- > Installing the OpenID Connect and Microsoft 365 Integration plugins is required for the Teams integration.
- >
- > The [Microsoft 365 Teams Theme](https://moodle.org/plugins/theme_boost_o365teams) plugin is recommended.
-
-### Microsoft 365 Moodle plugins
-
-#### Install plugins
-
-1. Download the plugins, extract them, and upload to their corresponding folders. For example, extract the OpenID Connect plugin (auth_oidc) to a folder called **oidc**, and upload to the **auth** folder of your Moodle document root.
-2. Sign in to your Moodle site as an administrator and select **Site administration**.
-3. Upon detection of new plugins to be installed, Moodle should redirect you to the install new plugins page. If this doesn't happen, in the **Site administration** page, select **Notifications** in the **General** tab as this should trigger the installation of the plugins.
-
- > [!IMPORTANT]
- >
- > * Keep your Microsoft 365 Moodle Plugins configuration page open in a separate browser tab as you need to return to this set of pages throughout the process.
- >
- > * If you don't have an existing Moodle site, go to the [Moodle on Azure](https://github.com/azure/moodle) repo, and quickly deploy a Moodle instance and customize it to your needs.
-
-#### Enable the OpenID Connect authentication plugin
+In order for the Moodle plugins to communicate with Microsoft services, the OpenID Connect authentication plugin needs to be turned on and configured.
1. Navigate to **Site Administration** > **Plugins** > **Authentication** then select **Manage Authentication**.
-1. Find the **OpenID Connect** authentication plugin and select the *eye icon* to enable it.
+1. Find the **OpenID Connect** authentication plugin and select the *eye icon* to turn it on.
1. Select **Settings** for the plugin to verify the **Authorization** and **Token** endpoints. 1. The default values should be: 1. Authorization endpoint: ``https://login.microsoftonline.com/common/oauth2/authorize``. 1. Token endpoint: ``https://login.microsoftonline.com/common/oauth2/token``. 1. Record the **Redirect URI** for later use.
-## 2. Configure the connection between the Microsoft 365 plugins and Azure AD
-
-You must configure the connection between the Microsoft 365 plugins and Azure AD.
+> [!NOTE]
+> It isn't required for all Open LMS users to use the OpenID Connect authentication plugin as their authentication method; however, if they use other authentication methods, their Open LMS accounts needs to be *connected* to their corresponding Microsoft accounts before they can use certain features in the Teams integration, like syncing Teams ownership and membership.
### Requisites
-Register Moodle as an application in your Azure AD, using the PowerShell script. The script provisions the following items:
+Register Open LMS as an application in your Azure AD using the PowerShell script. The script provisions the following items:
-* A new Azure AD application for your Microsoft 365 tenant, which is used by the Microsoft 365 Moodle Plugins.
-* The app for your Microsoft 365 tenant sets up the required reply URLs and permissions for the provisioned app and returns the `AppID` and `Key`.
-
-Use the generated `AppID` and `Key` in your Microsoft 365 Moodle Plugins setup page to configure your Moodle server site with Azure AD.
+- A new Azure AD application for your Microsoft 365 tenant, which is used by the Microsoft 365 Moodle plugins.
+- The app for your Microsoft 365 tenant sets up the required reply URLs and permissions for the provisioned app and returns the `AppID` and `Key`.
+- On operating systems that aren't Windows, you should only follow the manual process to register your Open LMS instance in Azure. Check the *Important* alert section below for details.
> [!IMPORTANT]
-> For more information on registering your Moodle instance manually, see [Register your Moodle instance as an application](https://docs.moodle.org/400/en/Microsoft_365#Azure_App_Creation_and_Configuration).
+> For more information on registering your Open LMS instance manually, see [Register your Open LMS instance as an application](https://docs.moodle.org/400/en/Microsoft_365#Azure_App_Creation_and_Configuration).
+>
+> Once you register your app, verify that all the Azure app permissions are applied. For more information, see [Azure app permissions](https://docs.moodle.org/400/en/Microsoft_365#Azure_app_permissions).
+
+### Register application in Azure using PowerShell
+
+#### Step 1: Create Azure app
-### Teams for Open LMS setup process
+1. Navigate to **Site Administration** > **Plugins** > **Local plugins** then select **Microsoft 365 Integration**. This will open the Microsoft 365 Integration configuration page.
-1. From the Microsoft 365 Integration plugins page, select the **Setup** tab.
+1. From the Microsoft 365 Integration configuration page, select the **Setup** tab.
1. Select the **Download PowerShell Script** button and save it as a ZIP folder to your local computer.
-1. Prepare the PowerShell script from the ZIP file as follows:
+ > [!NOTE]
+ > Running the script creates a new Azure AD application in Microsoft 365 tenant, which sets up the required reply URLs and permissions, gives the required permissions, and returns the `AppID` and `Key`.
+ >
+ > The script doesn't work in PowerShell on operating systems that aren't Windows.
+1. Prepare the PowerShell script from the ZIP file as follows:
1. Download and extract the `Moodle-AzureAD-Powershell.zip` file. 1. Open the extracted folder. 1. Right-click on the `Moodle-AzureAD-Script.ps1` file and select **Properties**.
Use the generated `AppID` and `Key` in your Microsoft 365 Moodle Plugins setup p
1. Copy the directory path to the extracted folder. 1. Run PowerShell as an administrator:-
- 1. Select Start.
- 1. Type PowerShell.
+ 1. In Windows, open the start menu.
+ 1. Type `PowerShell`.
1. Right-click on **Windows PowerShell**. 1. Select **Run as Administrator**. 1. Navigate to the unzipped directory by typing `cd .../.../Moodle-AzureAD-Powershell` where `.../...` is the path to the directory. 1. Execute the PowerShell script:-
- 1. Enter `Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser`.
1. Enter `./Moodle-AzureAD-Script.ps1`.
- 1. Sign in to your Microsoft 365 administrator account in the pop-up window.
- 1. Enter the name of the Azure AD Application, for example, Moodle or Moodle plugins.
- 1. Enter the URL for your Moodle server.
- 1. Copy the **Application ID (`AppID`)** and **Application Key(`Key`)** generated by the script and save them.
+ 1. When asked, sign in to your Microsoft 365 administrator account in the pop-up window.
+ 1. When asked, enter the name of the Azure AD Application. For example, Open LMS, Moodle, or Moodle plugins.
+ 1. When asked, enter the URL for your Open LMS server.
+ 1. When asked, enter the reply URL copied from the OpenID Connect authentication plugin configuration page. This is the URL of your Open LMS site followed by `\auth\oidc\`.
+ 1. You may be asked to sign in to your Microsoft 365 account again in a pop-up window in the process. This is to provide admin consent to the permissions added to the app for your organization.
+ 1. When the script finishes execution, copy the **Application ID (`AppID`)** and **Application Key(`Key`)** generated by the script and save them.
-1. Return to the plugins administration page, **Site administration** > **Plugins** > **Authentication** > **OpenID Connect**.
+#### Step 2: Set Azure app details in OpenID Connect
+1. Return to the OpenID Connect authentication plugin configuration page.
1. Paste the `AppID` value into the **Application ID** box and the `Key` value into the **Key** box, and then select **Save changes**.
-1. Navigate to **Site administration** > **Plugins** > **Local plugins** and select **Microsoft 365 Integration**.
+#### Step 3: Configure connection between Microsoft plugins and Microsoft services
+1. From the Microsoft 365 Integration configuration page, select the **Setup** tab.
1. In **Choose connection method**, select **Application access**, and then select **Save changes** again.- 1. After the page refreshes, you can see another new section **Admin consent & additional information**. 1. Select **Provide Admin Consent** link, enter your Microsoft 365 Global Administrator credentials, then **Accept** to grant the permissions. 1. Next to the **Azure AD Tenant** field, select the **Detect** button. 1. Next to the **OneDrive for Business URL**, select the **Detect** button. 1. After the fields populate, select the **Save changes** button again.
+1. Select the **Update** button to verify the installation. If no error is reported at this stage, it means the Microsoft plugins can communicate with Microsoft server via Microsoft Graph APIs.
-1. Select the **Update** button to verify the installation, and then select **Save changes**.
+#### Step 4: Configure user and course synchronization
-1. Synchronize users between your Moodle server and Azure AD. Depending on your environment, you can select different options during this stage. To get started:
- 1. Switch to the **Sync Settings tab**.
+1. Synchronize users between your Open LMS server and Azure AD. Depending on your environment, you can select different options during this stage. To get started:
- 1. In the **Sync users with Azure AD** section, select the checkboxes that apply to your environment. You must select the following options:
+ 1. From the Microsoft 365 Integration configuration page, select the **Sync Settings** tab.
+ 1. In the **Sync users with Azure AD** setting, select the checkboxes that apply to your environment. You must select the following options:
Γ£ö Create accounts in Open LMS for users in Azure AD.- Γ£ö Update all accounts in Open LMS for users in Azure AD. 1. In the **User Creation Restriction** section, you can set up a filter to limit the Azure AD users that are synced to Open LMS.
- 1. In the **Course Sync** section, you can select **Course sync customization** option to enable the automatic creation of Groups and Teams for some, or all, of your existing Open LMS courses.
-1. To validate [cron](https://docs.moodle.org/400/en/Cron) tasks and to run them manually for the first time, navigate to **Site administration** > **Server** > **Tasks** > **Scheduled tasks**.
+ > [!NOTE]
+ > It isn't absolutely required to enable user sync; however, it'll make connecting Open LMS users with Microsoft 365 accounts much easier.
+ >
+ > User sync is performed by running the **Sync users with Azure AD** scheduled task.
- 1. Scroll down and find the task **Sync users with Azure AD** and select **Run now**.
- 1. This process will sync the Azure AD user to your Open LMS site.
- 1. Next, find the **Sync Moodle courses to Microsoft Teams** task and select **Run now**.
- 1. This task will create groups and Teams if an owner is found.
- 1. If the user has `local/o365:teamowner` capability in the course context, the user is a team owner. If the user has `local/o365:teammember` capability in the course context, the user is a team member.
- 1. The default *Teacher* role has the `local/o365:teamowner` capability, and the default *Student* role has the `local/o365:teammember` capability.
+1. In the **Course Sync** section, you can select **Course sync customization** option to enable the automatic creation of Teams for some or all of your existing Open LMS courses.
> [!NOTE]
- > The Moodle [Cron](https://docs.moodle.org/400/en/Scheduled_tasks) runs according to the task schedule. The default schedule is once a day at 1:00 AM in your server's local time zone. However, the cron should run more frequently to keep everything in sync.
+ > Course sync is performed by running the **Sync Moodle courses to Microsoft Teams** scheduled task.
-1. Navigate to **Site administration** > **Plugins** > **Local plugins** > **Microsoft 365 Integration** > **Teams Settings** tab.
+1. Save changes.
-1. Select the **Check Moodle settings** button will update all required configurations for the Teams integration to work.
+1. To validate sync configuration, you'll need to run the scheduled tasks manually for the first time. Navigate to **Site administration** > **Server** > **Tasks** > **Scheduled tasks**.
+
+ 1. Scroll down and find the task **Sync users with Azure AD** and select **Run now**.
+ 1. This will sync Azure AD users to your Open LMS site according to the user sync options.
+ 1. Next, find the **Sync Moodle courses to Microsoft Teams** task and select **Run now**.
+ 1. This task will create groups for all Open LMS courses with sync option turn on, and also Teams if a **Team owner** can be found in the course.
+ 1. This task will also sync Open LMS users enrolled in the course to Teams as owners or members.
+ 1. A Team **owner** is an Open LMS user who meets all of the following criteria:
+ 1. is connected to a Microsoft 365 account.
+ 2. is enrolled in the course.
+ 3. has the `local/o365:teamowner` capability in the course context.
+ 1. Similarly, a Team **member** is an Open LMS user who meets all of the following criteria:
+ 1. is connected to a Microsoft 365 account.
+ 2. is enrolled in the course.
+ 3. has the `local/o365:teamember` capability in the course context.
+ 1. The default *Teacher* role has the `local/o365:teamowner` capability, and the default *Student* role has the `local/o365:teammember` capability.
+
+> [!NOTE]
+> The scheduled tasks are triggered by [Moodle Cron](https://docs.moodle.org/400/en/Cron), which needs to be configured to run frequently. Each scheduled task can have a default schedule and can be customized.
+>
+> - The default schedule of the **Sync users with Azure AD** task is every minute.
+> - The default schedule of the **Sync Moodle courses to Microsoft Teams** task is daily at 1 am in the Open LMS server default time zone.
After the plugins are installed and configured, you can:
-* [Deploy Moodle Assistant Bot to Azure](/microsoftteams/install-moodle-integration#step-3-deploy-the-moodle-assistant-bot-to-azure).
-* [Add Moodle tabs to Teams classes](/microsoftteams/install-moodle-integration#step-4-deploy-your-microsoft-teams-app).
-* [Add Teams classes and meetings to Open LMS](open-lms-teams-classes-and-meetings.md).
+- [Add Teams classes and meetings to Open LMS](open-lms-teams-classes-and-meetings.md).
+- [Deploy Moodle Assistant Bot to Azure](/microsoftteams/install-moodle-integration#step-3-deploy-the-moodle-assistant-bot-to-azure).
+- [Add Moodle tabs to Teams classes](/microsoftteams/install-moodle-integration#step-4-deploy-your-microsoft-teams-app).
## Extra Moodle plugin documentation If you would like to review Open LMS's Microsoft 365 integration guides and release notes, see these resources:
-* [Microsoft 365 integration documentation on Moodle Docs](https://docs.moodle.org/400/en/Microsoft_365).
+- [Microsoft 365 integration documentation on Moodle Docs](https://docs.moodle.org/400/en/Microsoft_365).
lti Open Lms Teams Classes And Meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/open-lms-teams-classes-and-meetings.md
For details on managing all LTI apps for any LMS, see [Manage Microsoft LMS Gate
For the integration between Open LMS and Teams to function correctly, Open LMS and Teams must be set up to communicate with one another.
-Follow the [instructions for installing and configuring the Moodle plugin](open-lms-plugin-configuration.md).
+Follow the [instructions for installing and configuring the Moodle LMS plugins](open-lms-plugin-configuration.md).
## Register Microsoft Teams LTI for use in Open LMS
security Compare Mdb M365 Plans https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/compare-mdb-m365-plans.md
Microsoft offers a wide variety of cloud solutions and services, including plans
**Use this article to**: -- [Compare Defender for Business (standalone) to Microsoft 365 Business Premium](#compare-security-features-in-microsoft-defender-for-business-to-microsoft-365-business-premium).
+- [Compare Microsoft Defender for Business to Microsoft 365 Business Premium](#compare-microsoft-defender-for-business-to-microsoft-365-business-premium).
- [Compare Defender for Business (standalone) to Defender for Endpoint enterprise offerings](#compare-microsoft-defender-for-business-to-microsoft-defender-for-endpoint-plans-1-and-2). > [!TIP]
-> Defender for Business is available as a standalone security solution for small and medium-sized businesses. It's also included in Microsoft 365 Business Premium. If you already have Microsoft 365 Business Basic or Standard, consider either upgrading to Microsoft 365 Business Premium, or adding Defender for Business to your subscription to get more threat protection capabilities for your devices.
+> Defender for Business is available as a standalone security solution for small and medium-sized businesses. Defender for Business is now included in Microsoft 365 Business Premium. If you already have Microsoft 365 Business Basic or Standard, consider either upgrading to Microsoft 365 Business Premium or adding Defender for Business to your current subscription to get more threat protection capabilities for your devices.
-## Compare security features in Microsoft Defender for Business to Microsoft 365 Business Premium
+## Compare Microsoft Defender for Business to Microsoft 365 Business Premium
> [!NOTE]
-> This article provides a high-level overview of threat protection features included in Microsoft Defender for Business (as a standalone plan) and Microsoft 365 Business Premium (which includes Defender for Business). It's not intended to be a service description or licensing contract document. For more detailed information, see [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
-
-Defender for Business is also available as a standalone subscription, and is also included in Microsoft 365 Business Premium. The following table compares security features and capabilities in Defender for Business (standalone) to Microsoft 365 Business Premium.
-
-|Feature/capability|[Microsoft Defender for Business](mdb-overview.md)<br/>(standalone)|[Microsoft 365 Business Premium](../../business/microsoft-365-business-overview.md)<br/>(includes Defender for Business)|
-||||
-|Email protection|Yes <br/>[Email scanning with Microsoft Defender Antivirus](../defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md)|Yes <ul><li>[Exchange Online Protection](../office-365-security/exchange-online-protection-overview.md)</li><li>[Email scanning with Microsoft Defender Antivirus](../defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md)</li></ul>|
-|Antispam protection|Yes<br/>For devices|Yes <ul><li>For devices</li><li>For Microsoft 365 email content, such as messages and attachments</li></ul>|
-|Antimalware protection|Yes<br/>For devices|Yes<ul><li>For devices</li><li>For Microsoft 365 email content, such as messages and attachments</li></ul>|
-|[Next-generation protection](../defender-endpoint/microsoft-defender-antivirus-in-windows-10.md) <br/> (antivirus and antimalware protection for onboarded devices)|Yes |Yes |
-|[Attack surface reduction](../defender-endpoint/overview-attack-surface-reduction.md) <br/>(ASR rules in Windows 10 or later and firewall protection)|Yes|Yes|
-|[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) <br/>(behavior-based detection and manual response actions)|Yes|Yes|
-|[Automated investigation and response](../defender-endpoint/automated-investigations.md)|Yes|Yes|
-|[Threat & vulnerability management](../defender-endpoint/tvm-dashboard-insights.md)|Yes|Yes|
-|Centralized management and reporting|Yes|Yes|
-|[APIs](../defender-endpoint/apis-intro.md) <br/>(for integration with custom apps or reporting solutions)|Yes|Yes|
+> This article provides a high-level overview of features and capabilities that are included in Microsoft Defender for Business (as a standalone plan) and Microsoft 365 Business Premium (which includes Defender for Business). It's not intended to be a service description or licensing contract document. For more detailed information, see [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
+
+| Microsoft Defender for Business (standalone) | Microsoft 365 Business Premium |
+|:|:|
+| Antivirus, antimalware, and ransomware protection capabilities for devices include: <ul><li>[Next-generation protection](../defender-endpoint/microsoft-defender-antivirus-in-windows-10.md) (antivirus/antimalware protection on devices together with cloud protection)</li><li>[Attack surface reduction](../defender-endpoint/overview-attack-surface-reduction.md) (network protection, firewall, and attack surface reduction rules) <sup>[[a](#fna)]</sup></li><li>[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) (behavior-based detection and manual response actions)</li><li>[Automated investigation and response](../defender/m365d-autoir.md) (with self-healing for detected threats)</li><li>[Threat and vulnerability management](mdb-view-tvm-dashboard.md) (view exposed devices and recommendations)</li><li>[Cross-platform support for devices](mdb-onboard-devices.md) (Windows, Mac, iOS, and Android) <sup>[[b](#fnb)]</sup></li><li>[Centralized management and reporting](mdb-get-started.md) (Microsoft 365 Defender portal)</li><li>[APIs for integration](../defender-endpoint/management-apis.md) (for Microsoft partners or your custom tools and apps)</li></ul><br/><br/><br/><br/><br/><br/><br/> | Productivity and security capabilities include:<ul><li>[Microsoft 365 Business Standard](../../admin/admin-overview/what-is-microsoft-365-for-business.md) (Office apps and services, and Microsoft Teams)</li><li>[Shared computer activation](/deployoffice/overview-shared-computer-activation) (for deploying Microsoft 365 Apps)</li><li>[Windows 10/11 Business](../../business-premium/m365bp-upgrade-windows-10-pro.md) (upgrade from previous versions of Windows Pro)</li><li>[Windows Autopilot](/mem/autopilot/windows-autopilot) (for setting up and configuring Windows devices)</li><li>[Exchange Online Protection](../office-365-security/exchange-online-protection-overview.md) (antiphishing, antispam, antimalware, and spoof intelligence for email)</li><li>[Defender for Business](mdb-overview.md) (everything listed in the "Defender for Business (standalone)" column) </li><li>[Microsoft Defender for Office 365 Plan 1](../office-365-security/overview.md) (advanced antiphishing, real-time detections, Safe Attachments, Safe Links)</li><li>[Auto-expanding archiving](../../compliance/autoexpanding-archiving.md) (for email)</li><li>[Azure Active Directory Premium Plan 1](/azure/active-directory/fundamentals/active-directory-whatis) (identity management)</li><li>[Microsoft Intune](/mem/intune/fundamentals/what-is-intune) (device onboarding and management)</li><li>[Azure Information Protection Premium Plan 1](/azure/information-protection/what-is-information-protection) (protection for sensitive information)</li><li>[Azure Virtual Desktop](/azure/virtual-desktop/overview) (centrally managed, secure virtual machines in the cloud)</li></ul> |
+
+(<a id="fna">a</a>) Microsoft Intune is required to modify or customize attack surface reduction rules. Intune is included in Microsoft 365 Business Premium.
+
+(<a id="fnb">b</a>) Microsoft Intune is required to onboard iOS and Android devices. See [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md).
## Compare Microsoft Defender for Business to Microsoft Defender for Endpoint Plans 1 and 2
Defender for Business brings the enterprise-grade capabilities of Defender for E
(<a id="fn7">7</a>) The ability to view incidents across tenants using Defender for Endpoint is new!
+Also see [Compare Microsoft endpoint security plans](../defender-endpoint/defender-endpoint-plan-1-2.md).
+ ## Next steps - [See the requirements for Microsoft Defender for Business](mdb-requirements.md)
security Mdb Configure Security Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-configure-security-settings.md
ms.localizationpriority: medium
f1.keywords: NOCSH -- SMB-- M365-security-compliance-- m365-initiative-defender-business
+ - SMB
+ - M365-security-compliance
+ - m365solution-mdb-setup
# View and edit security policies and settings in Microsoft Defender for Business
security Mdb Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-email-notifications.md
ms.technology: mdb
ms.localizationpriority: medium f1.keywords: NOCSH -+
+ - M365-security-compliance
+ - m365solution-mdb-setup
# Set up email notifications
security Mdb Onboard Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-onboard-devices.md
ms.prod: m365-security ms.technology: mdb ms.localizationpriority: medium Last updated : 07/28/2022 f1.keywords: NOCSH -- SMB-- M365-security-compliance-- m365-initiative-defender-business
+ - SMB
+ - M365-security-compliance
+ - m365solution-mdb-setup
# Onboard devices to Microsoft Defender for Business
See the following resources to get help enrolling these devices into Intune:
After a device is enrolled in Intune, you can add it to a device group. [Learn more about device groups in Defender for Business](mdb-create-edit-device-groups.md).
+## View a list of onboarded devices
+
+To view the list of devices that are onboarded to Defender for Business, go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). On the navigation pane, under **Endpoints**, choose **Device inventory**.
+ ## Next steps - If you have other devices to onboard, select the tab for those devices ([Windows 10 and 11, Mac, Servers, or Mobile devices](#what-to-do)), and follow the guidance on that tab.
security Mdb Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-overview.md
# What is Microsoft Defender for Business?
-Defender for Business is a new endpoint security solution that was designed especially for the small and medium-sized business (up to 300 employees). With this endpoint security solution, your company's devices are better protected from ransomware, malware, phishing, and other threats.
+Defender for Business is a new endpoint security solution that was designed especially for the small- and medium-sized business (up to 300 employees). With this endpoint security solution, your company's devices are better protected from ransomware, malware, phishing, and other threats.
This article describes what's included in Defender for Business, with links to learn more about these features and capabilities.
-## Video: Enterprise-grade protection for small and medium-sized businesses
+## Video: Enterprise-grade protection for small- and medium-sized businesses
Watch the following video to learn more about Defender for Business: <br/><br/>
Watch the following video to learn more about Defender for Business: <br/><br/>
With Defender for Business, you can help protect the devices and data your business uses with: -- **Enterprise-grade security**. Defender for Business brings powerful endpoint security capabilities from our industry-leading [Microsoft Defender for Endpoint](../defender-endpoint/microsoft-defender-endpoint.md) solution and optimizes those capabilities for IT administrators to support small and medium-sized businesses.
+- **Enterprise-grade security**. Defender for Business brings powerful endpoint security capabilities from our industry-leading [Microsoft Defender for Endpoint](../defender-endpoint/microsoft-defender-endpoint.md) solution and optimizes those capabilities for IT administrators to support small- and medium-sized businesses.
- **An easy-to-use security solution**. Defender for Business offers streamlined experiences that guide you to action with recommendations and insights into the security of your endpoints. No specialized knowledge is required, because Defender for Business offers wizard-driven configuration and default security policies that are designed to help protect your company's devices from day one.
security Mdb Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-requirements.md
ms.localizationpriority: medium
f1.keywords: NOCSH -- SMB-- M365-security-compliance-- m365-initiative-defender-business
+ - SMB
+ - M365-security-compliance
+ - m365solution-mdb-setup
# Microsoft Defender for Business requirements
security Mdb Roles Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-roles-permissions.md
ms.localizationpriority: medium
f1.keywords: NOCSH -- SMB-- M365-security-compliance
+ - SMB
+ - M365-security-compliance
+ - m365solution-mdb-setup
# Assign roles and permissions in Microsoft Defender for Business
security Mdb Setup Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-setup-configuration.md
ms.localizationpriority: medium
f1.keywords: NOCSH -- SMB-- M365-security-compliance-- m365-initiative-defender-business
+ - SMB
+ - M365-security-compliance
+ - m365solution-mdb-setup
# Set up and configure Microsoft Defender for Business
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
#### [Maintenance and operations](mde-p1-maintenance-operations.md) ### [Microsoft Defender for Endpoint for US Government customers](gov.md) ### [Microsoft Defender for Endpoint on non-Windows platforms](non-windows.md)
+### [Antivirus solution compatibility with Defender for Endpoint](defender-compatibility.md)
## [Evaluate capabilities](evaluation-lab.md)
#### [Onboarding using Microsoft Endpoint Manager](onboarding-endpoint-manager.md) ## [Migration guides](migration-guides.md)
+### [Migrate Defender for Endpoint servers to Defender for Cloud](migrating-mde-server-to-cloud.md)
### [Move to Defender for Endpoint](switch-to-mde-overview.md) #### [Phase 1: Prepare](switch-to-mde-phase-1.md) #### [Phase 2: Setup](switch-to-mde-phase-2.md)
#### [Permissions]() ##### [Use basic permissions to access the portal](basic-permissions.md)
+##### [Assign user access to Microsoft Defender Security Center](assign-portal-access.md)
##### [Manage portal access using RBAC](rbac.md) ###### [Create and manage roles](user-roles.md) ###### [Create and manage device groups](machine-groups.md)
###### [Enable attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-implement.md) ###### [Operationalize attack surface reduction (ASR) rules](attack-surface-reduction-rules-deployment-operationalize.md) ##### [Attack surface reduction (ASR) rules reference](attack-surface-reduction-rules-reference.md)
+##### [Troubleshoot attack surface reduction (ASR) rules](troubleshoot-asr-rules.md)
##### [Enable ASR rules alternate configuration methods](enable-attack-surface-reduction.md)
-##### [Attack surface reduction FAQ](attack-surface-reduction-faq.yml)
+#### [Attack surface reduction FAQ](attack-surface-reduction-faq.yml)
#### [Controlled folder access]() ##### [Protect folders](controlled-folders.md) ##### [Evaluate controlled folder access](evaluate-controlled-folder-access.md)
##### [Enable exploit protection](enable-exploit-protection.md) ##### [Customize exploit protection](customize-exploit-protection.md) ##### [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
+##### [Troubleshoot exploit protection mitigations](troubleshoot-exploit-protection-mitigations.md)
##### [Exploit protection reference](exploit-protection-reference.md) #### [Network protection]() ##### [Protect your network](network-protection.md)
### Next-generation protection #### [Next-generation protection overview](next-generation-protection.md) ##### [Overview of Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md)
+##### [Microsoft Defender Antivirus in Windows](microsoft-defender-antivirus-windows.md)
##### [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md) ##### [Better together: Microsoft Defender Antivirus and Office 365](office-365-microsoft-defender-antivirus.md) #### [Evaluate Microsoft Defender Antivirus](evaluate-microsoft-defender-antivirus.md)
##### [Specify the cloud protection level](specify-cloud-protection-level-microsoft-defender-antivirus.md) ##### [Cloud protection and sample submission](cloud-protection-microsoft-antivirus-sample-submission.md) #### [Configure and validate Microsoft Defender Antivirus network connections](configure-network-connections-microsoft-defender-antivirus.md)
+#### [Specify additional definition sets for network traffic inspection](specify-additional-definitions-network-traffic-inspection-mdav.md)
#### [Protect security settings with tamper protection](prevent-changes-to-security-settings-with-tamper-protection.md) #### [Turn on block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) #### [Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md)
##### [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md) ##### [Specify whether users can locally modify Microsoft Defender Antivirus policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) ##### [Specify whether users can see or interact with Microsoft Defender Antivirus user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md)
+##### [Turn on definition retirement](turn-on-definition-retirement.md)
#### [Deploy and report on Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) ##### [Deploy and enable Microsoft Defender Antivirus](deploy-microsoft-defender-antivirus.md)
##### [Device health and compliance reports](machine-reports.md) ##### [Troubleshoot performance issues related to real-time protection](troubleshoot-performance-issues.md) ##### [Troubleshoot Microsoft Defender Antivirus reporting in Update Compliance](troubleshoot-reporting.md)
+##### [Collect diagnostic data of Microsoft Defender Antivirus](collect-diagnostic-data.md)
+##### [Collect diagnostic data for Update Compliance and Microsoft Defender Antivirus](collect-diagnostic-data-update-compliance.md)
##### [Tune performance of Microsoft Defender Antivirus](tune-performance-defender-antivirus.md) #### Troubleshooting Microsoft Defender Antivirus
#### [Overview of AIR](automated-investigations.md) #### [Automation levels in AIR](automation-levels.md) #### [Configure AIR capabilities](configure-automated-investigations-remediation.md)
+#### [View the details and results of an automated investigation](autoir-investigation-results.md)
### [Microsoft Threat Experts]() #### [Microsoft Threat Experts overview](microsoft-threat-experts.md) #### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) -
+### [Next generation protection]()
+#### [Run and customize scheduled and on-demand scans](customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
## Reference ### [Understand threat intelligence concepts](threat-indicator-concepts.md)
####### [Get machine by ID](get-machine-by-id.md) ####### [Get machine log on users](get-machine-log-on-users.md) ####### [Get machine related alerts](get-machine-related-alerts.md)
+####### [Get machines security states collection API](get-machinesecuritystates-collection.md)
####### [Get installed software](get-installed-software.md) ####### [Get discovered vulnerabilities](get-discovered-vulnerabilities.md) ####### [Get security recommendations](get-security-recommendations.md) ####### [Add or Remove machine tags](add-or-remove-machine-tags.md) ####### [Find machines by IP](find-machines-by-ip.md)
+####### [Find device information by internal IP](find-machine-info-by-ip.md)
####### [Find machines by tag](find-machines-by-tag.md) ####### [Get missing KBs](get-missing-kbs-machine.md) ####### [Set device value](set-device-value.md)
####### [List machines by software](get-machines-by-software.md) ####### [List vulnerabilities by software](get-vuln-by-software.md) ####### [Get missing KBs](get-missing-kbs-software.md)
+####### [Get KB collection API](get-machinegroups-collection.md)
###### [User]() ####### [User methods](user.md)
####### [List vulnerabilities](get-all-vulnerabilities.md) ####### [List vulnerabilities by machine and software](get-all-vulnerabilities-by-machines.md) ####### [Get vulnerability by ID](get-vulnerability-by-id.md)
+####### [Get CVE-KB map API](get-cvekbmap-collection.md)
+####### [Get KB collection API](get-kbinfo-collection.md)
####### [List machines by vulnerability](get-machines-by-vulnerability.md) ##### [How to use APIs - Samples]()
###### [Advanced Hunting using Python](run-advanced-query-sample-python.md) ###### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md) ###### [Using OData Queries](exposed-apis-odata-samples.md)
+###### [Advanced Hunting with PowerShell API Guide](exposed-apis-full-sample-powershell.md)
#### [Raw data streaming API]()
security Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/alerts.md
|Evidence|List of Alert evidence|Evidence related to the alert. See example below.| |
+>[!NOTE]
+>Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.
+ ### Response example for getting single alert: ```http
security Android Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-configure.md
Network protection in Microsoft Defender for endpoint is enabled by default. Adm
> [!div class="mx-imgBorder"] > ![Image of add configuration policy.](images/npvalue.png)
-1. If your organization uses root CAΓÇÖs which could be private in nature, explicit trust needs to be established between Intune (MDM solution) and userΓÇÖs devices so that defender doesnΓÇÖt detect flag them as rogue certificates.
+1. If your organization uses root CA's which could be private in nature, explicit trust needs to be established between Intune (MDM solution) and user's devices so that defender doesn't detect flag them as rogue certificates.
To establish trust for the root CAs use **'Trusted CA certificate list for Network Protection (Preview)'** as the key and in value add the **'comma separated list of certificate thumbprints'**. > [!div class="mx-imgBorder"]
security Attack Surface Reduction Rules Deployment Implement https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement.md
ms.technology: mde
- M365-security-compliance
+ - m365solution-asr-rules
Last updated 1/18/2022
security Attack Surface Reduction Rules Deployment Operationalize https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize.md
ms.technology: mde
- M365-security-compliance
+ - m365solution-asr-rules
Last updated 1/18/2022
security Attack Surface Reduction Rules Deployment Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-plan.md
ms.technology: mde -- M365-security-compliance
+ - M365-security-compliance
+ - m365solution-asr-rules
Last updated 1/18/2022
security Attack Surface Reduction Rules Deployment Test https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test.md
ms.technology: mde
- M365-security-compliance
+ - m365solution-asr-rules
Last updated 1/18/2022
security Attack Surface Reduction Rules Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment.md
ms.technology: mde
- M365-security-compliance
+ - m365solution-asr-rules
Last updated 1/18/2022
security Batch Update Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/batch-update-alerts.md
Property | Type | Description
alertIds | List&lt;String&gt;| A list of the IDs of the alerts to be updated. **Required** status | String | Specifies the updated status of the specified alerts. The property values are: 'New', 'InProgress' and 'Resolved'. assignedTo | String | Owner of the specified alerts
-classification | String | Specifies the specification of the specified alerts. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'.
+classification | String | Specifies the specification of the specified alerts. The property values are: 'True positive', 'Informational, expected activity' and 'False positive'.
determination | String | Specifies the determination of the specified alerts. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other' comment | String | Comment to be added to the specified alerts.
+>[!NOTE]
+>Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.
+ ## Response If successful, this method returns 200 OK, with an empty response body.
security Configure Contextual File Folder Exclusions Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md
This article/section describes the contextual file and folder exclusions capabil
## Overview
-Exclusions are primarily intended to mitigate affects on performance. They come at the penalty of reduced protection value. These restrictions allow you to limit this protection reduction by specifying circumstances under which the exclusion should apply. Contextual exclusions arenΓÇÖt suitable for addressing false positives in a reliable way. If you encounter a false positive, you can Submit files for analysis through the [Microsoft 365 Defender](https://security.microsoft.com/) portal (subscription required) or through the [Microsoft Security Intelligence](https://www.microsoft.com/wdsi/filesubmission) website. For a temporary suppression method, consider creating a custom _allow_ indicator.
+Exclusions are primarily intended to mitigate affects on performance. They come at the penalty of reduced protection value. These restrictions allow you to limit this protection reduction by specifying circumstances under which the exclusion should apply. Contextual exclusions aren't suitable for addressing false positives in a reliable way. If you encounter a false positive, you can Submit files for analysis through the [Microsoft 365 Defender](https://security.microsoft.com/) portal (subscription required) or through the [Microsoft Security Intelligence](https://www.microsoft.com/wdsi/filesubmission) website. For a temporary suppression method, consider creating a custom _allow_ indicator.
There are four restrictions you can apply to limit the applicability of an exclusion: - **File/folder path type restriction**. You can restrict exclusions to only apply if the target is a file, or a folder by making the intent specific. If the target is a file but the exclusion is specified to be a folder, it will not apply. Conversely, if the target is folder but the exclusion is specified to be a file, the exclusion will apply.-- **Scan type restriction**. Enables you to define the required scan type for an exclusion to apply. For example, you only want to exclude a certain folder from Full scans but not from a ΓÇ£resourceΓÇ¥ scan (targeted scan).
+- **Scan type restriction**. Enables you to define the required scan type for an exclusion to apply. For example, you only want to exclude a certain folder from Full scans but not from a "resource" scan (targeted scan).
- **Scan trigger type restriction**. You can use this restriction to specify that the exclusion should only apply when the scan was initiated by a specific event: - on demand - on access
Keep in mind that _all_ **types** and **values** are case sensitive.
### Examples
-The following string excludes ΓÇ£c:\documents\design.docΓÇ¥ only if itΓÇÖs a file and only in on-access scans:
+The following string excludes "c:\documents\design.doc" only if it's a file and only in on-access scans:
`c:\documents\design.doc\:{PathType:file,ScanTrigger:OnAccess}`
-The following string excludes ΓÇ£c:\documents\design.docΓÇ¥ only if itΓÇÖs scanned (on-access) due to it being accessed by a process having the image name ΓÇ£winword.exeΓÇ¥:
+The following string excludes "c:\documents\design.doc" only if it's scanned (on-access) due to it being accessed by a process having the image name "winword.exe":
-`c:\documents\design.doc\:{Process:ΓÇ¥winword.exeΓÇ¥}`
+`c:\documents\design.doc\:{Process:"winword.exe"}`
The process image path may contain wildcards, as in the following example:
-`c:\documents\design.doc\:{Process:ΓÇ¥C:\Program Files*\Microsoft Office\root\Office??\winword.exeΓÇ¥}`
+`c:\documents\design.doc\:{Process:"C:\Program Files*\Microsoft Office\root\Office??\winword.exe"}`
### File/folder restriction
You can restrict exclusions to only apply if the target is a file or a folder by
#### File/folder exclusions default behavior
-If you donΓÇÖt specify any other options, the file/folder is excluded from all types of scans _and_ the exclusion applies regardless of whether the target is a file or a folder. For more information about customizing exclusions to only apply to a specific scan type, see [Scan type restriction](#scan-type-restriction).
+If you don't specify any other options, the file/folder is excluded from all types of scans _and_ the exclusion applies regardless of whether the target is a file or a folder. For more information about customizing exclusions to only apply to a specific scan type, see [Scan type restriction](#scan-type-restriction).
#### Folders
This restriction allows you to define that an exclusion should only apply when a
To exclude a file or folder only when accessed by a specific process, create a normal file or folder exclusion and add the process to restrict the exclusion to:
-`c:\documents\design.doc\:{Process:ΓÇ¥winword.exeΓÇ¥, Process:ΓÇ¥msaccess.exeΓÇ¥}`
+`c:\documents\design.doc\:{Process:"winword.exe", Process:"msaccess.exe"}`
### How to configure
security Configure Extension File Exclusions Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md
ms.technology: mde
ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium Last updated : 07/25/2022 -+
- Microsoft Defender Antivirus **Platforms**+ - Windows
-You can define exclusions for Microsoft Defender Antivirus that apply to [scheduled scans](schedule-antivirus-scans.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on, real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). **Generally, you shouldn't need to apply exclusions**. If you do need to apply exclusions, you can choose from several different kinds:
+You can define exclusions for Microsoft Defender Antivirus that apply to [scheduled scans](schedule-antivirus-scans.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on, real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). **Generally, you don't need to apply exclusions**. If you do need to apply exclusions, then you can choose from the following:
- Exclusions based on file extensions and folder locations (described in this article) - [Exclusions for files that are opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) > [!IMPORTANT]
-> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, such as [attack surface reduction (ASR) rules](attack-surface-reduction.md) and [controlled folder access](controlled-folders.md). Files that you exclude using the methods described in this article can still trigger endpoint detection and response (EDR) alerts and other detections.
+> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, such as [attack surface reduction (ASR) rules](attack-surface-reduction.md) and [controlled folder access](controlled-folders.md). Files that you exclude using the methods described in this article can still trigger Endpoint Detection and Response (EDR) alerts and other detections.
> To exclude files broadly, add them to the Microsoft Defender for Endpoint [custom indicators](manage-indicators.md). ## Before you begin
See [Recommendations for defining exclusions](configure-exclusions-microsoft-def
## Exclusion lists
-To exclude certain files from Microsoft Defender Antivirus scans, you modify your exclusion lists. Microsoft Defender Antivirus includes many automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
+To exclude certain files from Microsoft Defender Antivirus scans, modify your exclusion lists. Microsoft Defender Antivirus includes many automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
> [!NOTE] > Exclusions apply to [potentially unwanted apps (PUA) detections](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) as well.
The following table lists some examples of exclusions based on file extension an
- Don't exclude mapped network drives. Specify the actual network path. -- Folders that are reparse points that are created after the Microsoft Defender Antivirus service starts and that have been added to the exclusion list will not be included. Restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target.
+- Folders that are reparse points are created after the Microsoft Defender Antivirus service starts, and those that have been added to the exclusion list will not be included. Restart the service by restarting Windows for new reparse points to be recognized as a valid exclusion target.
-- Exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md), but not across Defender for Endpoint. To define exclusions across Defender for Endpoint, use [custom indicators](manage-indicators.md).
+- Exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md), but not across all Defender for Endpoint capabilities. To define exclusions across Defender for Endpoint, use [custom indicators](manage-indicators.md).
- By default, local changes made to the lists (by users with administrator privileges, including changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists take precedence when there are conflicts. In addition, exclusion list changes made with Group Policy are visible in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
See [How to create and deploy antimalware policies: Exclusion settings](/configm
### Use Group Policy to configure folder or file extension exclusions > [!NOTE]
-> If you specify a fully qualified path to a file, then only that file is excluded. If a folder is defined in the exclusion, then all files and subdirectories under that folder are excluded.
+> If you specify a fully qualified path to a file, then only that file is excluded. If a folder is defined in the exclusion, then all files and sub-directories under that folder are excluded.
-1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure, and then select **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration** and select **Administrative templates**.
+2. In the **Group Policy Management Editor** go to **Computer configuration**, and select **Administrative templates**.
3. Expand the tree to **Windows components** \> **Windows Defender Antivirus** \> **Exclusions**.
See [How to create and deploy antimalware policies: Exclusion settings](/configm
### Use PowerShell cmdlets to configure file name, folder, or file extension exclusions
-Using PowerShell to add or remove exclusions for files based on the extension, location, or file name requires using a combination of three cmdlets and the appropriate exclusion list parameter. The cmdlets are all in the [Defender module](/powershell/module/defender/).
+Using PowerShell to add or remove exclusions for files based on the extension, location, or file name requires using a combination of three cmdlets and appropriate exclusion list parameter. The cmdlets are all in the [Defender module](/powershell/module/defender/).
The format for the cmdlets is as follows:
The following table lists values that you can use in the `<exclusion list>` port
|Exclusion type|PowerShell parameter| ||| |All files with a specified file extension|`-ExclusionExtension`|
-|All files under a folder (including files in subdirectories), or a specific file|`-ExclusionPath`|
+|All files under a folder (including files in sub-directories), or a specific file|`-ExclusionPath`|
> [!IMPORTANT] > If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list.
See [Add exclusions in the Windows Security app](microsoft-defender-security-cen
## Use wildcards in the file name and folder path or extension exclusion lists
-You can use the asterisk `*`, question mark `?`, or environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the file name or folder path exclusion list. The way in which these wildcards are interpreted differs from their usual usage in other apps and languages. Make sure to read this section to understand their specific limitations.
+You can use the asterisk `*`, question mark `?`, or environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the file name or folder path exclusion list. The way these wildcards are interpreted differs from their usual usage in other apps and languages. Make sure to read this section to understand their specific limitations.
> [!IMPORTANT] > There are key limitations and usage scenarios for these wildcards:
The following table describes how the wildcards can be used and provides some ex
|Wildcard|Examples| |||
-|`*` (asterisk) <p> In **file name and file extension inclusions**, the asterisk replaces any number of characters, and only applies to files in the last folder defined in the argument. <p> In **folder exclusions**, the asterisk replaces a single folder. Use multiple `*` with folder slashes `\` to indicate multiple nested folders. After matching the number of wild carded and named folders, all subfolders are also included.|`C:\MyData\*.txt` includes `C:\MyData\notes.txt` <p> `C:\somepath\*\Data` includes any file in `C:\somepath\Archives\Data` and its subfolders, and `C:\somepath\Authorized\Data` and its subfolders <p> `C:\Serv\*\*\Backup` includes any file in `C:\Serv\Primary\Denied\Backup` and its subfolders and `C:\Serv\Secondary\Allowed\Backup` and its subfolders|
+|`*` (asterisk) <p> In **file name and file extension inclusions**, the asterisk replaces any number of characters, and only applies to files in the last folder defined in the argument. <p> In **folder exclusions**, the asterisk replaces a single folder. Use multiple `*` with folder slashes `\` to indicate multiple nested folders. After matching the number of wild carded and named folders, all subfolders are also included.|`C:\MyData\*.txt` includes `C:\MyData\notes.txt` <p> `C:\somepath\*\Data` includes any file in `C:\somepath\Archives\Data` and its subfolders, and `C:\somepath\Authorized\Data` and its subfolders <p> `C:\Serv\*\*\Backup` includes any file in `C:\Serv\Primary\Denied\Backup` and its subfolders, and `C:\Serv\Secondary\Allowed\Backup` and its subfolders|
|`?` (question mark) <p> In **file name and file extension inclusions**, the question mark replaces a single character, and only applies to files in the last folder defined in the argument. <p> In **folder exclusions**, the question mark replaces a single character in a folder name. After matching the number of wild carded and named folders, all subfolders are also included.|`C:\MyData\my?.zip` includes `C:\MyData\my1.zip` <p> `C:\somepath\?\Data` includes any file in `C:\somepath\P\Data` and its subfolders <p> `C:\somepath\test0?\Data` would include any file in `C:\somepath\test01\Data` and its subfolders| |Environment variables <p> The defined variable is populated as a path when the exclusion is evaluated.|`%ALLUSERSPROFILE%\CustomLogFiles` would include `C:\ProgramData\CustomLogFiles\Folder1\file1.txt`|
The following table lists and describes the system account environment variables
|This system environment variable...|Redirects to this| |||
-|`%APPDATA%`|`C:\Users\UserName.DomainName\AppData\Roaming`|
+|`%APPDATA%`|`C:\Windows\system32\config\systemprofile\Appdata\Roaming`|
|`%APPDATA%\Microsoft\Internet Explorer\Quick Launch`|`C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch`| |`%APPDATA%\Microsoft\Windows\Start Menu`|`C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu`| |`%APPDATA%\Microsoft\Windows\Start Menu\Programs`|`C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs`|
The following table lists and describes the system account environment variables
|`%PUBLIC%\RecordedTV.library-ms`|`C:\Users\Public\RecordedTV.library-ms`| |`%PUBLIC%\Videos`|`C:\Users\Public\Videos`| |`%PUBLIC%\Videos\Sample Videos`|`C:\Users\Public\Videos\Sample Videos`|
-|`%USERPROFILE%`|`C:\Users\UserName`|
-|`%USERPROFILE%\AppData\Local`|`C:\Users\UserName\AppData\Local`|
-|`%USERPROFILE%\AppData\LocalLow`|`C:\Users\UserName\AppData\LocalLow`|
-|`%USERPROFILE%\AppData\Roaming`|`C:\Users\UserName\AppData\Roaming`|
+|`%USERPROFILE%`|`C:\Windows\system32\config\systemprofile`|
+|`%USERPROFILE%\AppData\Local`|`C:\Windows\system32\config\systemprofile\AppData\Local`|
+|`%USERPROFILE%\AppData\LocalLow`|`C:\Windows\system32\config\systemprofile\AppData\LocalLow`|
+|`%USERPROFILE%\AppData\Roaming`|`C:\Windows\system32\config\systemprofile\AppData\Roaming`|
## Review the list of exclusions
-You can retrieve the items in the exclusion list using one of the following methods:
+You can retrieve the items in the exclusion list by using one of the following methods:
- [Intune](/mem/intune/fundamentals/deployment-guide-intune-setup) - [Microsoft Endpoint Configuration Manager](/configmgr/protect/deploy-use/endpoint-antimalware-policies)
You can retrieve the items in the exclusion list using one of the following meth
- [Windows Security app](microsoft-defender-security-center-antivirus.md) > [!IMPORTANT]
-> Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
+> Exclusion list changes made with Group Policy **will show** in the lists of [Windows Security app](microsoft-defender-security-center-antivirus.md).
> Changes made in the Windows Security app **will not show** in the Group Policy lists.
-If you use PowerShell, you can retrieve the list in two ways:
+If you use PowerShell, you can retrieve the list in the following two ways:
- Retrieve the status of all Microsoft Defender Antivirus preferences. Each list is displayed on separate lines, but the items within each list are combined into the same line. - Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line.
security Configure Server Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-server-endpoints.md
Support for Windows Server provides deeper insight into server activities, cover
##### Install Microsoft Defender for Endpoint using a script
-You can use the [installer script](server-migration.md#installer-script) to help automate installation, uninstallation, and onboarding. For more information, see the instructions in the following section to use the script with Group Policy.
+You can use the [installer script](server-migration.md#installer-script) to help automate installation, uninstallation, and onboarding.
+> [!NOTE]
+> The installation script is signed. Any modifications to the script will invalidate the signature. When you download the script from GitHub, the recommended approach to avoid inadvertent modification is to download the source files as a zip archive then extract it to obtain the install.ps1 file (on the main Code page, click the Code dropdown menu and select "Download ZIP").
+
+This script can be used in a variety of scenarios, including those described in [Server migration scenarios from the previous, MMA-based Microsoft Defender for Endpoint solution](/microsoft-365/security/defender-endpoint/server-migration) and for deployment using Group Policy as described below.
##### Apply the Microsoft Defender for Endpoint installation and onboarding packages using Group policy
security Configure Vulnerability Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-vulnerability-email-notifications.md
Title: Configure vulnerability email notifications in Microsoft Defender for Endpoint description: Use Microsoft Defender for Endpoint to configure email notification settings for vulnerability events. keywords: email notifications, configure alert notifications, Microsoft Defender for Endpoint, Microsoft Defender for Endpoint notifications, Microsoft Defender for Endpoint alerts, windows enterprise, windows education ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Defender Endpoint Plan 1 2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2.md
audience: ITPro Previously updated : 07/14/2022 Last updated : 07/25/2022 ms.prod: m365-security ms.technology: mdep1 ms.localizationpriority: medium
This article helps clarify what's included in the following plans:
- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)-- [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml)-- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)-- [Microsoft Defender for Business](../defender-business/mdb-overview.md)-- [Microsoft 365 Business Premium](../../business-premium/index.md)
+- [Microsoft Defender Vulnerability Management add-on](../defender-vulnerability-management/index.yml)
+- [Microsoft Defender for Business](../defender-business/mdb-overview.md) and [Microsoft 365 Business Premium](../../business-premium/index.md)
> [!IMPORTANT] > This article provides a summary of threat protection capabilities in Microsoft endpoint security plans; however, it's not intended to be a service description or licensing contract document. For more detailed information, see [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
The following table summarizes what's included in Microsoft endpoint security pl
| Plan | What's included | |:|:|
-| [Microsoft 365 Defender](../defender/microsoft-365-defender.md) | Services include: <ul><li>[Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)</li><li>[Microsoft Defender Vulnerability Management](../defender-vulnerability-management/defender-vulnerability-management.md)</li><li>[Microsoft Defender for Office 365](../office-365-security/overview.md)</li><li>[Microsoft Defender for Identity](/defender-for-identity/)</li><li>[Microsoft Defender for Cloud Apps](/cloud-app-security/)</li></ul>|
| [Defender for Endpoint Plan 1](defender-endpoint-plan-1.md) <sup>[[1](#fn1)]</sup> | <ul><li>[Next-generation protection](defender-endpoint-plan-1.md#next-generation-protection) (includes antimalware and antivirus)</li><li>[Attack surface reduction](defender-endpoint-plan-1.md#attack-surface-reduction)</li><li> [Manual response actions](defender-endpoint-plan-1.md#manual-response-actions)</li><li>[Centralized management](defender-endpoint-plan-1.md#centralized-management)</li><li>[Security reports](defender-endpoint-plan-1.md#reporting)</li><li>[APIs](defender-endpoint-plan-1.md#apis)</li><li>[Support for Windows 10, iOS, Android OS, and macOS devices](defender-endpoint-plan-1.md#cross-platform-support)</li></ul>| | [Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) <sup>[[2](#fn2)]</sup> | All of the Defender for Endpoint Plan 1 capabilities, plus:<ul><li>[Device discovery](device-discovery.md)</li><li>[Device inventory](machines-view-overview.md)</li><li>[Core Defender Vulnerability Management capabilities](../defender-vulnerability-management/defender-vulnerability-management-capabilities.md)</li><li>[Threat Analytics](threat-analytics.md)</li><li>[Automated investigation and response](automated-investigations.md)</li><li>[Advanced hunting](advanced-hunting-overview.md)</li><li>[Endpoint detection and response](overview-endpoint-detection-response.md)</li><li>[Microsoft Threat Experts](microsoft-threat-experts.md)</li><li>Support for [Windows](configure-endpoints.md) (client and server) and [non-Windows platforms](configure-endpoints-non-windows.md) (macOS, iOS, Android, and Linux)</li></ul> |
-| [Defender Vulnerability Management add-on](../defender-vulnerability-management/defender-vulnerability-management-capabilities.md) | Additional Defender Vulnerability Management capabilities for Defender for Endpoint Plan 2:<ul><li>[Security baselines assessment](../defender-vulnerability-management/tvm-security-baselines.md)</li><li>[Block vulnerable applications](../defender-vulnerability-management/tvm-block-vuln-apps.md)</li><li>[Browser extensions](../defender-vulnerability-management/tvm-browser-extensions.md)</li><li>[Digital certificate assessment](../defender-vulnerability-management/tvm-certificate-inventory.md)</li><li>[Network share analysis](../defender-vulnerability-management/tvm-network-share-assessment.md)</li><li>Support for [Windows](configure-endpoints.md) (client and server) and [non-Windows platforms](configure-endpoints-non-windows.md) (macOS, iOS, Android, and Linux)</li></ul> |
-| [Defender for Business](../defender-business/mdb-overview.md) <sup>[[3](#fn3)]</sup> <br/>and<br/>[Microsoft 365 Business Premium](../../business-premium/index.md) | [Services optimized for small and medium-sized businesses](../defender-business/compare-mdb-m365-plans.md) include: <ul><li>Email protection</li><li>Antispam protection</li><li>Antimalware protection</li><li>Next-generation protection</li><li>Attack surface reduction</li><li>Endpoint detection and response</li><li>Automated investigation and response </li><li>Threat & vulnerability management</li><li>Centralized reporting</li><li>APIs (for integration with custom apps or reporting solutions)</li><li>[Integration with Microsoft 365 Lighthouse](../defender-business/mdb-lighthouse-integration.md)</li></ul> |
+| [Defender Vulnerability Management add-on](../defender-vulnerability-management/defender-vulnerability-management-capabilities.md) | More Defender Vulnerability Management capabilities for Defender for Endpoint Plan 2:<ul><li>[Security baselines assessment](../defender-vulnerability-management/tvm-security-baselines.md)</li><li>[Block vulnerable applications](../defender-vulnerability-management/tvm-block-vuln-apps.md)</li><li>[Browser extensions](../defender-vulnerability-management/tvm-browser-extensions.md)</li><li>[Digital certificate assessment](../defender-vulnerability-management/tvm-certificate-inventory.md)</li><li>[Network share analysis](../defender-vulnerability-management/tvm-network-share-assessment.md)</li><li>Support for [Windows](configure-endpoints.md) (client and server) and [non-Windows platforms](configure-endpoints-non-windows.md) (macOS, iOS, Android, and Linux)</li></ul> |
+| [Defender for Business](../defender-business/mdb-overview.md) <sup>[[3](#fn3)]</sup> | [Services optimized for small and medium-sized businesses](../defender-business/compare-mdb-m365-plans.md) include: <ul><li>Email protection</li><li>Antispam protection</li><li>Antimalware protection</li><li>Next-generation protection</li><li>Attack surface reduction</li><li>Endpoint detection and response</li><li>Automated investigation and response </li><li>Threat & vulnerability management</li><li>Centralized reporting</li><li>APIs (for integration with custom apps or reporting solutions)</li><li>[Integration with Microsoft 365 Lighthouse](../defender-business/mdb-lighthouse-integration.md)</li></ul> |
(<a id="fn1">1</a>) Microsoft Defender for Endpoint Plan 1 is available as a standalone subscription for commercial and education customers. It's also included as part of Microsoft 365 E3/A3.
The following table summarizes what's included in Microsoft endpoint security pl
## Options for onboarding servers
-The standalone versions of Defender for Business, Defender for Endpoint Plan 1 and 2, and Microsoft 365 Business Premium do not include server licenses. To onboard servers, choose from the following options:
+Defender for Endpoint Plan 1 and 2 (standalone), Defender for Business (standalone), and Microsoft 365 Business Premium don't include server licenses. To onboard servers, choose from the following options:
- **Microsoft Defender for Servers Plan 1 or Plan 2** as part of the [Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) offering. To learn more. see [Overview of Microsoft Defender for Servers](/azure/defender-for-cloud/defender-for-servers-introduction). - **Microsoft Defender for Business servers (preview)** for small and medium-sized businesses. See [How to get Microsoft Defender for Business servers (preview)](../defender-business/get-defender-business-servers.md).
security Device Control Removable Storage Access Control https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control.md
ms.technology: mde Previously updated : 06/24/2022 Last updated : 08/01/2022+ # Microsoft Defender for Endpoint Device Control Removable Storage Access Control
Microsoft Defender for Endpoint Device Control Removable Storage Access Control
Microsoft Defender for Endpoint Device Control Removable Storage Access Control feature gives you the following capabilities:
-|Capability|Description|Deploy through Intune|Deploy through Group Policy|
-|||||
-|Removable Media Group Creation|Allows you to create reusable removable media group|Step 4 and 6 in the section, [Deploying Removable Storage Access Control by using Intune OMA-URI](#deploying-removable-storage-access-control-by-using-intune-oma-uri)| Step 4 and 6 in the section, [Deploying Removable Storage Access Control by using Group Policy](#deploying-removable-storage-access-control-by-using-group-policy)|
-|Policy Creation|Allows you to create policy to enforce each removable media group|Step 5 and 7 in the section, [Deploying Removable Storage Access Control by using Intune OMA-URI](#deploying-removable-storage-access-control-by-using-intune-oma-uri)| Steps 5 and 7 in the section, [Deploying Removable Storage Access Control by using Group Policy](#deploying-removable-storage-access-control-by-using-group-policy)|
-|Default Enforcement|Allows you to set default access (Deny or Allow) to removable media if there is no policy|Step 2 in the section, [Deploying Removable Storage Access Control by using Intune OMA-URI](#deploying-removable-storage-access-control-by-using-intune-oma-uri) | Step 2 in the section, [Deploying Removable Storage Access Control by using Group Policy](#deploying-removable-storage-access-control-by-using-group-policy)|
-|Enable or Disable Removable Storage Access Control|If you set Disable, it will disable the Removable Storage Access Control policy on this machine| Step 1 in the section, [Deploying Removable Storage Access Control by using Intune OMA-URI](#deploying-removable-storage-access-control-by-using-intune-oma-uri)| Step 1 in the section, [Deploying Removable Storage Access Control by using Group Policy](#deploying-removable-storage-access-control-by-using-group-policy)|
-|Capture file information|Allows you to create policy to capture file information when Write access happens| | Step 10 in the section, [Deploying Removable Storage Access Control by using Group Policy](#deploying-removable-storage-access-control-by-using-group-policy) |
+|Capability|Deploy through Intune|Deploy through Group Policy|
+||||
+|Removable Media Group Creation <br/>Allows you to create reusable removable media group|Step 4 and 6 in the section, [Deploying Removable Storage Access Control by using Intune OMA-URI](#deploying-removable-storage-access-control-by-using-intune-oma-uri)| Step 4 and 6 in the section, [Deploying Removable Storage Access Control by using Group Policy](#deploying-removable-storage-access-control-by-using-group-policy)|
+|Policy Creation<br/>Allows you to create policy to enforce each removable media group|Step 5 and 7 in the section, [Deploying Removable Storage Access Control by using Intune OMA-URI](#deploying-removable-storage-access-control-by-using-intune-oma-uri)| Steps 5 and 7 in the section, [Deploying Removable Storage Access Control by using Group Policy](#deploying-removable-storage-access-control-by-using-group-policy)|
+|Default Enforcement<br/>Allows you to set default access (Deny or Allow) to removable media if there is no policy|Step 2 in the section, [Deploying Removable Storage Access Control by using Intune OMA-URI](#deploying-removable-storage-access-control-by-using-intune-oma-uri) | Step 2 in the section, [Deploying Removable Storage Access Control by using Group Policy](#deploying-removable-storage-access-control-by-using-group-policy)|
+|Enable or Disable Removable Storage Access Control<br/>If you set Disable, it will disable the Removable Storage Access Control policy on this machine| Step 1 in the section, [Deploying Removable Storage Access Control by using Intune OMA-URI](#deploying-removable-storage-access-control-by-using-intune-oma-uri)| Step 1 in the section, [Deploying Removable Storage Access Control by using Group Policy](#deploying-removable-storage-access-control-by-using-group-policy)|
+|Capture file information<br/>Allows you to create policy to capture file information when Write access happens| | Step 10 in the section, [Deploying Removable Storage Access Control by using Group Policy](#deploying-removable-storage-access-control-by-using-group-policy) |
### Prepare your endpoints
You can use the following properties to create a removable storage group:
|Property Name|Description|Options| |||| |**GroupId**|GUID, a unique ID, represents the group and will be used in the policy.||
-|**DescriptorIdList**|List the device properties you want to use to cover in the group. For each device property, see [Device Properties](device-control-removable-storage-protection.md) for more detail. All properties are case sensitive. |**PrimaryId**: `RemovableMediaDevices`, `CdRomDevices`, `WpdDevices`<p>**BusId**: For example, USB, SCSI<p>**DeviceId**<p>**HardwareId**<p>**InstancePathId**: InstancePathId is a string that uniquely identifies the device in the system, for example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0`. The number at the end (for example &0) represents the available slot and may change from device to device. For best results, use a wildcard at the end. For example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611*`.<p>**FriendlyNameId**<p>**SerialNumberId**<p>**VID**<p>**PID**<p>**VID_PID**<p>`0751_55E0`: match this exact VID/PID pair<p>`_55E0`: match any media with PID=55E0 <p>`0751_`: match any media with VID=0751|
+|**DescriptorIdList**|List the device properties you want to use to cover in the group. All properties are case sensitive. |**PrimaryId**: The Primary ID includes `RemovableMediaDevices`, `CdRomDevices`, `WpdDevices`, `PrinterDevices`. <p>**InstancePathId**: InstancePathId is a string that uniquely identifies the device in the system, for example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0`. It is the `Device instance path` in the Device Manager. The number at the end (for example &0) represents the available slot and may change from device to device. For best results, use a wildcard at the end. For example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611*`. <p>**DeviceId**: To transform `Device instance path` to Device ID format, see [Standard USB Identifiers](/windows-hardware/drivers/install/standard-usb-identifiers), for example, `USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07` <p>**HardwareId**: A string that identifies the device in the system, for example, `USBSTOR\DiskGeneric_Flash_Disk___8.07`, It is `Hardware Ids` in the Device Manager. <br>**Note**: Hardware Id is not unique; different devices might share the same value.<p>**FriendlyNameId**: It is a string attached to the device, for example, `Generic Flash Disk USB Device`. It is the `Friendly name` in the Device Manager. <p>**BusId**: For example, USB, SCSI <p>**SerialNumberId**: You can find SerialNumberId from `Device instance path` in the Device Manager, for example, `03003324080520232521` is SerialNumberId in USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\\`03003324080520232521`&0 <p>**VID_PID**: Vendor ID is the four-digit vendor code that the USB committee assigns to the vendor. Product ID is the four-digit product code that the vendor assigns to the device. It supports wildcard. To transform `Device instance path` to Vendor ID and Product ID format, see [Standard USB Identifiers](/windows-hardware/drivers/install/standard-usb-identifiers). For example: <br>`0751_55E0`: match this exact VID/PID pair<br>`_55E0`: match any media with PID=55E0 <br>`0751_`: match any media with VID=0751 <p> **Note**: See [How do I find the media property in the Device Manager?](#how-do-i-find-the-media-property-in-the-device-manager) under [Frequently asked questions](#frequently-asked-questions) section below to understand how to find the property in Device Manager.|
|**MatchType**|When there are multiple device properties being used in the `DescriptorIDList`, MatchType defines the relationship.|**MatchAll**: Any attributes under the `DescriptorIdList` will be **And** relationship; for example, if administrator puts `DeviceID` and `InstancePathID`, for every connected USB, system will check to see whether the USB meets both values. <p> **MatchAny**: The attributes under the DescriptorIdList will be **Or** relationship; for example, if administrator puts `DeviceID` and `InstancePathID`, for every connected USB, system will do the enforcement as long as the USB has either an identical **DeviceID** or **InstanceID** value.| ### Access Control Policy
For policy deployment in Intune, the account must have permissions to create, ed
### Deploying Removable Storage Access Control by using Intune OMA-URI
-To block a specific removable storage class but allow specific media, you can use ΓÇÿIncludedIdList a group through PrimaryId and ExcludedIDList a group through DeviceId/HardwareId/etc.ΓÇÖ
+To block a specific removable storage class but allow specific media, you can use 'IncludedIdList a group through PrimaryId and ExcludedIDList a group through DeviceId/HardwareId/etc.'
-Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>) **> Devices > Create profile > Platform: Windows 10 and later, Profile type: Templates > Custom**
+Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>) > **Devices** > **Create profile** > **Platform: Windows 10 and later, Profile type: Templates** > Custom**
1. Enable or Disable Device control as follows:
- - Under **Custom > Configuration settings**, click **Add**.
- - In the **Add Row** pane, enter:
+ - Under **Custom** > **Configuration settings**, select **Add**.
+ - In the **Add Row** pane, specify the following settings:
- **Name** as **Enable Device Control** - **OMA-URI** as `./Vendor/MSFT/Defender/Configuration/DeviceControlEnabled` - **Data Type** as **Integer**
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
`Disable: 0` `Enable: 1`
- - Click **Save**.
+ - Select **Save**.
:::image type="content" source="images/enable-rsac.png" alt-text="Screenshot of enabling Removable Storage Access Control policy" lightbox="images/enable-rsac.png":::
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
You can set the default access (Deny or Allow) for all Device Control features (`RemovableMediaDevices`, `CdRomDevices`, `WpdDevices`, `PrinterDevices`).
- For example, you have either a **Deny** or an **Allow** policy for `RemovableMediaDevices`, but you do not have a policy for `CdRomDevices` or `WpdDevices`. You can set **Default Deny** through this policy, then Read/Write/Execute access to `CdRomDevices` or `WpdDevices` will be blocked. If you only want to manage storage, make sure to create an **Allow** policy for your printer; otherwise, this default enforcement will be applied to printers as well.
+ For example, you can have either a **Deny** or an **Allow** policy for `RemovableMediaDevices`, but not for `CdRomDevices` or `WpdDevices`. You can set **Default Deny** through this policy, then Read/Write/Execute access to `CdRomDevices` or `WpdDevices` will be blocked. If you only want to manage storage, make sure to create an **Allow** policy for your printer; otherwise, this default enforcement will be applied to printers as well.
- - In the **Add Row** pane, enter:
+ - In the **Add Row** pane, specify the following settings:
- **Name** as **Default Deny** - **OMA-URI** as `./Vendor/MSFT/Defender/Configuration/DefaultEnforcement` - **Data Type** as **Integer**
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
`DefaultEnforcementAllow = 1` `DefaultEnforcementDeny = 2`
- - Click **Save**.
+ - Select **Save**.
:::image type="content" source="images/default-deny.png" alt-text="Screenshot of setting Default Enforcement as Deny" lightbox="images/default-deny.png":::
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
- **Name** as **Audit Default Deny** - **OMA-URI** as `./Vendor/MSFT/Defender/Configuration/DeviceControl/PolicyRules/%7bf3520ea7-fd1b-4237-8ebc-96911db44f8e%7d/RuleData`
- :::image type="content" source="images/audit-default-deny-1.png" alt-text="Screenshot of creating Audit Default Deny policy" lightbox="images/audit-default-deny-1.png":::
+ :::image type="content" source="images/audit-default-deny-1.png" alt-text="Screenshot of creating Audit Default Deny policy." lightbox="images/audit-default-deny-1.png":::
- **Data Type** as **String (XML file)** - **Custom XML** as **Audit Default Deny.xml** file.
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
Use the following XML data to create your Audit policy for Default Deny:
- :::image type="content" source="images/audit-default-deny-xml-file-1.png" alt-text="Screenshot of audit default deny xml file":::
+ :::image type="content" source="images/audit-default-deny-xml-file-1.png" alt-text="Screenshot of audit default deny xml file.":::
4. ReadOnly - Group:
Go to Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>
- **Name** as **Any Removable Storage Group** - **OMA-URI** as `./Vendor/MSFT/Defender/Configuration/DeviceControl/PolicyGroups/%7b9b28fae8-72f7-4267-a1a5-685f747a7146%7d/GroupData`
- :::image type="content" source="images/any-removable-storage-group.png" alt-text="Screenshot of creating any Removable Storage Group" lightbox="images/any-removable-storage-group.png":::
+ :::image type="content" source="images/any-removable-storage-group.png" alt-text="Screenshot of creating any Removable Storage Group." lightbox="images/any-removable-storage-group.png":::
- **Data Type** as **String (XML file)** - **Custom XML** as **Any Removable Storage and CD-DVD and WPD Group.xml** file
Before you get started with Removable Storage Access Control, you must confirm y
You can enable Device control as follows:
- - Go to **Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Features > Device Control**
+ - Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Features** > **Device Control**
- In the **Device Control** window, select **Enabled**. :::image type="content" source="images/enable-rsac-gp.png" alt-text="Screenshot of Enabling RSAC using Group Policy " lightbox="images/enable-rsac-gp.png":::
Before you get started with Removable Storage Access Control, you must confirm y
You can set default access (Deny or Allow) for all Device Control features (RemovableMediaDevices, CdRomDevices, WpdDevices, PrinterDevices).
- For example, you have either Deny or Allow policy for RemovableMediaDevices, but you do not have any policy for CdRomDevices or WpdDevices. You set Default Deny through this policy, then Read/Write/Execute access to CdRomDevices or WpdDevices will be blocked. If you only want to manage storage, make sure to create Allow policy for Printer, otherwise, this Default Enforcement will be applied to Printer as well.
+ For example, you can have either a Deny or an Allow policy for RemovableMediaDevices, but not for CdRomDevices or WpdDevices. You set Default Deny through this policy, then Read/Write/Execute access to CdRomDevices or WpdDevices will be blocked. If you only want to manage storage, make sure to create Allow policy for Printer, otherwise, this Default Enforcement will be applied to Printer as well.
- - Go to **Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Features > Device Control > Select Device Control Default Enforcement**
+ - Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Features** > **Device Control** > **Select Device Control Default Enforcement**
- - In the **Select Device Control Default Enforcement** window, select **Default Deny**:
+ - In the **Select Device Control Default Enforcement** pane, select **Default Deny**:
:::image type="content" source="images/set-default-enforcement-deny-gp.png" alt-text="Screenshot of setting Default Enforcement = Deny using Group Policy" lightbox="images/set-default-enforcement-deny-gp.png":::
Before you get started with Removable Storage Access Control, you must confirm y
Use the following XML data to create ReadOnly policy and apply to the ReadOnly removable storage group to allow read activity:
- :::image type="content" source="images/read-only-policy-gp.png" alt-text="Screen shot of Read only policy xml data" lightbox="images/read-only-policy-gp.png":::
+ :::image type="content" source="images/read-only-policy-gp.png" alt-text="Screenshot of Read only policy xml data." lightbox="images/read-only-policy-gp.png":::
-6. Create Group for Allowed Medias:
+6. Create a group for allowed Media:
- Use the following XML data to create removable storage allowed medias group:
+ Use the following XML data to create removable storage allowed media group:
:::image type="content" source="images/create-group-allowed-medias-gp.png" alt-text="Screenshot of xml data for creating group for allowed medias" lightbox="images/create-group-allowed-medias-gp.png":::
-7. Create Policy to allow the approved USB Group:
+7. Create a policy to allow the approved USB Group:
- Use the following XML data to create a policy to allow approved USB group:
+ Use the following XML data to create a policy to allow the approved USB group:
:::image type="content" source="images/create-policy-allow-approved-usb-group-xml.png" alt-text="Screenshot of XML data to create policy to allow the approved USB Group using Group Policy" lightbox="images/create-policy-allow-approved-usb-group-xml.png":::
Before you get started with Removable Storage Access Control, you must confirm y
:::image type="content" source="images/define-device-control-policy-grps-gp.png" alt-text="Screenshot of Define device control policy groups" lightbox="images/define-device-control-policy-grps-gp.png":::
- - In the **Define device control policy groups** window, enter the file path containing the XML groups data.
+ - In the **Define device control policy groups** window, specify the file path containing the XML groups data.
XML file path: <https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/Group%20Policy/Demo_Groups.xml>
Before you get started with Removable Storage Access Control, you must confirm y
You can combine device control policy rules into one XML file as follows:
- - Go to **Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Device Control > Define device control policy rules**
+ - Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Device Control** > **Define device control policy rules**.
:::image type="content" source="images/define-device-cntrl-policy-rules-gp.png" alt-text="Screenshot of define device control policy rules" lightbox="images/define-device-cntrl-policy-rules-gp.png":::
Before you get started with Removable Storage Access Control, you must confirm y
10. Set location for a copy of the file (evidence):
- If you want to have a copy of the file (evidence) when Write access happens, you have to set the location where system can save the copy.
+ If you want to have a copy of the file (evidence) when Write access happens, specify the location where system can save the copy.
- - Go to **Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Device Control > Define Device Control evidence data remote location**.
+ - Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Device Control** > **Define Device Control evidence data remote location**.
- - In the **Define Device Control evidence data remote location** window, select **Enabled** and enter the local or network share folder path.
+ - In the **Define Device Control evidence data remote location** pane, select **Enabled**, and then specify the local or network share folder path.
- :::image type="content" source="images/evidence-data-remote-location-gp.png" alt-text="Screenshot of Define Device Control evidence data remote location" lightbox="images/evidence-data-remote-location-gp.png":::
+ :::image type="content" source="images/evidence-data-remote-location-gp.png" alt-text="Screenshot of Define Device Control evidence data remote location." lightbox="images/evidence-data-remote-location-gp.png":::
## View Device Control Removable Storage Access Control data in Microsoft Defender for Endpoint
DeviceEvents
### How to generate GUID for Group Id/PolicyRule Id/Entry Id?
-You can generate GUID through online open source, or through PowerShell - [How to generate GUID through PowerShell](/powershell/module/microsoft.powershell.utility/new-guid)
+You can generate the GUID through online open source, or through PowerShell - [How to generate GUID through PowerShell](/powershell/module/microsoft.powershell.utility/new-guid)
-![image](https://user-images.githubusercontent.com/81826151/159046476-26ea0a21-8087-4f01-b8ae-5aa73b392d8f.png)
+![Screenshot of GUID in PowerShell.](https://user-images.githubusercontent.com/81826151/159046476-26ea0a21-8087-4f01-b8ae-5aa73b392d8f.png)
### What are the removable storage media and policy limitations?
Either from the Microsoft Endpoint Manager admin center (Intune) or through Micr
For example, if you need two blocks of entries per user SID to "Allow"/"Audit allowed" specific users and two blocks of entries at the end to "Deny" all, you will be able to manage 2,276 users.
-### Why does the policy not work?
+### Why doesn't the policy work?
1. The most common reason is there's no required [antimalware client version](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control#prepare-your-endpoints).
For example, if you need two blocks of entries per user SID to "Allow"/"Audit al
3. If you are deploying and managing the policy by using Group Policy, please make sure to combine all PolicyRule into one XML file within a parent node called PolicyRules and all Group into one XML file within a parent node called Groups; if you manage through Intune, keep one PolicyRule one XML file, same thing, one Group one XML file.
-If it still doesn't work, you may want to contact us and share support cab by running cmd with administrator: "%programfiles%\Windows Defender\MpCmdRun.exe" -GetFiles
+If it still doesn't work, you contact support, and share your support cab. To get that file, use Command Prompt as an administrator:
-### There is no configuration UX for 'Define device control policy groups' and 'Define device control policy rules' on my Group Policy
+`"%programfiles%\Windows Defender\MpCmdRun.exe" -GetFiles`
-We don't backport the Group Policy configuration UX, but you can still get the related adml and admx files by clicking 'Raw' and 'Save as' at the [WindowsDefender.adml](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/WindowsDefender.adml) and [WindowsDefender.admx](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/WindowsDefender.admx) files.
+### There is no configuration UX for **Define device control policy groups** and **Define device control policy rules** on my Group Policy
-### How can I know whether the latest policy has been deployed to the target machine?
+We don't backport the Group Policy configuration UX, but you can still get the related adml and admx files by selecting **Raw** and **Save as** at the [WindowsDefender.adml](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/WindowsDefender.adml) and [WindowsDefender.admx](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/WindowsDefender.admx) files.
-You can run "Get-MpComputerStatus' on PowerShell as an Administrator. The following value will show whether the latest policy has been applied to the target machine.
+### How do I confirm that the latest policy has been deployed to the target machine?
+
+You can run the PowerShell cmdlet `Get-MpComputerStatus` as an administrator. The following value will show whether the latest policy has been applied to the target machine.
:::image type="icon" source="images/148609885-bea388a9-c07d-47ef-b848-999d794d24b8.png" border="false":::
DeviceFileEvents
|summarize dcount(DeviceName) by PlatformVersion // check how many machines are using which platformVersion |order by PlatformVersion desc ```+
+### How do I find the media property in the Device Manager?
+
+1. Plug in the media.
+
+2. Open Device Manager.
+
+ ![Screenshot of Device Manager.](https://user-images.githubusercontent.com/81826151/181859412-affd6aa1-09ad-44bf-9541-330499cc2c87.png)
+
+3. Locate the media in the Device Manager, right-click, and then select **Properties**.
+
+ :::image type="content" alt-text="Screenshot of media in the Device Manager." source="https://user-images.githubusercontent.com/81826151/181859700-62a6f704-b12e-41e3-a048-7d63432654a4.png":::
+
+4. Open **Details**, and select **Properties**.
+
+ :::image type="content" alt-text="Screenshot of device property in Device Manager." source="https://user-images.githubusercontent.com/81826151/181859852-00bc8b11-8ee5-4d46-9770-fa29f894d13f.png":::
+
security Device Control Removable Storage Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-protection.md
ms.pagetype: security
ms.localizationpriority: medium Last updated : 08/01/2022 audience: ITPro
Device control removable storage protection in Microsoft Defender for Endpoint p
- *Audit* Read or Write or Execute access to removable storage based on various device properties, with or without an exclusion. - *Prevent* Read or Write or Execute access with or without an exclusion - Allow specific device based on various device properties.
+To manage external storage, use removable storage access control instead of [device installation](#device-installation).
+ **Windows 10 and Windows 11 support details**: - Applied at either the device level, user level. or both. Only allow specific people performing Read/Write/Execute access to specific removable storage on specific machine. - Support MEM OMA-URI and GPO.-- Supported '[Device Properties](#device-properties)' as listed.-- For feature in Windows, see [Removable storage Access Control](device-control-removable-storage-access-control.md).
+- For Windows devices, see [Removable storage Access Control](device-control-removable-storage-access-control.md).
**Supported Platform** - Windows 10, Windows 11
Device control removable storage protection in Microsoft Defender for Endpoint p
- Applied at the device level: the same policy applies for any logged on user. - Supports Microsoft Endpoint Manager and Group Policy Objects.-- Supported '[Device Properties](#device-properties)' as listed. - For more information on Windows, see [How to control USB devices and other removable media using Microsoft Defender for Endpoint](control-usb-devices-using-intune.md). **Supported Platform** - Windows 10, Windows 11
Device control removable storage protection in Microsoft Defender for Endpoint p
**Description** - For more information on Windows, see [BitLocker - Removable Drive Settings](/mem/intune/protect/endpoint-security-disk-encryption-profile-settings). **Supported Platform** - Windows 10, Windows 11-
-## Device properties
-
-Microsoft Defender for Endpoint Device Control Removable Storage Protection allows you to restrict the removable storage access based on the properties described in the table below:
-
-<br/><br/>
-
-|Property Name|Applicable Policies|Applies to Operating Systems|Description|
-|||||
-|Device Class|[How to control USB devices and other removable media using Microsoft Defender for Endpoint](control-usb-devices-using-intune.md)|Windows|For information about Device ID formats, see [device setup class](/windows-hardware/drivers/install/overview-of-device-setup-classes). The following two links provide the complete list of Device Setup Classes. 'System Use' classes are mostly refer to devices that come with a computer/machine from the factory, while 'Vendor' classes are mostly refer to devices that could be connected to an existing computer/machine: [System-Defined Device Setup Classes Available to Vendors - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors) and [System-Defined Device Setup Classes Reserved for System Use - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-reserved-for-system-use). **Note**: Device Installation can be applied to any devices, not only Removable storage.|
-|Primary ID|[Removable storage Access Control](device-control-removable-storage-access-control.md)|Windows|The Primary ID includes removable storage and CD/DVD and Windows Portable Device/WPD.|
-|Device ID|[Removable storage Access Control](device-control-removable-storage-access-control.md); <p> [How to control USB devices and other removable media using Microsoft Defender for Endpoint](control-usb-devices-using-intune.md)|Windows|For information about Device ID formats, see [Standard USB Identifiers](/windows-hardware/drivers/install/standard-usb-identifiers), for example, USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07|
-|Hardware ID|[Removable storage Access Control](device-control-removable-storage-access-control.md) <p> [How to control USB devices and other removable media using Microsoft Defender for Endpoint](control-usb-devices-using-intune.md)|Windows|A string identified the device in the system, for example, USBSTOR\DiskGeneric_Flash_Disk___8.07; **Note**: Hardware ID is not unique; different devices might share the same value.|
-|Instance ID|[Removable storage Access Control](device-control-removable-storage-access-control.md) <p> Device Installation|Windows|A string uniquely identifies the device in the system, for example, USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0|
-|Friendly Name|[Removable storage Access Control](device-control-removable-storage-access-control.md)|Windows|A string attached to the device, for example, Generic Flash Disk USB Device|
-|Vendor ID / Product ID|[Removable storage Access Control](device-control-removable-storage-access-control.md)|Windows <p> macOS|Vendor ID is the four-digit vendor code that the USB committee assigns to the vendor. Product ID is the four-digit product code that the vendor assigns to the device; Support wildcard.|
-|Serial NumberId|[Removable storage Access Control](device-control-removable-storage-access-control.md)|Windows <p> macOS |For example, `<SerialNumberId>002324B534BCB431B000058A</SerialNumberId>`|
security Enable Exploit Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-exploit-protection.md
ms.technology: mde Previously updated : 10/19/2021 Last updated : 07/27/2022 # Enable exploit protection
If you add an app to the **Program settings** section and configure individual m
|Yes|No|As defined in **Program settings**| |Yes|Yes|As defined in **Program settings**| |No|Yes|As defined in **System settings**|
-|No|Yes|Default as defined in **Use default** option|
+|No|No|Default as defined in **Use default** option|
### Example 1: Mikael configures Data Execution Prevention in system settings section to be off by default
security Enable Microsoft Defender For Iot Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration.md
To modify settings for your Defender for Endpoint integration, the user must hav
## Set up a network sensor
-To set up a network sensor your Azure subscription must have a Defender for IoT plan with Enterprise IoT devices added. For more information, see [Get started with Defender for IoT](/azure/defender-for-iot/organizations/getting-started).
+To set up a network sensor your Azure subscription must have a Defender for IoT plan with Enterprise IoT devices added, as described [above](#onboard-a-defender-for-iot-plan).
To add a network sensor, under **Set up network sensors** choose the **Microsoft Defender for IoT** link. This brings you to the Onboard sensor setup process in the Azure portal. For more information, see [Get started with Enterprise IoT](/azure/defender-for-iot/organizations/tutorial-getting-started-eiot-sensor).
For more information, see the [Defender for IoT pricing page](https://azure.micr
## Cancel your Defender for IoT plan
-You can cancel your Defender for IoT plan from the Defender for Endpoint settings page in the [https://security.microsoft.com](https://security.microsoft.com/) portal. Once you cancel your plan, the integration stops and you'll no longer get security assessment value in Defender for Endpoint, or detect new devices in Defender for IoT.
+Cancel your Defender for IoT plan from the Defender for Endpoint settings page in the [https://security.microsoft.com](https://security.microsoft.com/) portal. Once you cancel your plan, the integration stops and you'll no longer get security assessment value in Defender for Endpoint, or detect new devices in Defender for IoT.
## See also
security Export Certificate Inventory Assessment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/export-certificate-inventory-assessment.md
- [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
-> Want to experience Microsoft Defender Vulnerability Management? [Sign up for a free trial.- Update](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-portaloverview-abovefoldlink)
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization.
security Export Security Baseline Assessment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/export-security-baseline-assessment.md
- [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
-> Want to experience Microsoft Defender Vulnerability Management? [Sign up for a free trial.- Update](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-portaloverview-abovefoldlink)
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization.
security Find Machine Info By Ip https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/find-machine-info-by-ip.md
Title: Find device information by internal IP API
description: Use this API to create calls related to finding a device entry around a specific timestamp by internal IP. keywords: ip, apis, graph api, supported apis, find device, device information search.product: eADQiWindows 10XVcnh ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
If no machine found - 404 Not Found.
### Request example
-Here is an example of the request.
+Here's an example of the request.
```http GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp=2018-06-19T10:00:00Z,key='10.166.93.61')
Content-type: application/json
### Response example
-Here is an example of the response.
+Here's an example of the response.
-The response will return a list of all devices that reported this IP address within sixteen minutes prior and after the timestamp.
+The response will return a list of all devices that reported this IP address within 16 minutes prior and after the timestamp.
```json HTTP/1.1 200 OK
security Get Discovered Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-discovered-vulnerabilities.md
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
+ [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)]
security Get Installed Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-installed-software.md
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:**+ - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
+ [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)]
security Get Machinegroups Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machinegroups-collection.md
description: Learn how to use the Get KB collection API to retrieve a collection
keywords: apis, graph api, supported apis, get, RBAC, group search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Get Machinesecuritystates Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machinesecuritystates-collection.md
description: Retrieve a collection of device security states using Microsoft Def
keywords: apis, graph api, supported apis, get, device, security, state search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Get Missing Kbs Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-missing-kbs-machine.md
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
+ [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)]
security Get Remediation All Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-all-activities.md
- [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
-> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink).
+
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
[!Include[Prerelease information](../../includes/prerelease.md)]
security Get Remediation Methods Properties https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-methods-properties.md
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
+ [!Include[Prerelease information](../../includes/prerelease.md)] [!Include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
security Get Remediation One Activity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-one-activity.md
- [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
-> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink).
+
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
[!Include[Prerelease information](../../includes/prerelease.md)]
security Get Security Baselines Assessment Configurations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-configurations.md
- [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
-> Want to experience Microsoft Defender Vulnerability Management? [Sign up for a free trial.- Update](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-portaloverview-abovefoldlink)
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
## 1. Get all security baselines assessment configurations
security Get Security Baselines Assessment Profiles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-profiles.md
- [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
-> Want to experience Microsoft Defender Vulnerability Management? [Sign up for a free trial.- Update](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-portaloverview-abovefoldlink)
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
## 1. Get security baselines assessment profiles
security Get Security Recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-security-recommendations.md
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-**Applies to:**
+**Applies to:**
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
+ [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)]
security Get Started Partner Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-started-partner-integration.md
Title: Become a Microsoft Defender for Endpoint partner
description: Learn the steps and requirements to integrate your solution with Microsoft Defender for Endpoint and be a partner keywords: partner, integration, solution validation, certification, requirements, member, misa, application portal ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Get Ti Indicators Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-ti-indicators-collection.md
Title: List Indicators API description: Learn how to use the List Indicators API to retrieve a collection of all active Indicators in Microsoft Defender for Endpoint. keywords: apis, public api, supported apis, Indicators collection ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Host Firewall Reporting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/host-firewall-reporting.md
catch {
## Supported scenarios
-The following scenarios are supported during Ring0 Preview:
- - [Firewall reporting](#firewall-reporting) - [From "Computers with a blocked connection" to device](#from-computers-with-a-blocked-connection-to-device) - [Drill into advanced hunting (preview refresh)](#drill-into-advanced-hunting-preview-refresh)
security Import Ti Indicators https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/import-ti-indicators.md
Title: Import Indicators API description: Learn how to use the Import batch of Indicator API in Microsoft Defender for Endpoint. keywords: apis, supported apis, submit, ti, indicator, update ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Ios Configure Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-configure-features.md
ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:**+
+- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
For more information about how to set up Conditional Access with Defender for En
### Jailbreak detection by Microsoft Defender for Endpoint
-Microsoft Defender for Endpoint has the capability of detecting unmanaged and managed devices that are jailbroken. If a device is detected to be jailbroken, a **High**-risk alert will be reported to the Microsoft 365 Defender portal and if Conditional Access is setup based on device risk score, then the device will be blocked from accessing corporate data.
+Microsoft Defender for Endpoint has the capability of detecting unmanaged and managed devices that are jailbroken. If a device is detected to be jailbroken, a **High**-risk alert will be reported to the Microsoft 365 Defender portal and if Conditional Access is set up based on device risk score, then the device will be blocked from accessing corporate data.
## Web Protection and VPN
-By default, Defender for Endpoint on iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Note that Anti-phishing and custom indicators (URL and IP addresses) are supported as part of Web Protection. Web Content Filtering is currently not supported on iOS.
+By default, Defender for Endpoint on iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Note that Anti-phishing and custom indicators (URL and IP addresses) are supported as part of Web Protection. Web Content Filtering is currently not supported on mobile platforms.
Defender for Endpoint on iOS uses a VPN in order to provide this capability. Please note this is a local VPN and unlike traditional VPN, network traffic is not sent outside the device.
While enabled by default, there might be some cases that require you to disable
> [!NOTE] > Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open the Microsoft Defender for Endpoint app on the device and click or tap **Start VPN**.
+## Disable Web Protection
+
+Web Protection is one of the key features of Defender for Endpoint and it requires a VPN to provide that capability. The VPN used is a local/loopback VPN and not a traditional VPN, however there are several reasons for which customers might not prefer the VPN. Customers who do not want to set up a VPN, there is an option to disable **Web Protection** and deploy Defender for Endpoint without that feature. Other Defender for Endpoint features will continue to work.
+
+This configuration is available for both the enrolled (MDM) devices as well as unenrolled (MAM) devices. For customers with MDM, admins can configure the **Web Protection** through Managed devices in the App Config. For customers without enrollment, using MAM, admins can configure the **Web Protection** through Managed apps in the App Config.
+
+### Configure Web Protection
+
+1. **Disable Web Protection(MDM)** Use the following steps to disable **Web Protection** for enrolled devices.
+
+ - In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**.
+ - Give the policy a name, **Platform > iOS/iPadOS**.
+ - Select Microsoft Defender for Endpoint as the target app.
+ - In Settings page, select Use configuration designer and add **WebProtection** as the key and value type as **Boolean**.
+ - By default, **WebProtection= true**.
+ - Admin needs to make **WebProtection = false** to switch off the web protection.
+ - Defender will send the heartbeat to the Microsoft 365 Defender portal whenever user opens the app.
+ - Click Next and assign this profile to targeted devices/users.
+
+1. **Disable Web Protection(MAM)** Use the following steps to disable **Web Protection** for unenrolled devices.
+
+ - In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed apps**.
+ - Give the policy a name.
+ - Under the Select Public Apps, choose Microsoft Defender for Endpoint as the target app.
+ - In Settings page, under the General Configuration Settings, add **WebProtection** as the key and value as **false**, .
+ - By default, **WebProtection= true**.
+ - Admin needs to make **WebProtection = false** to switch off the web protection.
+ - Defender will send the heartbeat to the Microsoft 365 Defender portal whenever user opens the app.
+ - Click Next and assign this profile to targeted devices/users.
+ ## Configure Network Protection
->[!NOTE]
+
+>[!NOTE]
>Network Protection on Microsoft Defender for Endpoint is now in public preview. The following information relates to prerelease of the product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. Network protection in Microsoft Defender for endpoint is enabled by default. Admins can use the following steps to configure MAM support for Network protection in iOS devices. 1. In Microsoft Endpoint Manager Admin, navigate to Apps > App configuration policies. Create a new App configuration policy. :::image type="content" source="images/addiosconfig.png" alt-text="Add configuration policy." lightbox="images/addiosconfig.png":::
-
-2. Provide a name and description to uniquely identify the policy. Then click on ΓÇÿSelect Public appsΓÇÖ and choose ΓÇÿMicrosoft DefenderΓÇÖ for Platform iOS/IPadOS
+
+2. Provide a name and description to uniquely identify the policy. Then click on 'Select Public apps' and choose 'Microsoft Defender' for Platform iOS/IPadOS
:::image type="content" source="images/nameiosconfig.png" alt-text="Name the configuration." lightbox="images/nameiosconfig.png":::
-
-3. In Settings page, add 'DefenderNetworkProtectionEnableΓÇÖ as the key and value as 'false' to disable Network Protection. (Network protection is enabled by default)
+
+3. In Settings page, add 'DefenderNetworkProtectionEnable' as the key and value as 'false' to disable Network Protection. (Network protection is enabled by default)
:::image type="content" source="images/addiosconfigvalue.png" alt-text="Add configuration value." lightbox="images/addiosconfigvalue.png":::
-
+ 4. For other configurations related to Network protection, add the following keys and appropriate corresponding value. |Key| Default (true-enable, false-disable)|Description| |||| |DefenderEndUserTrustFlowEnable| false | Enable Users to Trust Networks and Certificates|
- |DefenderNetworkProtectionAutoRemediation| true |This setting is used by the IT admin to enable or disable the remediation alerts that is sent when a user performs remediation activities like switching to a safer WIFI access points or deleting suspicious certificates detected by Defender|
+ |DefenderNetworkProtectionAutoRemediation| true |This setting is used by the IT admin to enable or disable the remediation alerts that are sent when a user performs remediation activities like switching to safer WIFI access points or deleting suspicious certificates detected by Defender|
|DefenderNetworkProtectionPrivacy| true |This setting is managed by IT admin to enable or disable privacy in network protection| 5. In Assignments section, admin can choose groups of users to include and exclude from the policy. :::image type="content" source="images/assigniosconfig.png" alt-text="Assign configuration." lightbox="images/assigniosconfig.png":::
-
+ 6. Review and create the configuration policy. ## Co-existence of multiple VPN profiles
Microsoft Defender for Endpoint on iOS enables the App Protection Policy scenari
## Privacy Controls
-> [!IMPORTANT]
-> Privacy Controls for Microsoft Defender for Endpoint on iOS is in preview. The following information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+Microsoft Defender for Endpoint on iOS enables Privacy Controls for both the Admins and the End Users. This includes the controls for enrolled (MDM) as well as unenrolled (MAM) devices.
+For Customers with MDM, admins can configure the Privacy Controls through Managed devices in the App Config. For Customers without enrollment, using MAM, admins can configure the Privacy Controls through Managed apps in the App Config. End Users will also have the ability to configure the Privacy Settings from the Defender App settings.
### Configure privacy in phish alert report Customers can now enable privacy control for the phish report sent by Microsoft Defender for Endpoint on iOS. This will ensure that the domain name is not sent as part of the phish alert whenever a phish website is detected and blocked by Microsoft Defender for Endpoint.
-Use the following steps to enable privacy and not collect the domain name as part of the phish alert report.
+1. **Admin Privacy Controls (MDM)** Use the following steps to enable privacy and not collect the domain name as part of the phish alert report for enrolled devices.
-1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add** > **Managed devices**.
+ - In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**.
+
+ - Give the policy a name, **Platform > iOS/iPadOS**, select the profile type.
-2. Give the policy a name, **Platform > iOS/iPadOS**, select the profile type.
+ - Select **Microsoft Defender for Endpoint** as the target app.
-3. Select **Microsoft Defender for Endpoint** as the target app.
+ - In Settings page, select **Use configuration designer** and add **DefenderExcludeURLInReport** as the key and value type as **Boolean**.
-4. In Settings page, select **Use configuration designer** and add **DefenderExcludeURLInReport** as the key and value type as **Boolean**.
+ - To enable privacy and not collect the domain name, enter value as `true` and assign this policy to users. By default, this value is set to `false`.
- - To enable privacy and not collect the domain name, enter value as `true` and assign this policy to users. By default, this value is set to `false`.
+ - For users with key set as `true`, the phish alert will not contain the domain name information whenever a malicious site is detected and blocked by Defender for Endpoint.
- - For users with key set as `true`, the phish alert will not contain the domain name information whenever a malicious site is detected and blocked by Defender for Endpoint.
+ - Click **Next** and assign this profile to targeted devices/users.
-5. Click **Next** and assign this profile to targeted devices/users.
+1. **Admin Privacy Controls (MAM)** Use the following steps to enable privacy and not collect the domain name as part of the phish alert report for unenrolled devices.
+
+ - In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed apps**.
+
+ - Give the policy a name.
+
+ - Under the Select Public Apps, choose **Microsoft Defender for Endpoint** as the target app.
+
+ - In Settings page, under the **General Configuration Settings** add **DefenderExcludeURLInReport** as the key and value as **true**.
+
+ - To enable privacy and not collect the domain name, enter value as `true` and assign this policy to users. By default, this value is set to `false`.
+
+ - For users with key set as `true`, the phish alert will not contain the domain name information whenever a malicious site is detected and blocked by Defender for Endpoint.
+
+ - Click **Next** and assign this profile to targeted devices/users.
+
+1. **End User Privacy Controls** These controls help the end user to configure the information shared to their organization.
+ - For Supervised devices, End User controls will not be visible. Admin will decide and controls the settings.
+ - However, for Unsupervised devices, the control will be displayed under the **Settings-> Privacy**
+ - Users will see a toggle for **Unsafe Site Info**.
+ - This toggle is only visible if Admin has set **DefenderExcludeURLInReport = true**
+ - If enabled by Admin, Users can decide if they want to send the unsafe site info to their Organization or not.
+ - By default its set to `true`, the unsafe site information will be sent.
+ - If user toggles it to `false`, the unsafe site details will not be sent.
Turning the above privacy controls on or off will not impact the device compliance check or conditional access.
+## Optional Permissions
+
+Microsoft Defender for Endpoint on iOS enables **Optional Permissions** in the onboarding flow. Currently the permissions required by MDE are mandatory in the onboarding flow. With this feature, admin can deploy MDE on BYOD devices without enforcing the mandatory **VPN Permission** during onboarding. End Users can onboard the app without the mandatory permissions and can later review these permissions. This feature is currently present only for enrolled devices (MDM).
+
+### Configure Optional Permission
+
+1. **Admin flow (MDM)** Use the following steps to enable **Optional VPN** permission for enrolled devices.
+
+ - In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**.
+
+ - Give the policy a name, select **Platform > iOS/iPadOS**.
+
+ - Select **Microsoft Defender for Endpoint** as the target app.
+
+ - In Settings page, select **Use configuration designer** and add **DefenderOptionalVPN** as the key and value type as **Boolean**.
+
+ - To enable optional VPN permission, enter value as `true` and assign this policy to users. By default, this value is set to `false`.
+ - For users with key set as `true`, the users will be able to onboard the app without giving the VPN permission.
+
+ - Click **Next** and assign this profile to targeted devices/users.
+1. **End User flow** - User will install and open the app to start the onboarding.
+ - If admin has setup Optional permissions, then user can **Skip** VPN permission and complete onboarding.
+ - Even if the user has skipped VPN, the device will be able to onboard, and heartbeat will be sent.
+ - Since `VPN` is disabled, `Web Protection` will not be active.
+ - Later, User can enable the `Web Protection` from within the App. This will install the VPN configuration on the device.
+
+> [!NOTE]
+>**Optional Permission** is different from **Disable Web Protection**. Optional VPN Permission only helps to skip the permission during onboarding but its available for the end user to later review and enable it. While **Disable Web Protection** allows users to onboard the MDE app without the Web Protection. It cannot be enabled later.
+ ## Configure compliance policy against jailbroken devices To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune.
Defender for Endpoint on iOS enables admins to configure custom indicators on iO
> [!NOTE] > Defender for Endpoint on iOS supports creating custom indicators only for IP addresses and URLs/domains.
-## Configure option to send in-app feedback
+## Configure option to send in-app feedback
Customers now have the option to configure the ability to send feedback data to Microsoft within the Defender for Endpoint app. Feedback data helps Microsoft improve products and troubleshoot issues. > [!NOTE]
-> For US Government cloud customers, feedback data collection is **disabled** by default.
+> For US Government cloud customers, feedback data collection is **disabled** by default.
Use the following steps to configure the option to send feedback data to Microsoft:
security Ios Install https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-install.md
This step simplifies the onboarding process by setting up the VPN profile. For a
- Select **Add** for **On Demand Rules** and select **I want to do the following = Connect VPN**, **I want to restrict to = All domains**. :::image type="content" source="images/ios-deploy-8.png" alt-text="The VPN profile Configuration settings tab" lightbox="images/ios-deploy-8.png":::
+ - To mandate that VPN cannot be disabled in users device, Admins can select **Yes** from **Block users from disabling automatic VPN**. By default, it's not configured and users can disable VPN only in the Settings.
+ - To allow Users to Change the VPN toggle from within the app, add **EnableVPNToggleInApp = TRUE**, in the key-value pairs. By default, users cannot the change the toggle from within the app.
1. Click Next and assign the profile to targeted users. 1. In the *Review + Create* section, verify that all the information entered is correct and then select **Create**.
Admins can configure Microsoft Defender for Endpoint to deploy and activate sile
:::image type="content" source="images/ios-deploy-9.png" alt-text="The VPN profile Configuration page" lightbox="images/ios-deploy-9.png":::
+ - To mandate that VPN cannot be disabled in users device, Admins can select **Yes** from **Block users from disabling automatic VPN**. By default, it's not configured and users can disable VPN only in the Settings.
+ - To allow Users to Change the VPN toggle from within the app, add **EnableVPNToggleInApp = TRUE**, in the key-value pairs. By default, users cannot the change the toggle from within the app.
+ 1. Select **Next** and assign the profile to targeted users. 1. In the *Review + Create* section, verify that all the information entered is correct and then select **Create**.
security Ios Whatsnew https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-whatsnew.md
ms.technology: mde
Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink) ## Network protection+ Network Protection on Microsoft Defender for Endpoint is now in public preview. Network protection provides protection against rogue Wi-Fi related threats, rogue hardware like pineapple devices and notifies the user if a related threat is detected. Users will also see a guided experience to connect to secure networks and change networks when they are connected to an unsecure connection. It includes several admin controls to offer flexibility, such as the ability to configure the feature from within the Microsoft Endpoint Manager Admin center. Admins can also enable privacy controls to configure the data that is sent by Defender for Endpoint from iOS devices. For more information, read [Configure Network Protection](/microsoft-365/security/defender-endpoint/ios-configure-features#configure-network-protection). Network protection for iOS is already enabled for your tenant. End-users who are testing Network protection feature can install the preview version of the app via TestFlight. Browse to https://aka.ms/mdeiospp on the iOS device. This will prompt you to install the TestFlight app on your device or open TestFlight in case it is already installed. On the TestFlight app, follow the onscreen instructions to install Microsoft Defender Endpoint. Please verify that the version number of MDE is 1.1.29270104.
+## Privacy Controls
+
+Microsoft Defender for Endpoint on iOS enables Privacy Controls for both the Admins and the End Users. This includes the controls for enrolled (MDM) as well as unenrolled (MAM) devices. Admins can configure the privacy in the phish alert report while End Users can configure the information shared to their organization.
+
+## Optional Permissions and Disable Web Protection
+
+Microsoft Defender for Endpoint on iOS enables **Optional Permissions** in the onboarding flow. Currently the permissions required by MDE are mandatory in the onboarding flow. With this feature, admin can deploy MDE on BYOD devices without enforcing the mandatory **VPN Permission** during onboarding. End Users can onboard the app without the mandatory permissions and can later review these permissions. This feature is currently present only for enrolled devices (MDM).
+
+With **Disable Web Protection**,Customers who do not want to setup a VPN, can configure to disable **Web Protection** and deploy MDE without that feature. Other MDE features will continue to work. This configuration is available for both the enrolled (MDM) devices as well as unenrolled (MAM) devices.
+ ## Integration with Tunnel+ Microsoft Defender for Endpoint on iOS can now integrate with Microsoft Tunnel, a VPN gateway solution to enable security and connectivity in a single app. Integration with Tunnel provides a simpler, secure VPN experience on iOS with just one app. This feature was earlier available only on Android. For more details, [see the techcommunity post here](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/what-s-new-in-microsoft-endpoint-manager-2204-april-edition/ba-p/3297995) ## Improved experience on supervised iOS devices
On January 25, 2022, we announced the general availability of Threat and Vulnera
- **Zero-touch onboard for enrolled iOS devices** enrolled through Microsoft Endpoint Manager (Intune) is generally available. For more information, see [Zero touch onboarding of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/ios-install#zero-touch-onboarding-of-microsoft-defender-for-endpoint). - Bug fixes. - ## 1.1.24210103 - Resolved internet connectivity issues on supervised devices. For more information, see [Deploy Defender for Endpoint on enrolled iOS devices](ios-install.md).
security Linux Whatsnew https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-whatsnew.md
This article is updated frequently to let you know what's new in the latest rele
- [What's new in Defender for Endpoint on macOS](mac-whatsnew.md) - [What's new in Defender for Endpoint on iOS](ios-whatsnew.md)
+<details>
+ <summary>Aug-2022 (Build: 101.75.43 | Release version: 30.122071.17543.0)</summary>
+
+&ensp;Released: **August 2, 2022**<br/>
+&ensp;Published: **August 2, 2022**<br/>
+&ensp;Build: **101.75.43**<br/>
+&ensp;Release version: **30.122071.17543.0**<br/>
+&ensp;Engine version: **1.1.19300.3**<br/>
+&ensp;Signature version: **1.369.395.0**<br/>
+
+**What's new**
+
+- Added support for Red Hat Enterprise Linux version 9.0
+- Added a new field in the output of `mdatp health` that can be used to query the enforcement level of the network protection feature. The new field is called `network_protection_enforcement_level` and can take one of the following values: `audit`, `block`, or `disabled`.
+- Addressed a product bug where multiple detections of the same content could lead to duplicate entries in the threat history
+- Addressed an issue where one of the processes spawned by the product (`mdatp_audisp_plugin`) was sometimes not properly terminated when the service was stopped
+- Other bug fixes
+</br>
+
+<br/><br/>
+</details>
+ <details> <summary>Jul-2022 (Build: 101.73.77 | Release version: 30.122062.17377.0)</summary>
This article is updated frequently to let you know what's new in the latest rele
<p><b> What's new </b></p>
- - Added a capability to detect vulnerable log4j jars in use by Java applications. The machine is periodically inspected for running Javaprocesses with loaded log4j jars. The information is reported to the Microsoft Defender for Endpoint backend and is exposed in theVulnerability Management area of the portal.
+ - Added a capability to detect vulnerable log4j jars in use by Java applications. The machine is periodically inspected for running Java processes with loaded log4j jars. The information is reported to the Microsoft Defender for Endpoint backend and is exposed in the Vulnerability Management area of the portal.
</details>
security Mac Support Perf https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-support-perf.md
The following steps can be used to troubleshoot and mitigate these issues:
125 CrashPlanService 164 ```
- To improve the performance of Defender for Endpoint on Mac, locate the one with the highest number under the Total files scanned row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint on Linux](linux-exclusions.md).
+ To improve the performance of Defender for Endpoint on Mac, locate the one with the highest number under the Total files scanned row and add an exclusion for it. For more information, see [Configure and validate exclusions for Defender for Endpoint on macOS](mac-exclusions.md).
> [!NOTE] > The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted.
security Mac Whatsnew https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-whatsnew.md
For more information on Microsoft Defender for Endpoint on other operating syste
**What's new**
+- Addressed an issue where printing could not be completed successfully due to the network extension
- Added an option to [configure file hash computation](mac-preferences.md#configure-file-hash-computation-feature) - From this build onwards, the product will have the new anti-malware engine by default - Performance improvements for file copy operations
security Migrating Mde Server To Cloud https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/migrating-mde-server-to-cloud.md
+
+ Title: Migrating servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud
+description: Learn how to migrate servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud.
+keywords: migrate server, server, Microsoft Defender for Endpoint server, Microsoft Defender for Cloud, MDE, azure, azure cloud, CSPM, CWP, cloud workload protection, threat protection, advanced threat protection, Microsoft Azure, multi-cloud connector
+++
+audience: ITPro
+
+ms.localizationpriority: medium
+
+ - M365-security-compliance
+ Last updated : 07/19/2022
+ms.technology: mde
++
+# Migrating servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud
+
+**Applies to:**
+
+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+This article guides you in migrating servers from Microsoft Defender for Endpoint (MDE) to Defender for Cloud.
+
+[Microsoft Defender for Endpoint](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-endpoint) (MDE) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
+
+[Microsoft Defender for Cloud](https://azure.microsoft.com/services/defender-for-cloud/) is a solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your cloud configuration. It also helps strengthen the overall security posture of your environment, and can protect workloads across multi-cloud and hybrid environments from evolving threats.
+
+While both products offer server protection capabilities, Microsoft Defender for Cloud is our primary solution to protect infrastructure resources, including servers.
+
+## How do I migrate my servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud?
+
+If you have servers onboarded to Defender for Endpoint, the migration process varies depending on machine type, but there's a set of shared prerequisites.
+
+Microsoft Defender for Cloud is a subscription-based service in the Microsoft Azure portal. Therefore, Defender for Cloud and the underlying plans like Microsoft Defender for Servers Plan 2 need to be enabled on Azure subscriptions.
+
+To enable Defender for Servers for Azure VMs and non-Azure machines connected through [Azure Arc-enabled servers](/azure/azure-arc/servers/overview), follow this guideline:
+
+1. If you aren't already using Azure, plan your environment following the [Azure Well-Architected Framework](/azure/architecture/framework/).
+2. Enable [Microsoft Defender for Cloud](/azure/defender-for-cloud/get-started) on your subscription(s).
+3. Enable one of the Microsoft Defender for Server plans on your [subscription(s)](/azure/defender-for-cloud/enable-enhanced-security). In case you're using Defender for Servers Plan 2, make sure to also enable it on the Log Analytics workspace your machines are connected to; it will enable you to use optional features like File Integrity Monitoring, Adaptive Application Controls and more.
+4. Make sure the [MDE integration](/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows) is enabled on your subscription. If you have pre-existing Azure subscriptions, you may see one (or both) of the two opt-in buttons shown in the image below.
+ :::image type="content" source="images/mde-integration.png" alt-text="Screenshot that shows how to enable MDE integration.":::
+If you have any of these buttons in your environment, make sure to enable integration for both. On new subscriptions, both options will be enabled by default.
+5. Make sure the connectivity requirements for Azure Arc are met. Microsoft Defender for Cloud requires all on-premises and non-Azure machines to be connected via the Azure Arc agent. In addition, Azure Arc doesn't support all MDE supported operating systems. So, learn how to plan for [Azure Arc deployments here](/azure/azure-arc/servers/plan-at-scale-deployment).
+6. *Recommended:* If you want to see vulnerability findings in Defender for Cloud, make sure to enable [Microsoft Defender Vulnerability Management](/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-va) for Defender for Cloud.
+ :::image type="content" source="images/enable-threat-and-vulnerability-management.png" alt-text="Screenshot that shows how to enable vulnerability management.":::
+
+## How do I migrate existing Azure VMs to Microsoft Defender for Cloud?
+
+For Azure VMs, no extra steps are required, these are automatically onboarded to Microsoft Defender for Cloud, thanks to the native integration between the Azure platform and Defender for Cloud.
+
+## How do I migrate on-premises machines to Microsoft Defender for Servers?
+
+[Connect](/azure/defender-for-cloud/quickstart-onboard-machines?pivots=azure-arc) your on-premises machines via Azure Arc-connected servers.
+
+## How do I migrate VMs from AWS or GCP environments?
+
+1. Create a new multi-cloud connector on your subscription. (For more information on connector, see [AWS accounts](/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings) or [GCP projects](/azure/defender-for-cloud/quickstart-onboard-gcp?pivots=env-settings).
+2. On your multi-cloud connector, enable Defender for Servers on [AWS](/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings#prerequisites) or [GCP](/azure/defender-for-cloud/quickstart-onboard-gcp?pivots=env-settings#configure-the-servers-plan) connectors.
+3. Enable auto-provisioning on the multi-cloud connector for the Azure Arc agent, Microsoft Defender for Endpoint extension, Vulnerability Assessment and, optionally, Log Analytics extension.
+ :::image type="content" source="images/select-plans-aws-gcp.png" alt-text="Screenshot that shows how to enable auto-provisioning for Azure Arc agent.":::
+For more information, see [Defender for CloudΓÇÖs multicloud capabilities](https://aka.ms/mdcmc).
+
+## What happens once all migration steps are completed?
+
+Once you've completed the relevant migration steps, Microsoft Defender for Cloud will deploy the `MDE.Windows` or `MDE.Linux` extension to your Azure VMs and non-Azure machines connected through Azure Arc (including VMs in AWS and GCP compute).
+
+The extension acts as a management and deployment interface, which will orchestrate and wrap the MDE installation scripts inside the operating system and reflect its provisioning state to the Azure management plane. The installation process will recognize an existing Defender for Endpoint installation and connect it to Defender for Cloud by automatically adding Defender for Endpoint service tags.
+
+In case you have Windows Server 2012 R2 or 2016 machines that are provisioned with the legacy, Log Analytics-based Microsoft Defender for Endpoint solution, Microsoft Defender for CloudΓÇÖs deployment process will deploy the Defender for Endpoint [unified solution](configure-server-endpoints.md#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution). After successful deployment, it will stop and disable the legacy Defender for Endpoint process on these machines.
security Mssp List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mssp-list.md
ms.technology: mde
# Supported managed security service providers **Applies to:**+ - [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+The following managed security service providers can be accessed through the portal.
-The following managed security service providers can be accessed through the portal.
-
-Logo |Partner name | Description
+Logo |Partner name | Description
:|:|: ![Image of Accenture logo.](images/accenture-logo.png)|[Accenture Managed Detection & Response (MDR)](https://go.microsoft.com/fwlink/?linkid=2164353) | Manage, maintain, and enhance global cybersecurity operations with extended capabilities that detect, proactively hunt for and respond to advanced cyber-attacks across both IT and OT environments located in the cloud and on-premise. ![Image of Aujas logo.](images/aujas-logo.png) | [Aujas managed MDE Service](https://go.microsoft.com/fwlink/?linkid=2162429) | Aujas cybersecurity provides 24*7 managed security services across the entire enterprise spectrum, using Microsoft Defender for Endpoint through its Cyber Defense Centers.
Logo |Partner name | Description
![Image of CSIS Managed Detection & Response logo.](images/csis-logo.png)| [CSIS Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2091005) | 24/7 monitoring and analysis of security alerts giving companies actionable insights into what, when and how security incidents have taken place ![Image of CyberProof logo.](images/cyberproof-logo.png) |[CyberProof Managed Detection & Response (MDR)](https://go.microsoft.com/fwlink/?linkid=2163964) | 24x7 managed threat detection and response services fully integrated with Microsoft Sentinel and Defender for Endpoint. ![Image of Dell Technologies Advanced Threat Protection logo.](images/dell-logo.png)| [Dell Technologies Advanced Threat Protection](https://go.microsoft.com/fwlink/?linkid=2091004) | Professional monitoring service for malicious behavior and anomalies with 24/7 capability
-![Image of DXC-Managed Endpoint Threat Detection and Response logo.](images/dxc-logo.png)| [DXC-Managed Endpoint Threat Detection and Response](https://go.microsoft.com/fwlink/?linkid=2090395) | Identify endpoint threats that evade traditional security defenses and contain them in hours or minutes, not days
![Image of eSentire log.](images/esentire-logo.png) | [eSentire Managed Detection and Response](https://go.microsoft.com/fwlink/?linkid=2154970) | 24x7 threat investigations and response via Microsoft Defender for Endpoint. ![Image of expel logo.](images/expel-logo.png)| [Expel Managed detection and response for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2162430) | Expel helps your security keep up by detecting security risks in Microsoft Defender for Endpoint. ![Image of Mandiant logo.](images/mandiant-logo.png) | [Mandiant Managed Defense (MDR) for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2164352) | Fortify your Defender for Endpoint with 24/7 frontline MDR intelligence and expertise from Mandiant.
Logo |Partner name | Description
![Image of Zero Trust Analytics Platform (ZTAP) logo.](images/ztap-logo.png)| [Zero Trust Analytics Platform (ZTAP)](https://go.microsoft.com/fwlink/?linkid=2090971) | Reduce your alerts by 99% and access a full range of security capabilities from mobile devices ## Related topics+ - [Configure managed service security provider integration](configure-mssp-support.md)
security Onboard Offline Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-offline-machines.md
Depending on the operating system, the proxy to be used for Microsoft Defender f
> - An OMS gateway server cannot be used as proxy for disconnected Windows or Windows Server devices when configured via 'TelemetryProxyServer' registry or GPO. > - For Windows or Windows Server - while you may use TelemetryProxyServer, it must point to a standard proxy device or appliance. -- Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
+- Set up Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
- [Azure Log Analytics Agent](/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway) - [Install and configure Microsoft Monitoring Agent (MMA)](onboard-downlevel.md#install-and-configure-microsoft-monitoring-agent-mma) point to Defender for Endpoint Workspace key & ID [Onboard previous versions of Windows](onboard-downlevel.md)
-### Microsoft Defender for Cloud
+### Azure virtual machines
-- Review the prerequisites section in [Protect your endpoints with Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint](/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#prerequisites)
+- For devices running the previous, MMA-based solution, set up Azure Log Analytics Gateway (formerly known as OMS Gateway) to act as proxy or hub:
+ - [Azure Log Analytics Gateway](/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
+ - [Install and configure Microsoft Monitoring Agent (MMA)](onboard-downlevel.md#install-and-configure-microsoft-monitoring-agent-mma) point to Defender for Endpoint Workspace key & ID
+- Offline Azure VMs in the same network of OMS Gateway
+ - Configure Azure Log Analytics IP as a proxy
+ - Azure Log Analytics Workspace Key & ID
+- Microsoft Defender for Cloud
+ - [Security Policy \> Log Analytics Workspace](/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
+ - [Threat Detection \> Allow Defender for Endpoint to access my data](/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
+
+ For more information, see [Working with security policies](/azure/security-center/tutorial-security-policy).
+
+> [!NOTE]
+> Any client that has no access to the internet cannot be onboarded to Microsoft Defender Endpoint. A client must either have access to the required URLs directly, or it must have access via a proxy.
security Onboard Windows Multi Session Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-windows-multi-session-device.md
Title: "Onboard Windows devices in Azure Virtual Desktop" description: Learn bout onboarding Windows devices to Defender for Endpoint in Azure Virtual Desktop keywords: Azure Virtual Desktop, AVD, microsoft defender, endpoint, onboard ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security
security Respond Machine Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/respond-machine-alerts.md
A device can also be contained from the device page by selecting **Contain devic
> [!IMPORTANT] > - If a contained device changes its IP address, then all Microsoft Defender for Endpoint onboarded devices will recognize this and start blocking communications with the new IP address. The original IP address will no longer be blocked (It may take up to 5 mins to see these changes).
-> - In cases where the contained deviceΓÇÖs IP is used by another device on the network, there will be a warning while containing the device, with a link to advanced hunting (with a pre-populated query). This will provide visibility to the other devices using the same IP to help you make a conscious decision if youΓÇÖd like to continue with containing the device.
-> - In cases where the contained device is a network device, a warning will appear with a message that this may cause network connectivity issues (for example, containing a router that is acting as a default gateway). At this point, youΓÇÖll be able to choose whether to contain the device or not.
+> - In cases where the contained device's IP is used by another device on the network, there will be a warning while containing the device, with a link to advanced hunting (with a pre-populated query). This will provide visibility to the other devices using the same IP to help you make a conscious decision if you'd like to continue with containing the device.
+> - In cases where the contained device is a network device, a warning will appear with a message that this may cause network connectivity issues (for example, containing a router that is acting as a default gateway). At this point, you'll be able to choose whether to contain the device or not.
After you contain a device, if the behavior isn't as expected, verify the Base Filtering Engine (BFE) service is enabled on the Defender for Endpoint onboarded devices.
security Run Advanced Query Api https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-advanced-query-api.md
- API calls: Up to 45 calls per minute, up to 1500 calls per hour. - Execution time: 10 minutes of running time every hour and 3 hours of running time a day.
-4. The maximal execution time of a single request is 10 minutes.
+4. The maximal execution time of a single request is 200 seconds.
5. 429 response will represent reaching quota limit either by number of requests or by CPU. Read response body to understand what limit has been reached.
-6. The maximum query result size of a single request cannot exceed 124 MB. If exceeded, HTTP 400 Bad Request with the message "Query execution has exceeded the allowed result size. Optimize your query by limiting the amount of results and try again" will appear.
+6. The maximum query result size of a single request cannot exceed 124 MB. If exceeded, HTTP 400 Bad Request with the message "Query execution has exceeded the allowed result size. Optimize your query by limiting the number of results and try again" will appear.
## Permissions
security Run Analyzer Macos Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux.md
Open a terminal or SSH into the relevant machine and run the following commands:
> - In addition, the tool currently requires Python version 3 or later to be installed. > > - If you are running on a machine that cannot use Python 3 or fetch the lxml component, then you can download a binary based version of the analyzer that does not have any of the requirements: [XMDE Client Analyzer Binary](https://aka.ms/XMDEClientAnalyzerBinary). <br> Note that the binary is currently unsigned. To allow the package run on MacOS, you will need to use the syntax: "spctl --add /Path/To/Application.app".
+> - The current SHA256 hash of 'XMDEClientAnalyzerBinary.zip' that is downloaded from the above link is: '7FE67373CDF493BF2748FD778BD106EE85A71C968D594BCC67C7374620506EF2'
> > - If your device is behind a proxy, then you can simply pass the proxy server as an environment variable to the mde_support_tool.sh script. For example: > `https_proxy=https://myproxy.contoso.com:8080 ./mde_support_tool.sh"`
security Server Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/server-migration.md
These instructions apply to the new unified solution and installer (MSI) package
## Installer script
-To facilitate upgrades when Microsoft Endpoint Configuration Manager is not yet available or updated to perform the automated upgrade, you can use this [upgrade script](https://github.com/microsoft/mdefordownlevelserver). It can help automate the following required steps:
+>[!NOTE]
+>Make sure the machines you run the script on is not blocking the execution of the script. The recommended execution policy setting for PowerShell is Allsigned. This requires importing the script's signing certificate into the Local Computer Trusted Publishers store if the script is running as SYSTEM on the endpoint.
+
+To facilitate upgrades when Microsoft Endpoint Configuration Manager is not yet available or updated to perform the automated upgrade, you can use this [upgrade script](https://github.com/microsoft/mdefordownlevelserver). Download it by selection the "Code" button and downloading the .zip file, then extracting install.ps1. It can help automate the following required steps:
1. Remove the OMS workspace for Microsoft Defender for Endpoint (OPTIONAL). 2. Remove System Center Endpoint Protection (SCEP) client if installed.
EXAMPLE: .\install.ps1 -RemoveMMA <YOUR_WORKSPACE_ID> -OnboardingScript ".\Windo
>[!NOTE] >You'll need Microsoft Endpoint Configuration Manager, version 2107 or later to perfom Endpoint Protection policy configuration.
-Migration steps:
-
-1. Fully update the machine including Microsoft Defender Antivirus (Windows Server 2016).
-2. Create a new collection with membership rules to include machines to be migrated.
-3. [Create an application](/mem/configmgr/apps/deploy-use/create-applications) to perform the following tasks:
- 1. Uninstall SCEP.
- 2. Install the [prerequisites](configure-server-endpoints.md#prerequisites) where applicable.
- 3. Install Microsoft Defender for Endpoint (see [Configure server endpoints](configure-server-endpoints.md).
- 4. Apply the onboarding script **for use with Group Policy** downloaded from [Microsoft 365 Defender](https://security.microsoft.com).
- > [!TIP]
- > You can use the [installer script](server-migration.md#installer-script) as part of your application to automate the above steps.
-4. Deploy the application to the new collection.
-5. Create and/or assign (existing) Endpoint Protection policies to the collection.
-6. Apply updates.
-
-### You are currently using Microsoft Endpoint Configuration Manager to manage your servers, are running a non-Microsoft antivirus solution and the MMA-based sensor. You want to upgrade to the new Microsoft Defender for Endpoint.
-
-Migration steps:
-
-1. Fully update the machine including Microsoft Defender Antivirus (Windows Server 2016).
-2. Create a new collection with membership rules to include machines to be migrated.
-3. Ensure third-party antivirus management no longer pushes antivirus to these machines.*
-4. Author your policies in the Endpoint Protection node of MECM and target to the newly created collection.*
-5. Create an application to perform the following tasks:
- 1. Remove the MMA workspace configuration for Microsoft Defender for Endpoint. See [Remove a workspace using PowerShell](/azure/azure-monitor/agents/agent-manage). This step is optional; the previous EDR sensor will stop running after the newer one becomes active.
- 2. Install the [prerequisites](configure-server-endpoints.md#prerequisites) where applicable.
- 3. Install the Microsoft Defender for Endpoint for Windows Server 2012 R2 and 2016 package and **enable passive mode**. See [Install Microsoft Defender Antivirus using command line](configure-server-endpoints.md#install-microsoft-defender-for-endpoint-using-the-command-line).
- 4. Apply the onboarding script **for use with Group Policy** downloaded from [Microsoft 365 Defender](https://security.microsoft.com).
-6. Apply updates.
-7. Remove your non-Microsoft antivirus software by either using the non-Microsoft antivirus console or by using Microsoft Endpoint Configuration Manager as
+For instructions on how to migrate using Microsoft Endpoint Configuration Manager older than version 2207 please see [Migrating servers from Microsoft Monitoring Agent to the unified solution.](/microsoft-365/security/defender-endpoint/application-deployment-via-mecm)
+
+## If you are running a non-Microsoft antivirus solution
+
+1. Fully update the machine including Microsoft Defender Antivirus (Windows Server 2016) ensuring [prerequisites](configure-server-endpoints.md#prerequisites) have been met.
+2. Ensure third-party antivirus management no longer pushes antivirus agents to these machines.*
+3. Author your policies for the protection capabilities in Microsoft Defender for Endpoint and target those to the machine in the tool of your choice.*
+4. Install the Microsoft Defender for Endpoint for Windows Server 2012 R2 and 2016 package and **enable passive mode**. See [Install Microsoft Defender Antivirus using command line](configure-server-endpoints.md#install-microsoft-defender-for-endpoint-using-the-command-line).
+ a. Apply the onboarding script **for use with Group Policy** downloaded from [Microsoft 365 Defender](https://security.microsoft.com).
+5. Apply updates.
+6. Remove your non-Microsoft antivirus software by either using the non-Microsoft antivirus console or by using Microsoft Endpoint Configuration Manager as
appropriate. Make sure to remove passive mode configuration.* > [!TIP]
Name: ForceDefenderPassiveMode
Type: REG_DWORD Value: 0
-For more information on migrating servers from MMA to unified solution, see [Migrating servers from Microsoft Monitoring Agent to the unified solution](application-deployment-via-mecm.md).
-
-## Other migration scenarios
+## If you are running System Center Endpoint Protection but are not managing the machine using Microsoft Endpoint Configuration Manager (MECM/ConfigMgr)
-### You have a server that has been onboarded using the MMA-based Microsoft Defender for Endpoint. It has SCEP installed (Windows Server 2012 R2) or Microsoft Defender Antivirus (Windows Server 2016). This machine is **not** managed through Microsoft Defender for Cloud, Microsoft Endpoint Manager, or Microsoft Endpoint Configuration Manager.
-
-1. Fully update the machine including Microsoft Defender Antivirus (Windows Server 2016).
-2. Remove the MMA workspace configuration for Microsoft Defender for Endpoint. See [Remove a workspace using PowerShell](/azure/azure-monitor/agents/agent-manage).
+1. Fully update the machine including Microsoft Defender Antivirus (Windows Server 2016) ensuring [prerequisites](configure-server-endpoints.md#prerequisites) have been met.
+2. Create and apply policies using Group Policy, PowerShell, or a 3rd party management solution.
3. Uninstall System Center Endpoint Protection (Windows Server 2012 R2).
-4. Install the [prerequisites](configure-server-endpoints.md#prerequisites) where applicable.
5. Install Microsoft Defender for Endpoint (see [Configure server endpoints](configure-server-endpoints.md).) 6. Apply the onboarding script **for use with Group Policy** downloaded from [Microsoft 365 Defender](https://security.microsoft.com). 7. Apply updates.
-8. Create and apply policies using Group Policy, PowerShell, or a 3rd party management solution.
> [!TIP] > You can use the installer script to automate the above steps.
-### You have a server on which you want to install Microsoft Defender for Endpoint. It has a non-Microsoft endpoint protection or endpoint detection and response solution installed. You do not intend to use Microsoft Endpoint Configuration Manager or Microsoft Defender for Cloud. You use your own deployment mechanism.
-
-1. Fully update the machine including Microsoft Defender Antivirus (Windows Server 2016).
-2. Install the Microsoft Defender for Endpoint for Windows Server 2012 R2 & 2016 package and **enable passive mode**. See [Install Microsoft Defender Antivirus using command line](configure-server-endpoints.md#install-microsoft-defender-for-endpoint-using-the-command-line).
-3. Apply the onboarding script, appropriate to your environment, downloaded from [Microsoft 365 Defender](https://security.microsoft.com).
-4. Remove the non-Microsoft endpoint protection or endpoint detection and response solution, and remove passive mode.*
-5. Apply updates.
-6. Create and apply policies using Group Policy, PowerShell, or a 3rd party management solution.
-
-> [!TIP]
-> You can use the [installer script](server-migration.md#installer-script) to help automate steps 1 through 4. To enable passive mode, apply the -Passive flag which will ensure that Defender Antivirus goes into passive mode before onboarding and does not interfere with a non-Microsoft antimalware solution. Then to ensure Defender Antivirus remains in passive mode after onboarding to support EDR capabilities such as EDR Block make sure to set the "ForceDefenderPassiveMode" registry key. EXAMPLE: `.\install.ps1 -OnboardingScript ".\WindowsDefenderATPOnboardingScript.cmd" -Passive`
--
-*This step only applies if you intend to replace your non-Microsoft antivirus solution. We recommend using Microsoft Defender Antivirus, included in Microsoft Defender for Endpoint, to provide the full set of capabilities. See [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md).
-
-To move a machine out of passive mode, set the following key to 0:
-
-Path: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
-Name: ForceDefenderPassiveMode
-Type: REG_DWORD
-Value: 0
-- ## Microsoft Defender for Cloud scenarios ### You're using Microsoft Defender for Cloud. The Microsoft Monitoring Agent (MMA) and/or Microsoft Antimalware for Azure (SCEP) are installed and you want to upgrade.
security Supported Response Apis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/supported-response-apis.md
description: Learn about the specific response-related Microsoft Defender for En
keywords: response apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Troubleshoot Auditd Performance Issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-auditd-performance-issues.md
Contains general AuditD configuration and will display:
- **Auditctl -l** output
- - Will show what rules are currently loaded into the kernel (which may be different that what exists on disk in ΓÇ£/etc/auditd/rules.d/mdatp.rulesΓÇ¥).
+ - Will show what rules are currently loaded into the kernel (which may be different that what exists on disk in "/etc/auditd/rules.d/mdatp.rules").
- Will show which rules are related to Microsoft Defender for Endpoint.
AuditD exclusion ΓÇô support tool syntax help:
Examples:
-If ΓÇ£`/opt/app/bin/app`ΓÇ¥ writes to ΓÇ£`/opt/app/cfg/logs/1234.log`ΓÇ¥, then you can use the support tool to exclude with various options:
+If "`/opt/app/bin/app`" writes to "`/opt/app/cfg/logs/1234.log`", then you can use the support tool to exclude with various options:
`-e /opt/app/bin/app`
security Turn On Protocol Recognition https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/turn-on-protocol-recognition.md
- Title: Turn on protocol recognition for Microsoft Defender Antivirus
-description: Turn on protocol recognition for Microsoft Defender Antivirus.
-keywords: Microsoft Defender Antivirus, antimalware, security, defender, protocol recognition
-search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
-ms.sitesec: library
-- Previously updated : 02/21/2022-------
-# Turn on protocol recognition
--
-**Applies to:**
-- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)-- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)-
-This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities. If you enable or do not configure this setting, protocol recognition will be enabled. If you disable this setting, protocol recognition will be disabled.
-
-[!IMPORTANT]
-This setting is now deprecated.
-
-## Use Group Policy to configure protocol recognition
-
-1. On your Group Policy management endpoint, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)).
-
-2. Go to **Computer Configuration** \> **Administrative Templates** \> **Windows Components** \> **Microsoft Defender Antivirus** \> **Network Inspection System**.
-
-3. Select **protocol recognition**. By default, this policy is enabled. If set **Not configured**, definition retirement is enabled.
-
-4. To edit the policy, select the **edit policy setting** link.
-
-5. Select **Enabled**, and then select **OK**.
-
-6. Deploy your updated Group Policy Object. See [Group Policy Management Console](/windows/win32/srvnodes/group-policy).
-
-> [!TIP]
-> Are you using Group Policy Objects on premises? See how they translate in the cloud. [Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Endpoint Manager - Preview](/mem/intune/configuration/group-policy-analytics).
-
-## Related articles
--- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)-- [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md)-- [How to create and deploy antimalware policies: Cloud-protection service](/configmgr/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service)
security Update Alert https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/update-alert.md
Classification|String|Specifies the specification of the alert. The property val
Determination|String|Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other' Comment|String|Comment to be added to the alert.
+>[!NOTE]
+>Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.
+ ## Response If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body with the updated properties. If alert with the specified ID wasn't found - 404 Not Found.
security Web Protection Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-protection-overview.md
ms.pagetype: security
ms.localizationpriority: medium Last updated : 07/25/2022 audience: ITPro
DeviceEvents
| where ActionType == "SmartScreenUrlWarning" | extend ParsedFields=parse_json(AdditionalFields) | project DeviceName, ActionType, Timestamp, RemoteUrl, InitiatingProcessFileName, Experience=tostring(ParsedFields.Experience)
-| where Experience == "CustomBlockList"
+| where Experience == "CustomPolicy"
``` Similarly, you can use the query below to list all WCF blocks originating from Network Protection (for example, a WCF block in a third-party browser). Note that the ActionType has been updated and 'Experience' has been changed to 'ResponseCategory'.
security Defender Vulnerability Management Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-faq.md
For new customers (non-Defender for Endpoint Plan 2 / non-E5), see [Defender Vul
> [!NOTE] > Customers need to have the global admin role defined in Azure AD to onboard the trial. >
-> WeΓÇÖre happy to assist with initial trial onboarding and to meet with customers to provide an overview of the product capabilities. To do this or if you have any questions, [contact us](mailto:mdvmtrial@microsoft.com) (mdvmtrial@microsoft.com) and we will get in touch!
+> We're happy to assist with initial trial onboarding and to meet with customers to provide an overview of the product capabilities. To do this or if you have any questions, [contact us](mailto:mdvmtrial@microsoft.com) (mdvmtrial@microsoft.com) and we will get in touch!
### How is the service provisioned/deployed?
Once a customer is onboarded on to the free-trial experience, Defender Vulnerabi
Currently, there is no need to assign the new Defender Vulnerability Management license to users. Licenses will be applied automatically after a customer signs up for the free public preview trial.
-### If a customer is in private preview, what will happen to their premium capabilities if I donΓÇÖt sign up for a free public preview trial?
+### If a customer is in private preview, what will happen to their premium capabilities if I don't sign up for a free public preview trial?
-The new capabilities will be available only to customers who onboard the public preview trial. Customers who havenΓÇÖt onboarded will lose access to these capabilities. Blocked applications will be immediately unblocked. Security baseline profiles may be stored for a short additional time before being deleted.
+The new capabilities will be available only to customers who onboard the public preview trial. Customers who haven't onboarded will lose access to these capabilities. Blocked applications will be immediately unblocked. Security baseline profiles may be stored for a short additional time before being deleted.
### How long does the public preview trial last and what happens at the end of my trial?
Microsoft Defender Vulnerability Management is available as a vulnerability mana
### Can I turn on Defender Vulnerability Management capabilities on a subset of devices in my organization?
-There isnΓÇÖt a way to selectively light up the Defender Vulnerability Management assessment capabilities (block vulnerable applications, browser extension, certificate inventory, and network share assessment) on a subset of devices in a given tenant.
+There isn't a way to selectively light up the Defender Vulnerability Management assessment capabilities (block vulnerable applications, browser extension, certificate inventory, and network share assessment) on a subset of devices in a given tenant.
security Defender Vulnerability Management Trial https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-trial.md
ms.technology: m365d
[!include[Prerelease information](../../includes/prerelease.md)]
-Microsoft Defender Vulnerability Management is a new service that provides advanced vulnerability management capabilities to minimize your organizationΓÇÖs cyber risk. Get real-time asset discovery, continuous risk-based assessment and prioritization, and built in remediation tools.
+Microsoft Defender Vulnerability Management is a new service that provides advanced vulnerability management capabilities to minimize your organization's cyber risk. Get real-time asset discovery, continuous risk-based assessment and prioritization, and built in remediation tools.
It includes the existing vulnerability management capabilities in Microsoft Defender for Endpoint and new capabilities to further provide enhanced tools so your teams can intelligently assess, prioritize, and seamlessly remediate the biggest risks to your organization.
See the [terms and conditions](/legal/microsoft-365/microsoft-365-trial) for Mic
Wondering what you can experience in your free trial? The Defender Vulnerability Management trial includes: - **[Security baselines assessment](tvm-security-baselines.md)**: When the trial ends security baseline profiles may be stored for a short additional time before being deleted.-- **[Blocking vulnerable applicationsΓÇ»(beta)](tvm-block-vuln-apps.md)**: When the trial ends blocked applications will be immediately unblocked whereas baseline profiles may be stored for a short additional time before being deleted.
+- **[Blocking vulnerable applications (beta)](tvm-block-vuln-apps.md)**: When the trial ends blocked applications will be immediately unblocked whereas baseline profiles may be stored for a short additional time before being deleted.
- **[Browser extensions assessment](tvm-browser-extensions.md)** - **[Digital certificates assessment](tvm-certificate-inventory.md)** - **[Network shares analysis](tvm-network-share-assessment.md)**
security Get Defender Vulnerability Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management.md
To sign up:
2. Visit [Microsoft Defender Vulnerability Management Public Preview Trial](https://signup.microsoft.com/get-started/signup?products=dee3976b-2cfd-40c3-90b6-3147cbf03146&ali=1&ru=https://aka.ms/MdvmPortal). 3. Follow the prompts to sign in. This will differ depending on whether you already have a Microsoft 365 subscription or not. 4. Once you have signed in, select the **Try now** button to confirm your order of the 120 day subscription of the Microsoft Defender Vulnerability Management Public Preview Trial.
-5. Select **Continue**. YouΓÇÖll now be directed to the Microsoft 365 Defender portal.
+5. Select **Continue**. You'll now be directed to the Microsoft 365 Defender portal.
> [!NOTE] > Once you activate the trial it can take up to 4 hours for Defender Vulnerability Management to be fully available in your tenant.
If you already have an existing Defender for Endpoint Plan 2 or Microsoft 365 E5
1. Visit [Microsoft Defender Vulnerability Management Add-on Public Preview Trial](https://signup.microsoft.com/get-started/signup?products=5908ecaa-b8a7-4a04-b6c0-d44fd934b6f2&ali=1&ru=https://aka.ms/MdvmPortal). 2. Follow the prompts to sign in. This will differ depending on whether you already have a Microsoft 365 subscription or not. 3. Once you have signed in, select the **Try now** button to confirm your order of the 120 day subscription of the Microsoft Defender Vulnerability Add-on Public Preview Trial.
-4. Select **Continue**. YouΓÇÖll now be directed to the Microsoft 365 Defender portal.
+4. Select **Continue**. You'll now be directed to the Microsoft 365 Defender portal.
> [!NOTE] > Once you activate the trial it can take up to 6 hours for the new features to become available in the portal.
security Trial Playbook Defender Vulnerability Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/trial-playbook-defender-vulnerability-management.md
Watch the following video to learn more about Defender Vulnerability Management:
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Y1FX]
-## LetΓÇÖs get started
+## Let's get started
### Step 1: Set-up
Watch the following video to learn more about Defender Vulnerability Management:
> [!NOTE] > Once you activate the trial it can take up to 6 hours for the new features to become available in the portal.
-Now that you have set up your trial, itΓÇÖs time to try key capabilities.
+Now that you have set up your trial, it's time to try key capabilities.
### Step 2: Know what to protect in a single view
-Built-in and agentless scanners continuously monitor and detect risk even when devices arenΓÇÖt connected to the corporate network. Expanded asset coverage consolidates software applications, digital certificates, network shares, and browser extensions into a single inventory view.
+Built-in and agentless scanners continuously monitor and detect risk even when devices aren't connected to the corporate network. Expanded asset coverage consolidates software applications, digital certificates, network shares, and browser extensions into a single inventory view.
1. [**Device inventory**](../defender-endpoint/machines-view-overview.md) - The device inventory shows a list of the devices in your network. By default, the list displays devices seen in the last 30 days. At a glance, you'll see information such as domains, risk levels, OS platform, associated CVEs, and other details for easy identification of devices most at risk.
-2. Discover and assess your organizationΓÇÖs software in a single, consolidated inventory view:
+2. Discover and assess your organization's software in a single, consolidated inventory view:
- [**Software application inventory**](tvm-software-inventory.md) - the software inventory in Defender Vulnerability Management is a list of known applications in your organization. The view includes vulnerability and misconfiguration insights across installed software with prioritized impact scores and details such as OS platforms, vendors, number of weaknesses, threats, and an entity-level view of exposed devices. - [**Browser extension assessments**](tvm-browser-extensions.md) - the browser extensions page displays a list of the extensions installed across different browsers in your organization. Extensions usually need different permissions to run properly. Defender Vulnerability Management provides detailed information on the permissions requested by each extension and identifies those with the highest associated risk levels, the devices with the extension turned on, installed versions, and more. - [**Certificate inventory**](tvm-certificate-inventory.md) - the certificate inventory allows you to discover, assess, and manage digital certificates installed across your organization in a single view. This can help you:
Built-in and agentless scanners continuously monitor and detect risk even when d
- [View blocked applications](tvm-block-vuln-apps.md#view-blocked-applications) - [Unblock applications](tvm-block-vuln-apps.md#unblock-applications)
-4. Use enhanced assessment capabilities such as [Network shares analysis](tvm-network-share-assessment.md) to protect vulnerable network shares. As network shares can be easily accessed by network users, small common weaknesses can make them vulnerable. These types of misconfigurations are commonly used in the wild by attackers for lateral movement, reconnaissance, data exfiltration, and more. ThatΓÇÖs why we built a new category of configuration assessments in Defender Vulnerability Management that identify the common weaknesses that expose your endpoints to attack vectors in Windows network shares. This helps you:
+4. Use enhanced assessment capabilities such as [Network shares analysis](tvm-network-share-assessment.md) to protect vulnerable network shares. As network shares can be easily accessed by network users, small common weaknesses can make them vulnerable. These types of misconfigurations are commonly used in the wild by attackers for lateral movement, reconnaissance, data exfiltration, and more. That's why we built a new category of configuration assessments in Defender Vulnerability Management that identify the common weaknesses that expose your endpoints to attack vectors in Windows network shares. This helps you:
- Disallow offline access to shares - Remove shares from the root folder
- - Remove share write permission set to ΓÇÿEveryoneΓÇÖ
+ - Remove share write permission set to 'Everyone'
- Set folder enumeration for shares
-5. View and monitor your organizationΓÇÖs devices using a [**Vulnerable devices report**](tvm-vulnerable-devices-report.md) that shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
+5. View and monitor your organization's devices using a [**Vulnerable devices report**](tvm-vulnerable-devices-report.md) that shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
### Step 4: Set up security baseline assessments
Security baselines provide support for Center for Internet Security (CIS) benchm
### Step 5: Create meaningful reports to get in-depth insights using APIs and Advanced Hunting
-Defender Vulnerability Management APIs can help drive clarity in your organization with customized views into your security posture and automation of vulnerability management workflows. Alleviate your security teamΓÇÖs workload with data collection, risk score analysis, and integrations with your other organizational processes and solutions. For more information, see:
+Defender Vulnerability Management APIs can help drive clarity in your organization with customized views into your security posture and automation of vulnerability management workflows. Alleviate your security team's workload with data collection, risk score analysis, and integrations with your other organizational processes and solutions. For more information, see:
- [Export assessment methods and properties per device](../defender-endpoint/get-assessment-methods-properties.md) - [Defender Vulnerability Management APIs blog](https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/new-threat-amp-vulnerability-management-apis-create-reports/ba-p/2445813)
security Tvm Prerequisites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-prerequisites.md
For more information, see [Create and manage roles for role-based access control
**Threat and vulnerability management ΓÇô Manage security baselines assessment profiles** - Create and manage profiles so you can assess if your devices comply to security industry baselines. >[!Note]
-> For the Defender Vulnerability Management public preview trial this permission is not required. Users with ΓÇ£Threat and vulnerability management - View dataΓÇ¥ permissions can manage security baselines. However, when the trial ends and a license is purchased, this permission is required.
+> For the Defender Vulnerability Management public preview trial this permission is not required. Users with "Threat and vulnerability management - View data" permissions can manage security baselines. However, when the trial ends and a license is purchased, this permission is required.
## Related articles
security Tvm Weaknesses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses.md
When a security recommendation is available you can select **Go to the related s
Recommendations for a CVE are often to remediate the vulnerability through a security update for the related software. However, Some CVEs won't have a security update available. This might apply to all the related software for a CVE or just a subset, for example, a software vendor might decide not to fix the issue on a particular vulnerable version.
-When a security update is only available for some of the related software, the CVE will have the tag ΓÇÿSome updates availableΓÇÖ. Once there is at least one update available, you'll have the option to go to the related security recommendation.
+When a security update is only available for some of the related software, the CVE will have the tag 'Some updates available'. Once there is at least one update available, you'll have the option to go to the related security recommendation.
:::image type="content" alt-text="Some updates available and no updates available tag examples." source="../../media/defender-vulnerability-management/weaknesses-cve-some-updates.png" lightbox="../../media/defender-vulnerability-management/weaknesses-cve-some-updates.png":::
-If there is no security update available, the CVE will have the tag ΓÇÿNo updates availableΓÇÖ. There will be no option to go to the related security recommendation as software that doesnΓÇÖt have a security update available is excluded from the Security recommendations page.
+If there is no security update available, the CVE will have the tag 'No updates available'. There will be no option to go to the related security recommendation as software that doesn't have a security update available is excluded from the Security recommendations page.
> [!NOTE] > Security recommendations only include devices and software packages that have security updates available.
The information on security update availability is also visible in the _Update a
### Software that isn't supported
-A CVE for software that isnΓÇÖt currently supported by vulnerability management still appears in the Weaknesses page. Because the software is not supported, only limited data will be available.
+A CVE for software that isn't currently supported by vulnerability management still appears in the Weaknesses page. Because the software is not supported, only limited data will be available.
Exposed device information will not be available for CVEs with unsupported software. Filter by unsupported software by selecting the "Not available" option in the "Exposed devices" section.
security Advanced Hunting Devicetvmsoftwareinventory Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwareinventory-table.md
For information on other tables in the advanced hunting schema, see [the advance
| `EndOfSupportStatus` | `string` | Indicates the lifecycle stage of the software product relative to its specified end-of-support (EOS) or end-of-life (EOL) date | | `EndOfSupportDate` | `string` | End-of-support (EOS) or end-of-life (EOL) date of the software product | | `ProductCodeCpe` | `string` | CPE of the software product or 'not available' where there is no CPE |
-| `CveTags` | `string` | An array of the tags relevant to the CVE. Tags that are currently supported are ΓÇ£ZeroDayΓÇ¥ and ΓÇ£NoSecurityUpdateΓÇ¥.
+| `CveTags` | `string` | An array of the tags relevant to the CVE. Tags that are currently supported are "ZeroDay" and "NoSecurityUpdate".
## Related topics
security Api Incident https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/api-incident.md
tags | string List | List of Incident tags.
comments | List of incident comments | Incident Comment object contains: comment string, createdBy string, and createTime date time. alerts | Alert List | List of related alerts. See examples at [List incidents](api-list-incidents.md) API documentation.
+>[!NOTE]
+>Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.
+ ## Related articles - [Microsoft 365 Defender APIs overview](api-overview.md)
security Api Update Incidents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/api-update-incidents.md
determination|Enum|Specifies the determination of the incident. Possible values
tags|string List|List of Incident tags. comment|string|Comment to be added to the incident.
+>[!NOTE]
+>Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.
+ ## Response If successful, this method returns `200 OK`. The response body will contain the incident entity with updated properties. If an incident with the specified ID wasn't found, the method returns
security Before You Begin Defender Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/before-you-begin-defender-experts.md
+
+ Title: Key infrastructure requirements before enrolling in the Microsoft Defender Experts for Hunting service
+
+description: This section outlines the key infrastructure requirements you must meet and important information on data access and compliance
+keywords: managed threat hunting service, managed threat hunting, managed detection and response (MDR) service, MTE, Microsoft Threat Experts, MTE-TAN, defender experts notification, Targeted Attack Notification, Microsoft Defender Experts for hunting, threat hunting and analysis.
+search.product: Windows 10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+ms.localizationpriority: medium
+
+audience: ITPro
+
+ - m365-security-compliance
+ - m365initiative-defender-endpoint
+
+ms.technology: mde
++
+# Before you begin using Defender Experts for Hunting
++
+**Applies to:**
+
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+This document outlines the key infrastructure requirements you must meet and important information on data access and compliance you must know before enrolling in the Microsoft Defender Experts for Hunting service. Microsoft understands that customers who use our managed services entrust us with their most valued asset, their data.
+
+## Check if your environment meets licensing and access prerequisites
+
+Microsoft Defender Experts for Hunting is a separate service from your existing Defender products. Before enrolling in this service, make sure that you have the necessary license and access.
+
+### Eligibility and licensing
+
+Defender Experts for Hunting customers will be assigned two Experts on Demand credits on the first of each month, which may be used to submit questions. Unused credits expire 90 days from date of assignment or at the end of the subscription term, whichever is shortest.
+
+For more information about Microsoft's commercial licensing terms, visit [this page](https://www.microsoft.com/licensing/terms/productoffering/Microsoft365/MCA).
+
+### Access requirements
+
+Anyone from your organization can complete the customer interest form for Microsoft Defender Experts for Hunting service, however, you need to work with your Commercial Executive to transact the SKU. You might need certain roles and permissions to fully access the service capabilities. Refer to [Custom roles in role-based access control for Microsoft 365 Defender](custom-roles.md) for details.
+
+## Understand the service's availability and data access requirements
+
+Defender Experts for Hunting is a managed threat hunting service that proactively hunts for threats across endpoints, email, identity, and cloud apps. To carry out hunting on your behalf, Microsoft experts need access to your Microsoft 365 Defender advanced hunting data. Enrolling in this service means you're granting permission to Microsoft experts to access the said data.
+
+The following sections enumerate additional information about the service's data usage, compliance, and availability. For more information about Microsoft's commitment in valuing and protecting your data, visit the [Trust Center](https://aka.ms/trustcenter-dex4hunting) > scroll down to **Additional products and services** > **Managed Security Services** > [**Microsoft Defender Expert for Hunting**](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE51fRH).
+
+### Data collection, usage, and retention
+
+All data used for hunting from existing Defender services will continue to reside in the customer's original Microsoft 365 Defender service storage location. [Learn more](../../enterprise/o365-data-locations.md)
+
+Defender Experts for Hunting operational data, such as case tickets and analyst notes, are generated and stored in a Microsoft data center in the US region for the length of the service, irrespective of the Microsoft 365 Defender service storage location. Data generated for the reporting dashboard is stored in customer's Microsoft 365 Defender service storage location. Reporting data and operational data will be retained for a grace period of no less than 90 days after a customer leaves the service.
+
+Microsoft experts hunt over [advanced hunting logs](../../security/defender/advanced-hunting-schema-tables.md) in Microsoft 365 Defender advanced hunting tables. The data in these tables depend on the set of Defender services the customer is enabled for (for example, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Azure Active Directory). Experts also use a large set of internal threat intelligence data to inform their hunting and automation.
+
+### Security and compliance
+
+When you purchase and onboard to Defender Experts for Hunting, you're granting permission to Microsoft experts to access your advanced hunting data.
+
+This service has been developed in alignment with existing security and privacy standards and is working towards several certifications, including ISO 27001 and ISO 27018.
+
+### Availability
+
+This service is available worldwide for customers in our commercial public clouds. It's currently not available to customers in government and sovereign clouds.
+
+### Languages
+
+This service is currently delivered in English language only.
+
+## Apply for Microsoft Defender Experts for Hunting service
+
+If you haven't done so yet, you can complete the customer interest form for Defender Experts for Hunting:
+
+1. Complete the customer interest form. Anyone from your company can apply, but if you're accepted, you need to work with your Commercial Executive to transact the SKU.
+2. Enter your company email ID.
+3. Select **Submit**. Someone from our sales team will reach out within five business days.
++
+### Next step
+
+- [Start using Defender Experts for Hunting](onboarding-defender-experts-for-hunting.md)
security Defender Experts For Hunting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/defender-experts-for-hunting.md
+
+ Title: What is Microsoft Defender Experts for Hunting offering
+
+description: Defender Experts for Hunting is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints
+keywords: defender experts notifications, managed threat hunting, managed detection and response (MDR) service, MTE, Microsoft Threat Experts, MTE-TAN, targeted attack notification, Targeted Attack Notification, Microsoft Defender Experts for hunting, threat hunting and analysis.
+search.product: Windows 10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+ms.localizationpriority: medium
+
+audience: ITPro
+
+ - m365-security-compliance
+ - m365initiative-defender-endpoint
+
+ms.technology: mde
++
+# Microsoft Defender Experts for Hunting
++
+**Applies to:**
+
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+Defender Experts for Hunting was created for customers who have a robust security operations center but want Microsoft to help them proactively hunt threats using Microsoft Defender data. Defender Experts for Hunting is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints, Office 365, cloud applications, and identity. Our experts will investigate anything they find, then hand off the contextual alert information along with remediation instructions, so you can quickly respond.
+
+The following capabilities included in this managed threat hunting service could also help with your daily SecOps work:
+
+- **Threat hunting and analysis** ΓÇô Defender Experts for Hunting look deeper to expose advanced threats and identify the scope and impact of malicious activity associated with human adversaries or hands-on-keyboard attacks.
+- **Defender Experts Notifications** ΓÇô Notifications show up as incidents in Microsoft 365 Defender, helping to improve your security operations' incident response with specific information about the scope, method of entry, and remediation instructions.
+- **Experts on Demand** ΓÇô Select **Ask Defender Experts** in the Microsoft 365 Defender portal to get expert advice about threats your organization is facing. You can ask for help on a specific incident, nation-state actor, or attack vector-related notifications.
+- **Hunter-trained AI** ΓÇô Our Defender Experts for Hunting share their learning back into the automated tools they use to improve threat discovery and prioritization.
+- **Reports** ΓÇô An interactive report summarizing what we hunted and what we found.
+
+[Watch this short video](https://youtu.be/4t1JgE0X0jc) to learn more about how Microsoft Defender Experts for Hunting can help you track the latest advanced threats in your environment.
+
+Defender Experts for Hunting is sold separately from other Microsoft 365 Defender products. If you're a Microsoft 365 Defender customer and are interested in purchasing Defender Experts for Hunting, complete a customer interst form.
+
+### Next step
+
+- [Before you begin using Defender Experts for Hunting](before-you-begin-defender-experts.md)
security Defender Experts Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/defender-experts-report.md
description: The Defender Experts for Hunting service publishes monthly reports
keywords: analyst report, defender experts report, detections, defender expert notification, hunting, notifications, threat categories, hunting reports search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
# Understand the Defender Experts for Hunting report in Microsoft 365 Defender **Applies to:** -- Microsoft 365 Defender
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
-
-Microsoft Defender Experts for Hunting layers human intelligence and expert-trained technology to help Microsoft 365 Defender customers understand the significant threats they face. It showcases how Defender ExpertΓÇÖs threat hunting skills, thorough understanding of the threat landscape, and knowledge of emerging threats can help you identify, prioritize, and address those threats in your environment.
+Microsoft Defender Experts for Hunting layers human intelligence and expert-trained technology to help Microsoft 365 Defender customers understand the significant threats they face. It showcases how Defender Expert's threat hunting skills, thorough understanding of the threat landscape, and knowledge of emerging threats can help you identify, prioritize, and address those threats in your environment.
The Defender Experts for Hunting service publishes monthly reports to help you understand all the threats the hunting service surfaced in your environment, alongside the alerts generated by your Microsoft 365 Defender products.
Each section of the report is designed to provide more insights about the threat
Refer to the following screenshot of a sample report:
-![defender experts report](../../media/mte/defender-experts-report.png)
+![Screenshot of a Microsoft Defender Experts for Hunting report in Microsoft 365 Defender portal.](../../media/mte/defenderexperts/defender-experts-report.png)
## View Defender Experts Notifications A Defender Experts Notification describes the significant threat activity Defender Experts for Hunting observed in your environment and provides recommendations to remediate and defend your organization.
-The Defender Experts for Hunting reports provide you with the total number of Defender Experts Notifications our Defender Experts have sent for your chosen time. To view these notifications, click **View notification** beside **Notified**.
+The Defender Experts for Hunting reports provide you with the total number of Defender Experts Notifications our Defender Experts have sent for your chosen time. To view these notifications, select **View notification** beside **Notified**.
This link redirects you to the Microsoft 365 Defender incidents page. Defender Expert for Hunting alerts or Defender Experts Notifications are labeled with **Defender Experts**.
This link redirects you to the Microsoft 365 Defender incidents page. Defender E
## Identify potential attack entry points and other security weak spots
-The MITRE ATT&CK tactics represent adversary goalsΓÇöwhat theyΓÇÖre trying to achieve in each attack phase. The **MITRE ATT&CK tactics observed** section of the report tracks the progression of attack against the phase they reached:
+The MITRE ATT&CK tactics represent adversary goalsΓÇöwhat they're trying to achieve in each attack phase. The **MITRE ATT&CK tactics observed** section of the report tracks the progression of attack against the phase they reached:
1. Reconnaissance 2. Resource Development 3. Initial access
-4. Execution
-3. Persistence
-4. Privilege escalation
-5. Defense evasion
+4. Execution
+3. Persistence
+4. Privilege escalation
+5. Defense evasion
6. Credential access 7. Discovery
-8. Lateral movement
+8. Lateral movement
9. Collection 10. Command and control
-11. Exfiltration
+11. Exfiltration
12. Impact Signals from Microsoft 365 Defender and investigations by Defender Experts for Hunting help identify these tactics, represented in the bar chart. This chart helps you visualize where the surge is and provides you with the information you need to plan the corresponding containment and remediation actions.
Signals from Microsoft 365 Defender and investigations by Defender Experts for H
Threat categories help identify and organize security threats into classes to assess and evaluate their impact and develop strategies to prevent or mitigate these threats to your environment. The **Threat categories observed** section of the report shows a bar chart with significant risks and threats detected in your environment, helping you understand the breadth and scope of your exposure.
-Among the various threat categories available, the following categories are carefully chosen because they are not covered under the purview of MITRE ATT&CK framework:
+Among the various threat categories available, the following categories are carefully chosen because they aren't covered under the purview of MITRE ATT&CK framework:
- Ransomware - Malware
Among the various threat categories available, the following categories are care
- Exploit - Delivery
-You can prioritize remediation based on the most impacted category, as depicted in the bar graph.
+You can prioritize remediation based on the most impacted category, as depicted in the bar chart.
+
security Export Incidents Queue https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/export-incidents-queue.md
For example, for the data on the CSV file, you can apply filters to view the fol
- Data regarding how many high-severity incidents you had in the last 30 days. - Data regarding who is your most productive analyst.
-If you have thoughts or suggestions about the new **Export** feature (the **Export** button) for the incident queue, contact Microsoft team or send your feedback through the Microsoft 365 Defender portal.
+> [!NOTE]
+> The maximum number of records you can export to a CSV file is 10,000.
+
+If you have thoughts or suggestions about the new **Export** feature (the **Export** button) for the incident queue, contact Microsoft team or send your feedback through the Microsoft 365 Defender portal.
security Investigate Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-alerts.md
Microsoft 365 Defender alerts may come from solutions like Microsoft Defender fo
The **Actions taken** section has a list of impacted assets, such as mailboxes, devices, and users affected by this alert.
-You can also select **View in action center** to view the **History** tab of the **Action center** in the Microsoft 365 Defender portal.
+You can also select **View in action center** to view the **History** tab of the **Action center** in the Microsoft 365 Defender portal.
### Trace an alert's role in the alert story
The **Manage alert** pane allows you to view or specify:
- The alert status (New, Resolved, In progress). - The user account that has been assigned the alert. - The alert's classification:-
- - **Not set** (the default).
-
- - **True positive** with a type of threat. Use this classification for alerts that accurately indicate a real threat. Specifying the threat type helps your security team see threat patterns and act to defend your organization from them.
-
- - **Informational, expected activity** with a type of activity. Use the options in this category to classify alerts for security tests, red team activity, and expected unusual behavior from trusted apps and users.
-
- - **False positive** for types of alerts that were created even when there is no malicious activity. Classifying alerts as false positive helps Microsoft 365 Defender improve its detection quality.
-
+ - **Not Set** (default).
+ - **True positive** with a type of threat. Use this classification for alerts that accurately indicate a real threat. Specifying this threat type alerts your security team see threat patterns and act to defend your organization from them.
+ - **Informational, expected activity** with a type of activity. Use this option for alerts that are technically accurate, but represent normal behavior or simulated threat activity. You generally want to ignore these alerts but expect them for similar activities in the future where the activities are triggered by actual attackers or malware. Use the options in this category to classify alerts for security tests, red team activity, and expected unusual behavior from trusted apps and users.
+ - **False positive** for types of alerts that were created even when there is no malicious activity or for a false alarm. Use the options in this category to classify alerts that are mistakenly identified as normal events or activities as malicious or suspicious. Unlike alerts for 'Informational, expected activity', which can also be useful for catching real threats, you generally don't want to see these alerts again. Classifying alerts as false positive helps Microsoft 365 Defender improve its detection quality.
- A comment on the alert.
+>[!NOTE]
+> Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.
+ > [!NOTE] > One way of managing alerts it through the use of tags. The tagging capability for Microsoft Defender for Office 365 is incrementally being rolled out and is currently in preview. <br> > Currently, modified tag names are only applied to alerts created *after* the update. Alerts that were generated before the modification will not reflect the updated tag name.
The **Recommendations** tab provides next-step actions and advice for investigat
## Suppress an alert
-As a security operations center (SOC) analyst, one of the top issues is triaging the sheer number of alerts that are triggered daily. For lower priority alerts, an analyst is still required to triage and resolve the alert which tends to be a manual process. A SOC analystΓÇÖs time is valuable, wanting to focus only on high severity and high priority alerts.
+As a security operations center (SOC) analyst, one of the top issues is triaging the sheer number of alerts that are triggered daily. For lower priority alerts, an analyst is still required to triage and resolve the alert which tends to be a manual process. A SOC analyst's time is valuable, wanting to focus only on high severity and high priority alerts.
Alert suppression provides the ability to tune and manage alerts in advance. This streamlines the alert queue and saves triage time by hiding or resolving alerts automatically, each time a certain expected organizational behavior occurs, and rule conditions are met.
-You can create rule conditions based on ΓÇÿevidence typesΓÇÖ such as files, processes, scheduled tasks, and many other evidence types that trigger the alert. After creating the rule, user can apply the rule on the selected alert or any alert type that meets the rule conditions to suppress the alert.
+You can create rule conditions based on 'evidence types' such as files, processes, scheduled tasks, and many other evidence types that trigger the alert. After creating the rule, user can apply the rule on the selected alert or any alert type that meets the rule conditions to suppress the alert.
> [!NOTE] > Suppression of alerts is not recommended. However in certain situations, a known internal business application or security tests trigger an expected activity and you don't want to see these alerts. So, you can create a suppression rule for the alert.
To create a suppression rule for alerts:
Enter **Name**, **Comment**, and click **Save**. 7. **Prevent the IOCs from being blocked in the future:**<br>
-Once you save the suppression rule, in the **Successful suppression rule creation** page that appears, you can add the selected IOCs as indicators to the ΓÇ£allow listΓÇ¥ and prevent them from being blocked in the future. <br>
+Once you save the suppression rule, in the **Successful suppression rule creation** page that appears, you can add the selected IOCs as indicators to the "allow list" and prevent them from being blocked in the future. <br>
All alert-related IOCs will be shown in the list. <br> IOCs that were selected in the suppression conditions will be selected by default. 1. For example, you can add files to be allowed to the **Select evidence (IOC) to allow**. By default the file that triggered the alert is selected.
security Investigate Dlp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-dlp.md
Before you start, [turn on alerts for all your DLP policies](/microsoft-365/comp
## DLP investigation experience in Microsoft Sentinel
-You can use the Microsoft 365 Defender connector in Microsoft Sentinel to import all DLP incidents into Sentinel to extend your correlation, detection, and investigation across other data sources and extend your automated orchestration flows using SentinelΓÇÖs native SOAR capabilities.
+You can use the Microsoft 365 Defender connector in Microsoft Sentinel to import all DLP incidents into Sentinel to extend your correlation, detection, and investigation across other data sources and extend your automated orchestration flows using Sentinel's native SOAR capabilities.
1. Follow instructions on Connect data from Microsoft 365 Defender to Microsoft Sentinel to import all incidents including DLP incidents and alerts into Sentinel. Enable `CloudAppEvents` event connector to pull all O365 audit logs into Sentinel.
security Investigate Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-users.md
From here, you can select **Go to user page** to see the details of a user accou
You can also see this page by selecting the name of the user account from the list on the **Users** page.
-You can see group membership for the user by selecting the number under **Groups**.
+You can see group membership for the user by selecting the number under **Groups**. Selecting a group will open the **Groups** pane, which includes additional information such as the creation date and group membership.
+
+> [!NOTE]
+> Group membership only displays the first 1000 group members.
:::image type="content" source="../../media/investigate-users/user-group-membership.png" alt-text="The information about the group membership for a user in the Microsoft 365 Defender portal" lightbox="../../media/investigate-users/user-group-membership.png":::
security M365d Action Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/m365d-action-center.md
f1.keywords:
ms.localizationpriority: medium Last updated : 07/27/2022 audience: ITPro
# The Action center -- **Applies to:** - Microsoft 365 Defender
You can use the unified Action center if you have appropriate permissions and on
> [!TIP] > To learn more, see [Requirements](./prerequisites.md).
+You can navigate to the list of actions pending approval in two different ways:
+
+- Go to [https://security.microsoft.com/action-center](https://security.microsoft.com/action-center); or
+- In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the Automated investigation & response card, select **Approve in Action Center**.
+ ## Using the Action center 1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a> and sign in.
-2. In the navigation pane, choose **Action center**.
-When you visit the Action center, you see two tabs: **Pending actions** and **History**. The following table summarizes what you'll see on each tab:
+2. In the navigation pane, choose **Action center**. Or, in the Automated investigation & response card, select **Approve in Action Center**.
+
+3. Use the **Pending actions** and **History** tabs. The following table summarizes what you'll see on each tab:
-|Tab |Description |
-|||
-|**Pending** | Displays a list of actions that require attention. You can approve or reject actions one at a time, or select multiple actions if they have the same type of action (such as Quarantine file). <p>**TIP**: Make sure to review and approve (or reject) pending actions as soon as possible so that your automated investigations can complete in a timely manner. |
-|**History** | Serves as an audit log for actions that were taken, such as: <br/>- Remediation actions that were taken as a result of automated investigations <br/>- Remediation actions that were taken on suspicious or malicious email messages, files, or URLs<br/>- Remediation actions that were approved by your security operations team <br/>- Commands that were run and remediation actions that were applied during Live Response sessions<br/>- Remediation actions that were taken by your antivirus protection <p>Provides a way to undo certain actions (see [Undo completed actions](m365d-autoir-actions.md#undo-completed-actions)). |
+ |Tab |Description |
+ |||
+ |**Pending** | Displays a list of actions that require attention. You can approve or reject actions one at a time, or select multiple actions if they have the same type of action (such as Quarantine file). <br/><br/>Make sure to review and approve (or reject) pending actions as soon as possible so that your automated investigations can complete in a timely manner. |
+ |**History** | Serves as an audit log for actions that were taken, such as: <br/>- Remediation actions that were taken as a result of automated investigations <br/>- Remediation actions that were taken on suspicious or malicious email messages, files, or URLs<br/>- Remediation actions that were approved by your security operations team <br/>- Commands that were run and remediation actions that were applied during Live Response sessions<br/>- Remediation actions that were taken by your antivirus protection<br/><br/>Provides a way to undo certain actions (see [Undo completed actions](m365d-autoir-actions.md#undo-completed-actions)). |
-You can customize, sort, filter, and export data in the Action center.
+4. You can customize, sort, filter, and export data in the Action center.
+ :::image type="content" source="../../media/m3d-action-center-columnsfilters.png" alt-text="Screenshot that shows the sort, filter, and customize capabilities of the Action center." lightbox="../../media/m3d-action-center-columnsfilters.png":::
-- Select a column heading to sort items in ascending or descending order.-- Use the time period filter to view data for the past day, week, 30 days, or 6 months.-- Choose the columns that you want to view.-- Specify how many items to include on each page of data.-- Use filters to view just the items you want to see.-- Select **Export** to export results to a .csv file.
+ - Select a column heading to sort items in ascending or descending order.
+ - Use the time period filter to view data for the past day, week, 30 days, or 6 months.
+ - Choose the columns that you want to view.
+ - Specify how many items to include on each page of data.
+ - Use filters to view just the items you want to see.
+ - Select **Export** to export results to a .csv file.
## Actions tracked in the Action center
security M365d Autoir Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/m365d-autoir-actions.md
f1.keywords:
ms.localizationpriority: medium Last updated : 07/27/2022 audience: ITPro
ms.technology: m365d
# View and manage actions in the Action center -- **Applies to:** - Microsoft 365 Defender
Threat protection features in Microsoft 365 Defender can result in certain remed
> [!NOTE] > You must have [appropriate permissions](m365d-action-center.md#required-permissions-for-action-center-tasks) to approve or reject remediation actions. For more information, see the [prerequisites](m365d-configure-auto-investigation-response.md#prerequisites-for-automated-investigation-and-response-in-microsoft-365-defender).
+To navigate to the Action center, take one of the following steps:
+
+- Go to [https://security.microsoft.com/action-center](https://security.microsoft.com/action-center); or
+- In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the Automated investigation & response card, select **Approve in Action Center**.
+ ## Review pending actions in the Action center It's important to approve (or reject) pending actions as soon as possible so that your automated investigations can proceed and complete in a timely manner.
security M365d Autoir https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/m365d-autoir.md
f1.keywords:
ms.localizationpriority: medium Last updated : 07/19/2022 audience: ITPro
In Microsoft 365 Defender, each automated investigation correlates signals acros
To view investigations, go to the **Incidents** page. Select an incident, and then select the **Investigations** tab. To learn more, see [Details and results of an automated investigation](m365d-autoir-results.md).
+## Automated investigation & response card
+
+The new Automated investigation & response card is available in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). This new card visibility to the total number of available remediation actions. The card also gives an overview of all the alerts and required approval time for each alert.
++
+Using the Automated investigation & response card, your security operations team can quickly navigate to the Action center by selecting the **Approve in Action Center** link, and then taking appropriate actions. The card enables your security operations team to more effectively manage actions that are pending approval.
++ ## Training for security analysts Use this learning module from Microsoft Learn to understand how Microsoft 365 Defender uses automated self-healing for incident investigation and response.
security Microsoft 365 Security Center Defender Cloud Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps.md
Title: Microsoft Defender for Cloud Apps in Microsoft 365 Defender (Preview) description: Learn about changes from the Microsoft Defender for Cloud Apps to Microsoft 365 Defender keywords: Getting started with Microsoft 365 Defender, Microsoft Defender for Cloud Apps ms.mktglfcycl: deploy ms.localizationpriority: medium f1.keywords:
Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender. The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. SOC analysts will be able to triage, investigate and hunt across all Microsoft 365 Defender workloads, including cloud apps.
-Defender for Cloud Apps alerts will continue to appear in Microsoft 365 DefenderΓÇÖs incidents queue and alerts queue, but now with relevant content inside the alert pages available in the Microsoft 365 Defender portal, in a unified format with the proper adaptations to each alerts type.
+Defender for Cloud Apps alerts will continue to appear in Microsoft 365 Defender's incidents queue and alerts queue, but now with relevant content inside the alert pages available in the Microsoft 365 Defender portal, in a unified format with the proper adaptations to each alerts type.
Take a look in Microsoft 365 Defender at <https://security.microsoft.com>.
security Microsoft 365 Security Center Mde https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-center-mde.md
Title: Microsoft Defender for Endpoint in Microsoft 365 Defender description: Learn about changes from the Microsoft Defender Security Center to Microsoft 365 Defender keywords: Getting started with Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Endpoint, MDO, MDE, security portal, defender security portal ms.mktglfcycl: deploy ms.localizationpriority: medium f1.keywords:
security Microsoft 365 Security Center Mdi https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-center-mdi.md
Title: Microsoft Defender for Identity in Microsoft 365 Defender description: Learn about changes from the Microsoft Defender for Identity to Microsoft 365 Defender keywords: Getting started with Microsoft 365 Defender, Microsoft Defender for Identity, NDI ms.mktglfcycl: deploy ms.localizationpriority: medium f1.keywords:
Global search in Microsoft 365 Defender (using the search bar at the top of the
### Onboarding and administration
-The onboarding process is now automatic for new customers, with no need to manually configure a workspace. Additionally, all the admin features are available under the **Identities** menu in Microsoft 365 DefenderΓÇÖs Settings.
+The onboarding process is now automatic for new customers, with no need to manually configure a workspace. Additionally, all the admin features are available under the **Identities** menu in Microsoft 365 Defender's Settings.
### Alerting and incident correlation
-Defender for Identity alerts are now included in Microsoft 365 DefenderΓÇÖs alert queue, making them available to the auto incident correlation feature. This ensures that all alerts are available in one place, and that the scope of a breach can be determined quicker than before. For more information, see [Defender for Identity security alerts in Microsoft 365 Defender](/defender-for-identity/manage-security-alerts).
+Defender for Identity alerts are now included in Microsoft 365 Defender's alert queue, making them available to the auto incident correlation feature. This ensures that all alerts are available in one place, and that the scope of a breach can be determined quicker than before. For more information, see [Defender for Identity security alerts in Microsoft 365 Defender](/defender-for-identity/manage-security-alerts).
### Advanced hunting (new)
security Mssp Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/mssp-access.md
Title: Provide managed security service provider (MSSP) access description: Learn about changes from the Microsoft Defender Security Center to the Microsoft 365 Defender portal keywords: Getting started with the Microsoft 365 Defender portal, Microsoft Defender for Office 365, Microsoft Defender for Endpoint, MDO, MDE, single pane of glass, converged portal, security portal, defender security portal ms.mktglfcycl: deploy ms.localizationpriority: medium f1.keywords:
security Onboarding Defender Experts For Hunting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/onboarding-defender-experts-for-hunting.md
+
+ Title: How to subscribe to Microsoft Defender Experts for Hunting
+
+description: If you're new to Microsoft 365 Defender and Defender Experts for Hunting, this is how you subscribe
+keywords: managed threat hunting service, managed threat hunting, managed detection and response (MDR) service, MTE, Microsoft Threat Experts, MTE-TAN, targeted attack notification, defender experts notifications, endpoint attack notifications, Microsoft Defender Experts for hunting, threat hunting and analysis.
+search.product: Windows 10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+ms.localizationpriority: medium
+
+audience: ITPro
+
+ - m365-security-compliance
+ - m365initiative-defender-endpoint
+
+ms.technology: mde
++
+# Start using Microsoft Defender Experts for Hunting
++
+**Applies to:**
+
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+## Onboarding
+
+If you're new to Microsoft 365 Defender and Defender Experts for Hunting:
+
+1. Upon getting your welcome email, select **Log into Microsoft 365 Defender**.
+2. Sign in if you already have a Microsoft account. If none, create one.
+3. The Microsoft 365 Defender quick tour will get you familiar with the security suite, where the capabilities are and how important they are. Select **Take a quick tour**.
+4. Read the short descriptions about what the Microsoft Defender Experts service is and the capabilities it provides. Select **Next**. You'll see the welcome page:
+
+![Screenshot of the Microsoft 365 Defender welcome page with a card for the Defender Experts for Hunting service.](../../media/mte/defenderexperts/start-using-defender-experts-for-hunting.png)
+
+## Receive Defender Experts Notifications
+
+The Defender Experts Notifications service includes:
+- Threat monitoring and analysis, reducing dwell time and the risk to your business
+- Hunter-trained artificial intelligence to discover and target both known attacks and emerging threats
+- Identification of the most pertinent risks, helping SOCs maximize their effectiveness
+- Help in scoping compromises and as much context as can be quickly delivered to enable a swift SOC response
+
+Refer to the following screenshot to see a sample Defender Experts Notification:
+
+![Secreenshot of a Defender Experts Notification in Microsoft 365 Defender. A Defender Expert Notification includes a title that describes the threat or activity observed, an executive summary, and list of recommendations.](../../media/mte/defenderexperts/receive-defender-experts-notification.png)
+
+### Where you'll find Defender Experts Notifications
+
+You can receive Defender Experts Notifications from Defender Experts through the following mediums:
+
+- The Microsoft 365 Defender portal's [Incidents](https://security.microsoft.com/incidents?tid=f839b112-d9d7-4d27-9bf6-94542403f21c) page
+- The Microsoft 365 Defender portal's [Alerts](https://security.microsoft.com/alerts?tid=f839b112-d9d7-4d27-9bf6-94542403f21c) page
+- OData alerting [API](../../security/defender-endpoint/get-alerts.md) and [REST API](../defender-endpoint/configure-siem.md)
+- [DeviceAlertEvents](../../security/defender-endpoint/advanced-hunting-devicealertevents-table.md) table in Advanced hunting
+
+### Filter to view just the Defender Experts Notifications
+
+You can filter your incidents and alerts if you want to only see the Defender Experts Notifications amongst the many alerts. To do so:
+
+1. On the navigation menu, go to **Incidents & alerts** > **Incidents** > select the ![Filter icon](../../media/mte/defenderexperts/filter.png) icon.
+2. Scroll down to the **Tags** field > select the **Defender Experts** check box.
+3. Select **Apply**.
+
+### Collaborate with Experts on Demand
+
+> [!NOTE]
+> Experts on Demand is included in your Defender Experts for Hunting subscription with monthly allocations. However, it's not a security incident response service. It's intended to provide a better understanding of complex threats affecting your organization. Engage with your own security incident response team to address urgent security incident response issues. If you don't have your own security incident response team and would like Microsoft's help, create a support request in the [Premier Services Hub](/services-hub/).
+
+Select **Ask Defender Experts** directly inside the Microsoft 365 security portal to get swift and accurate responses to all your threat hunting questions. Experts can provide insight to better understand the complex threats your organization may face. Experts on Demand can help to:
+
+- Gather additional information on alerts and incidents, including root causes and scope
+- Gain clarity into suspicious devices, alerts, or incidents and take next steps if faced with an advanced attacker
+- Determine risks and available protections related to threat actors, campaigns, or emerging attacker techniques
+
+The option to **Ask Defender Experts** is available in several places throughout the portal:
+
+- ***Device page actions menu***
+
+![Screenshot of the Ask Defender Experts menu option in the Device page action menu in the Microsoft 365 Defender portal.](../../media/mte/defenderexperts/device-page-actions-menu.png)
+
+- ***Device inventory page flyout menu***
+
+![Screenshot of the Ask Defender Experts menu option in the Device inventory page flyout menu in the Microsoft 365 Defender portal.](../../media/mte/defenderexperts/device-inventory-flyout-menu.png)
+
+- ***Alerts page flyout menu***
+
+![Screenshot of the Ask Defender Experts menu option in the Alerts page flyout menu in the Microsoft 365 Defender portal.](../../media/mte/defenderexperts/alerts-flyout-menu.png)
+
+- ***Incidents page actions menu***
+
+![Screenshot of the Ask Defender Experts menu option in the Incidents page actions menu in the Microsoft 365 Defender portal.](../../media/mte/defenderexperts/incidents-page-actions-menu.png)
+
+> [!NOTE]
+> If you'd like to track the status of your Experts on Demand cases through Microsoft Services Hub, reach out to your Customer Success Account Manager. Watch this [video](https://www.microsoft.com/videoplayer/embed/RE4pk9f) for a quick overview of the Microsoft Services Hub.
+
+## Sample questions you can ask from Defender Experts
+
+### Alert information
+
+- We saw a new type of alert for a living-off-the-land binary. We can provide the alert ID. Can you tell us more about this alert and if it's related to any incident and how we can investigate it further?
+- We've observed two similar attacks, which both try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious PowerShell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
+- We received an odd alert today about an abnormal number of failed logins from a high profile user's device. We can't find any further evidence for these attempts. How can Microsoft 365 Defender see these attempts? What type of logins are being monitored?
+- Can you give more context or insight about the alert and any related incidents, "Suspicious behavior by a system utility was observed"?
+- I observed an alert titled "Creation of forwarding/redirect rule". I believe the activity is benign. Can you tell me why I received an alert?
+
+### Possible device compromise
+
+- Can you help explain why we see a message or alert for "Unknown process observed" on many devices in our organization? We appreciate any input to clarify whether this message or alert is related to malicious activity or incidents.
+- Can you help validate a possible compromise on the following system, dating from last week? It's behaving similarly as a previous malware detection on the same system six months ago.
+
+### Threat intelligence details
+
+- We detected a phishing email that delivered a malicious Word document to a user. The document caused a series of suspicious events, which triggered multiple alerts for a particular malware family. Do you have any information on this malware? If yes, can you send us a link?
+- We recently saw a blog post about a threat that is targeting our industry. Can you help us understand what protection Microsoft 365 Defender provides against this threat actor?
+- We recently observed a phishing campaign conducted against our organization. Can you tell us if this was targeted specifically to our company or vertical?
+
+### Microsoft Defender Experts for Hunting' alert communications
+
+- Can your incident response team help us address the targeted attack notification that we got?
+- We received this Defender Experts Notification from Microsoft Defender Experts for Hunting. We don't have our own incident response team. What can we do now, and how can we contain the incident?
+- We received a Defender Experts Notification from Microsoft Defender Experts for Hunting. What data can you provide to us that we can pass on to our incident response team?
+
+### Next step
+
+- [Understand the Defender Experts for Hunting report in Microsoft 365 Defender](defender-experts-report.md)
security Playbook Detecting Ransomware M365 Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender.md
If pre-ransom activities are detected quickly, the likelihood of a severe attack
Business operation disruptions are likely when responding to a ransomware attack. The end stage of a ransomware attack is often a choice between downtime caused by attackers with major risks, or a controlled downtime to ensure network safety and give you time to fully investigate. We never recommend paying a ransom. Paying cybercriminals to get a ransomware decryption key provides no guarantee that your encrypted data will be restored. See, [Ransomware response - Microsoft Security Blog](https://www.microsoft.com/security/blog/2019/12/16/ransomware-response-to-pay-or-not-to-pay/).
-HereΓÇÖs the qualitative relationship of the impact of a ransomware attack and your time to respond for no detection vs. proactive detection and response.
+Here's the qualitative relationship of the impact of a ransomware attack and your time to respond for no detection vs. proactive detection and response.
![The qualitative relationship of the impact of a ransomware attack and your time to respond for no detection vs. proactive detection and response, showing the impact to your business reduces, the quicker you respond.](../../media/defender/playbook-detecting-ransomware-m365-defender-qualitative-diagram.png)
Being familiar with pre-ransom malware, payloads, and activities helps your anal
## Human-operated ransomware attack tactics
-Because human-operated ransomware can use known attack techniques and tools, your analystsΓÇÖ understanding and experience with existing attack techniques and tools will be a valuable asset when preparing your SecOps team for focused ransomware detection practices.
+Because human-operated ransomware can use known attack techniques and tools, your analysts' understanding and experience with existing attack techniques and tools will be a valuable asset when preparing your SecOps team for focused ransomware detection practices.
### Attack tactics and methods
You can easily filter the incidents queue for incidents that have been categoriz
Each filter setting for the incidents queue creates a URL that you can save and access later as a link. These URLs can be bookmarked or otherwise saved and used when needed at a single click. For example, you can create bookmarks for:
-* Incidents containing the ΓÇ£ransomwareΓÇ¥ category. Here is the corresponding [link](https://security.microsoft.com/incidents?filters=AlertStatus%3DNew%257CInProgress,category%3Dransomware&page_size=30&fields=expand,name,tags,severity,investigationStates,category,impactedEntities,alertCount,serviceSource,detectionSource,firstEventTime,lastEventTime,sensitivity,status,incidentAssignment,classification,determination,rbacGroup).
+* Incidents containing the "ransomware" category. Here is the corresponding [link](https://security.microsoft.com/incidents?filters=AlertStatus%3DNew%257CInProgress,category%3Dransomware&page_size=30&fields=expand,name,tags,severity,investigationStates,category,impactedEntities,alertCount,serviceSource,detectionSource,firstEventTime,lastEventTime,sensitivity,status,incidentAssignment,classification,determination,rbacGroup).
* Incidents with a specified **Actor** name known to be performing ransomware attacks. * Incidents with a specified **Associated threat** name known to be used in ransomware attacks. * Incidents containing a custom tag that your SecOps team uses for incidents that are known to be part of a larger, coordinated ransomware attack.
As needed, you can provide your security analysts with internal training for:
### Ongoing work based on operational learning and new threats
-As part of your SecOps teamΓÇÖs ongoing tool and process best practices and security analystsΓÇÖ experiences, you should:
+As part of your SecOps team's ongoing tool and process best practices and security analysts' experiences, you should:
* Update your catalog of advanced hunting queries with: * New queries based on the latest threat analytics reports in the Microsoft 365 Defender portal or the [Advanced Hunting GitHub repository](<https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/tree/master/Ransomware>).
security Streaming Api Event Hub https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/streaming-api-event-hub.md
To get the data types for event properties, do the following steps:
:::image type="content" source="../defender-endpoint/images/machine-info-datatype-example.png" alt-text="An example query for device info" lightbox="../defender-endpoint/images/machine-info-datatype-example.png"::: ## Estimating initial Event Hub capacity
-The following Advanced Hunting query can help provide a rough estimate of data volume throughput and initial event hub capacity based on events/sec and estimated MB/sec. We recommend running the query during regular business hours so as to capture ΓÇÿrealΓÇÖ throughput.
+The following Advanced Hunting query can help provide a rough estimate of data volume throughput and initial event hub capacity based on events/sec and estimated MB/sec. We recommend running the query during regular business hours so as to capture 'real' throughput.
```kusto let bytes_ = 500;
security Threat Analytics Analyst Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/threat-analytics-analyst-reports.md
description: Learn about the analyst report section of each threat analytics rep
keywords: analyst report, threat analytics, detections, advanced hunting queries, mitigations, search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Threat Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/threat-analytics.md
Title: Threat analytics in Microsoft 365 Defender
description: Learn about emerging threats and attack techniques and how to stop them. Assess their impact to your organization and evaluate your organizational resilience. keywords: threat analytics, risk evaluation, Microsoft 365 Defender, M365D, mitigation status, secure configuration, Microsoft Defender for Office 365, Microsoft Defender for Office 365 threat analytics, MDO threat analytics, integrated MDE and MDO threat analytics data, threat analytics data integration, integrated Microsoft 365 Defender threat analytics ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md
ms.pagetype: security
ms.localizationpriority: medium Last updated : 07/27/2022 audience: ITPro
ms.technology: m365d
# What's new in Microsoft 365 Defender - Lists the new features and functionality in Microsoft 365 Defender. RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader:
For more information on what's new with other Microsoft Defender security produc
- [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new) - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
-You can also get product updates and important notifications through the [message center](https://admin.microsoft.com/Adminportal/Home#/MessageCenter).
+You can also get product updates and important notifications through the [message center](https://admin.microsoft.com/Adminportal/Home#/MessageCenter).
+
+## August 2022
+- (GA) [Microsoft Defender Experts for Hunting](defender-experts-for-hunting.md) is now generally available. If you're a Microsoft 365 Defender customer with a robust security operations center but want Microsoft to help you proactively hunt for threats across endpoints, Office 365, cloud applications, and identity using Microsoft Defender data, then learn more about applying, setting up, and using the service. Defender Experts for Hunting is sold separately from other Microsoft 365 Defender products.
## July 2022 - (Preview) Microsoft Defender Experts for Hunting public preview participants can now look forward to receiving monthly reports to help them understand the threats the hunting service surfaced in their environment, along with the alerts generated by their Microsoft 365 Defender products. For details, refer to [Understand the Defender Experts for Hunting report in Microsoft 365 Defender](defender-experts-report.md).
You can also get product updates and important notifications through the [messag
## June 2022 - (Preview) The [DeviceTvmInfoGathering](advanced-hunting-devicetvminfogathering-table.md) and [DeviceTvmInfoGatheringKB](advanced-hunting-devicetvminfogatheringkb-table.md) tables are now available in the advanced hunting schema. Use these tables to hunt through assessment events in Defender Vulnerability Management including the status of various configurations and attack surface area states of devices.
+- The newly introduced Automated investigation & response card in the Microsoft 365 Defender portal provides an overview on pending remediation actions.
+The security operations team can view all actions pending approval, and the stipulated time to approve those actions in the card itself. The security team can quickly navigate to the Action center and take appropriate remediation actions. The Automated investigation & response card also has a link to the Full Automation page. This enables the security operations team to effectively manage alerts and complete remediation actions in a timely manner.
++ ## May 2022 - (Preview) In line with the recently announced expansion into a new service category called [Microsoft Security Experts](https://aka.ms/MicrosoftSecurityExperts), we're introducing the availability of [Microsoft Defender Experts for Hunting](defenderexpertsforhuntingprev.md) (Defender Experts for Hunting) for public preview. Defender Experts for Hunting is for customers who have a robust security operations center but want Microsoft to help them proactively hunt for threats across Microsoft Defender data, including endpoints, Office 365, cloud applications, and identity.
security Submission Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/submission-guide.md
ms.technology: m365d
If you have a file that you suspect might be malware or is being incorrectly detected, you can submit it to us for analysis. This page has answers to some common questions about submitting a file for analysis.
-## How do I send a malware file to Microsoft?
+## How do I submit a file to Microsoft for analysis?
-You can send us files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/wdsi/filesubmission).
+### Send a malware file
-We receive a large number of samples from many sources. Our analysis is prioritized by the number of file detections and the type of submission. You can help us complete a quick analysis by providing detailed information about the product you were using and what you were doing when you found the file.
+You can send files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/wdsi/filesubmission).
+
+You can complete a quick analysis by providing detailed information about the product you were using and what you were doing when you found the file.
After you sign in, you will be able to track your submissions.
+> [!NOTE]
+>
+> You can use the WDSI submission feature even if you don't have Microsoft Defender for Endpoint Plan 2 or Microsoft Defender for Office Plan 2.
+
+### Submit a suspected email attachment
+
+Use the [Microsoft 365 Defender portal](https://security.microsoft.com/) to submit suspected email attachments to Microsoft for review. For more information, see [Submit a suspected email attachment to Microsoft](../office-365-security/admin-submission.md).
+
+### Submit a file or file hash
+
+Use the unified submissions feature in Microsoft Defender for Endpoint to submit files and file hashes to Microsoft for review. For more information, see [Submit files in Microsoft Defender for Endpoint](../defender-endpoint/admin-submissions-mde.md).
+ ## Can I send a sample by email? No, we only accept submissions through our [sample submission portal](https://www.microsoft.com/wdsi/filesubmission).
security Anti Malware Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-malware-protection.md
To submit malware to Microsoft, see [Report messages and files to Microsoft](rep
Anti-malware policies control the settings and notification options for malware detections. The important settings in anti-malware policies are: -- **Recipient notifications**: By default, a message recipient isn't told that a message intended for them was quarantined due to malware. But, you can enable recipient notifications in the form of delivering the original message with _all_ attachments removed and replaced by a single file named **Malware Alert Text.txt** that contains the following text:-
- > Malware was detected in one or more attachments included with this email message. <br> Action: All attachments have been removed. <br> \<Original malware attachment name\> \<Malware detection result\>
-
- You can replace the default text in the **Malware Alert Text.txt** file with your own custom text.
- - **Common attachments filter**: There are certain types of files that you really shouldn't send via email (for example, executable files). Why bother scanning these types of files for malware, when you should probably block them all, anyway? That's where the common attachments filter comes in. The file types you specify are automatically treated as malware.
- - The default file types: `ace, ani, app, cab, docm, exe, iso, jar, jnlp, reg, scr, vbe, vbs`.
- - Additional file types that you can select from in the Microsoft 365 Defender portal<sup>\*</sup>: `ade, adp, asp, bas, bat, cer, chm, cmd, com, cpl, crt, csh, der, dll, dos, fxp, gadget, hlp, hta, inf, ins, isp, its, js, jse, ksh, lnk, mad, maf, mag, mam, maq, mar, mas, mat, mau, mav, maw, mda, mdb, mde, mdt, mdw, mdz, msc, msh, msh1, msh1xml, msh2, msh2xml, msi, msp, mst, obj, ops, os2, pcd, pif, plg, prg, prgps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, rar, scf, sct, shb, shs, tmp, url, vb, vsmacros, vsw, vxd, w16, ws, wsc, wsf, wsh, xnk`.
+ - The default file types: `ace, ani, apk, app, appx, arj, bat, cmd, com, deb, dex, dll, docm, elf, exe, hta, img, jar, kext, lha, lib, library, lnk, lzh, macho, msc, msi, msix, msp, mst, pif, ppa, ppam, reg, rev, scf, scr, sct, sys, uif, vb, vbe, vbs, vxd, wsc, wsf, wsh, xll, xz, z`.
+ - Additional file types that you can select from in the Microsoft 365 Defender portal<sup>\*</sup>: `7z, 7zip, a, accdb, accde, action, ade, adp, appxbundle, asf, asp, aspx, avi, bin, bundle, bz, bz2, bzip2, cab, caction, cer, chm, command, cpl, crt, csh, css, der, dgz, dmg, doc, docx, dot, dotm, dtox, dylib, font, gz, gzip, hlp, htm, html, imp, inf, ins, ipa, iso, isp, its, jnlp, js, jse, ksh, lqy, mad, maf, mag, mam, maq, mar, mas, mat, mav, maw, mda, mdb, mde, mdt, mdw, mdz, mht, mhtml, mscompress, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msixbundle, o, obj, odp, ods, odt, one, onenote, ops, package, pages, pbix, pdb, pdf, php, pkg, plugin, pps, ppsm, ppsx, ppt, pptm, pptx, prf, prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, pub, py, rar, rpm, rtf, scpt, service, sh, shb, shtm, shx, so, tar, tarz, terminal, tgz, tool, url, vhd, vsd, vsdm, vsdx, vsmacros, vss, vssx, vst, vstm, vstx, vsw, workflow, ws, xhtml, xla, xlam, xls, xlsb, xlsm, xlsx, xlt, xltm, xltx, zi, zip, zipx`.
<sup>\*</sup> You can enter any text value using the _FileTypes_ parameter in the [New-MalwareFilterPolicy](/powershell/module/exchange/new-malwarefilterpolicy) or [Set-MalwareFilterPolicy](/powershell/module/exchange/set-malwarefilterpolicy) cmdlets in Exchange Online PowerShell.
Anti-malware policies control the settings and notification options for malware
- **Zero-hour auto purge (ZAP) for malware**: ZAP for malware quarantines messages that are found to contain malware _after_ they've been delivered to Exchange Online mailboxes. By default, ZAP for malware is turned on, and we recommend that you leave it on.
+- **Quarantine policy**: Select the quarantine policy that applies to messages that are quarantined as malware. Quarantine policies define what users are able to do to quarantined messages, and whether users receive quarantine notifications. By default, recipients don't receive notifications for messages that were quarantined as malware. For more information, see [Quarantine policies](quarantine-policies.md).
+ - **Admin notifications**: You can specify an additional recipient (an admin) to receive notifications for malware detected in messages from internal or external senders. You can customize the **From address**, **subject**, and **message text** for internal and external notifications. > [!NOTE] > Admin notifications are sent only for _attachments_ that are classified as malware. >
- > The _quarantine_ policy that's assigned to the anti-malware policy determines whether recipients receive email notifications for messages that were quarantined as malware. By default, recipients don't receive notifications for messages that were quarantined as malware. For more information, see [Quarantine policies](quarantine-policies.md).
+ > The quarantine policy that's assigned to the anti-malware policy determines whether recipients receive email notifications for messages that were quarantined as malware.
- **Recipient filters**: For custom anti-malware policies, you can specify recipient conditions and exceptions that determine who the policy applies to. You can use these properties for conditions and exceptions:
Anti-malware policies control the settings and notification options for malware
You can only use a condition or exception once, but the condition or exception can contain multiple values. Multiple values of the same condition or exception use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions or exceptions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_). > [!IMPORTANT]
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Anti Spam Message Headers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-message-headers.md
The following table describes the fields and possible values for each email auth
|`dkim`|Describes the results of the DKIM check for the message. Possible values include: <ul><li>**pass**: Indicates the DKIM check for the message passed.</li><li>**fail (reason)**: Indicates the DKIM check for the message failed and why. For example, if the message was not signed or the signature was not verified.</li><li>**none**: Indicates that the message was not signed. This may or may not indicate that the domain has a DKIM record or the DKIM record does not evaluate to a result, only that this message was not signed.</li></ul>| |`dmarc`|Describes the results of the DMARC check for the message. Possible values include: <ul><li>**pass**: Indicates the DMARC check for the message passed.</li><li>**fail**: Indicates the DMARC check for the message failed.</li><li>**bestguesspass**: Indicates that no DMARC TXT record for the domain exists, but if one had existed, the DMARC check for the message would have passed.</li><li>**none**: Indicates that no DMARC TXT record exists for the sending domain in DNS.| |`header.d`|Domain identified in the DKIM signature if any. This is the domain that's queried for the public key.|
-|`header.from`|The domain of the `5322.From` address in the email message header (also known as the From address or P2 sender). Recipient see the From address in email clients.|
+|`header.from`|The domain of the `5322.From` address in the email message header (also known as the From address or P2 sender). Recipient sees the From address in email clients.|
|`reason`|The reason the composite authentication passed or failed. The value is a 3-digit code. For example: <ul><li>**000**: The message failed explicit authentication (`compauth=fail`). For example, the message received a DMARC fail with an action of quarantine or reject.</li><li>**001**: The message failed implicit authentication (`compauth=fail`). This means that the sending domain did not have email authentication records published, or if they did, they had a weaker failure policy (SPF soft fail or neutral, DMARC policy of `p=none`).</li><li>**002**: The organization has a policy for the sender/domain pair that is explicitly prohibited from sending spoofed email. This setting is manually set by an admin.</li><li>**010**: The message failed DMARC with an action of reject or quarantine, and the sending domain is one of your organization's accepted-domains (this is part of self-to-self, or intra-org, spoofing).</li><li>**1xx** or **7xx**: The message passed authentication (`compauth=pass`). The last two digits are internal codes used by Microsoft 365.</li><li>**2xx**: The message soft-passed implicit authentication (`compauth=softpass`). The last two digits are internal codes used by Microsoft 365.</li><li>**3xx**: The message was not checked for composite authentication (`compauth=none`).</li><li>**4xx** or **9xx**: The message bypassed composite authentication (`compauth=none`). The last two digits are internal codes used by Microsoft 365.</li><li>**6xx**: The message failed implicit email authentication, and the sending domain is one of your organization's accepted domains (this is part of self-to-self or intra-org spoofing).</li></ul>| |`smtp.mailfrom`|The domain of the `5321.MailFrom` address (also known as the MAIL FROM address, P1 sender, or envelope sender). This is the email address that's used for non-delivery reports (also known as NDRs or bounce messages).| |`spf`|Describes the results of the SPF check for the message. Possible values include: <ul><li>`pass (IP address)`: The SPF check for the message passed and includes the sender's IP address. The client is authorized to send or relay email on behalf of the sender's domain.</li><li>`fail (IP address)`: The SPF check for the message failed and includes the sender's IP address. This is sometimes called _hard fail_.</li><li>`softfail (reason)`: The SPF record designated the host as not being allowed to send, but is in transition.</li><li>`neutral`: The SPF record explicitly states that it does not assert whether the IP address is authorized to send.</li><li>`none`: The domain doesn't have an SPF record or the SPF record doesn't evaluate to a result.</li><li>`temperror`: A temporary error has occurred. For example, a DNS error. The same check later might succeed.</li><li>`permerror`: A permanent error has occurred. For example, the domain has a badly formatted SPF record.</li></ul>|
security Configure Advanced Delivery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-advanced-delivery.md
To keep your organization [secure by default](secure-by-default.md), Exchange On
- **Third-party phishing simulations**: Simulated attacks can help you identify vulnerable users before a real attack impacts your organization. - **Security operations (SecOps) mailboxes**: Dedicated mailboxes that are used by security teams to collect and analyze unfiltered messages (both good and bad).
-You use the _advanced delivery policy_ in Microsoft 365 to prevent inbound messages _in these specific scenarios_ from being filtered.<sup>\*</sup> The advanced delivery policy ensures that messages in these scenarios achieve the following results:
+You use the _advanced delivery policy_ in Microsoft 365 to prevent inbound messages _in these specific scenarios_ from being filtered<sup>\*</sup>. The advanced delivery policy ensures that messages in these scenarios achieve the following results:
- Filters in EOP and Microsoft Defender for Office 365 take no action on these messages.<sup>\*</sup>-- [Zero-hour Purge (ZAP)](zero-hour-auto-purge.md) for spam and phishing take no action on these messages.<sup>\*\*</sup>
+- [Zero-hour Purge (ZAP)](zero-hour-auto-purge.md) for spam and phishing take no action on these messages<sup>\*\*</sup>.
- [Default system alerts](/microsoft-365/compliance/alert-policies#default-alert-policies) aren't triggered for these scenarios. - [AIR and clustering in Defender for Office 365](office-365-air.md) ignores these messages. - Specifically for third-party phishing simulations:
security Configure Anti Malware Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-anti-malware-policies.md
Creating a custom anti-malware policy in the Microsoft 365 Defender portal creat
- **Exclude these users, groups, and domains**: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions. > [!IMPORTANT]
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Configure Anti Phishing Policies Eop https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop.md
Creating a custom anti-phishing policy in the Microsoft 365 Defender portal crea
- **Exclude these users, groups, and domains**: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions. > [!IMPORTANT]
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Configure Mdo Anti Phishing Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-mdo-anti-phishing-policies.md
Creating a custom anti-phishing policy in the Microsoft 365 Defender portal crea
- **Exclude these users, groups, and domains**: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions. > [!IMPORTANT]
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Configure The Outbound Spam Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy.md
Creating a custom outbound spam policy in the Microsoft 365 Defender portal crea
- **Exclude these users, groups, and domains**: To add exceptions for the internal senders that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions. > [!IMPORTANT]
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Configure Your Spam Filter Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-your-spam-filter-policies.md
Creating a custom anti-spam policy in the Microsoft 365 Defender portal creates
- **Exclude these users, groups, and domains**: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions. > [!IMPORTANT]
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365.md
The following table summarizes what's included in each plan.
- Microsoft Defender for Office 365 Plan 1 and Defender for Office 365 Plan 2 are each available as an add-on for certain subscriptions. To learn more, here's another link [Feature availability across Microsoft Defender for Office 365 plans](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description#feature-availability-across-advanced-threat-protection-atp-plans). -- The [Safe Documents](safe-docs.md) feature is only available to users with the Microsoft 365 E5 or Microsoft 365 E5 Security licenses (not included in Microsoft Defender for Office 365 plans).
+- The [Safe Documents](safe-docs.md) feature is only available to users with the Microsoft 365 A5 or Microsoft 365 E5 Security licenses (not included in Microsoft Defender for Office 365 plans).
- If your current subscription doesn't include Microsoft Defender for Office 365 and you want it, [contact sales to start a trial](https://info.microsoft.com/ww-landing-M365SMB-web-contact.html), and find out how Microsoft Defender for Office 365 can work for in your organization.
security Detect And Remediate Illicit Consent Grants https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants.md
f1.keywords:
Previously updated : audience: ITPro
The script produces one file named Permissions.csv. Follow these steps to look f
1. In the ConsentType column (column G) search for the value "AllPrinciples". The AllPrincipals permission allows the client application to access everyone's content in the tenancy. Native Microsoft 365 applications need this permission to work correctly. Every non-Microsoft application with this permission should be reviewed carefully.
-2. In the Permission column (column F) review the permissions that each delegated application has to content. Look for "Read" and "Write" permission or "*.All" permission, and review these carefully because they may not be appropriate.
+2. In the Permission column (column F) review the permissions that each delegated application has to content. Look for "Read" and "Write" permission or "All" permission, and review these carefully because they may not be appropriate.
3. Review the specific users that have consents granted. If high profile or high impact users have inappropriate consents granted, you should investigate further.
After you have identified an application with illicit permissions, you have seve
Your Microsoft 365 subscription comes with a powerful set of security capabilities that you can use to protect your data and your users. Use the [Microsoft 365 security roadmap - Top priorities for the first 30 days, 90 days, and beyond](security-roadmap.md) to implement Microsoft recommended best practices for securing your Microsoft 365 tenant. -- Tasks to accomplish in the first 30 days. These have immediate affect and are low-impact to your users.
+- Tasks to accomplish in the first 30 days. These have immediate effect and are low-impact to your users.
- Tasks to accomplish in 90 days. These take a bit more time to plan and implement but greatly improve your security posture. - Beyond 90 days. These enhancements build in your first 90 days work.
security Mdo Sec Ops Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-sec-ops-guide.md
Designate the custom mailbox where user reported messages are sent on the **User
> > - The custom mailbox is an Exchange Online mailbox. > - The third-party reporting tool must include the original reported message as an uncompressed .EML or .MSG attachment in the message that's sent to the custom mailbox (don't just forward the original message to the custom mailbox).
-> - The custom mailbox requires specific prerequisites to allow potentially bad messages to be delivered. For more information, see [Custom mailbox prerequisites](user-submission.md#custom-mailbox-prerequisites).
+> - The custom mailbox requires specific prerequisites to allow potentially bad messages to be delivered. For more information, see [Configuration requirements for the user submissions mailbox](user-submission.md#configuration-requirements-for-the-user-submissions-mailbox).
When user reported email arrives in the custom mailbox, Defender for Office 365 automatically generates the alert named **Email reported by user as malware or phish**. This alert launches an [AIR playbook](automated-investigation-response-office.md#example-a-user-reported-phish-message-launches-an-investigation-playbook). The playbook performs a series of automated investigations steps:
security Migrate To Defender For Office 365 Onboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-onboard.md
search.appverid:
- MOE150 - M365-security-compliance
- - m365initiative-defender-office365
+ - m365solution-mdo-migration
description: "Complete the steps for migrating from a third-party protection service or device to Microsoft Defender for Office 365 protection." ms.technology: mdo
security Migrate To Defender For Office 365 Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-prepare.md
search.appverid:
- MOE150 - M365-security-compliance
- - m365initiative-defender-office365
+ - m365solution-mdo-migration
description: "Prerequisite steps for migrating from a third-party protection service or device to Microsoft Defender for Office 365 protection." ms.technology: mdo
security Migrate To Defender For Office 365 Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-setup.md
search.appverid:
- MOE150 - M365-security-compliance
- - m365initiative-defender-office365
+ - m365solution-mdo-migration
description: "Take the steps to begin migrating from a third-party protection service or device to Microsoft Defender for Office 365 protection." ms.technology: mdo
You should also confirm that all users in the pilot have a supported message rep
- [The Report Message add-in](enable-the-report-message-add-in.md) - [The Report Phishing add-in](enable-the-report-phish-add-in.md)-- Supported third party reporting tools as described [here](user-submission.md#third-party-email-reporting-tools)
+- Supported third party reporting tools as described [here](user-submission.md#third-party-reporting-tools-options).
Don't underestimate the importance of this step. Data from user submissions will give you the feedback loop that you need to verify a good, consistent end-user experience before and after the migration. This feedback helps you to make informed policy configuration decisions, as well as provide data-backed reports to your management that the migration went smoothly.
security Migrate To Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365.md
search.appverid:
- MOE150 - M365-security-compliance
- - m365initiative-defender-office365
+ - m365solution-mdo-migration
description: Learn the right way to migrate from third-party protection services or devices like Google Postini, the Barracuda Spam and Virus Firewall, or Cisco IronPort to Microsoft Defender for Office 365 protection. ms.technology: mdo
security Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/overview.md
This quick-reference will help you understand what capabilities come with each M
- Microsoft Defender for Office 365 Plan 1 and Defender for Office 365 Plan 2 are each available as an add-on for certain subscriptions. To learn more, here's another link [Feature availability across Microsoft Defender for Office 365 plans](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description#feature-availability-across-advanced-threat-protection-atp-plans). -- The [Safe Documents](safe-docs.md) feature is only available to users with the Microsoft 365 E5 or Microsoft 365 E5 Security licenses (not included in Microsoft Defender for Office 365 plans).
+- The [Safe Documents](safe-docs.md) feature is only available to users with the Microsoft 365 A5 or Microsoft 365 E5 Security licenses (not included in Microsoft Defender for Office 365 plans).
- If your current subscription doesn't include Microsoft Defender for Office 365 and you want it, [contact sales to start a trial](https://info.microsoft.com/ww-landing-M365SMB-web-contact.html), and find out how Microsoft Defender for Office 365 can work for in your organization.
security Preset Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/preset-security-policies.md
A profile determines the level of protection. The following profiles are availab
You can only use a condition or exception once, but you can specify multiple values for the condition or exception. Multiple values of the same condition or exception use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions or exceptions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_). > [!IMPORTANT]
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The preset security policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
A profile determines the level of protection. The following profiles are availab
- **Built-in protection** (Defender for Office 365 only): A profile that enables Safe Links and Safe Attachments protection only. This profile effectively provides default policies for Safe Links and Safe Attachments, which never had default policies.
+ > [!NOTE]
+ > The Built in protection preset security policy is being deployed, and might not be available in your organization.
+ For **Built-in protection**, the preset security policy is on by default for all Defender for Office 365 customers. Although we don't recommend it, you can also configure exceptions based on **Users**, **Groups**, and **Domains** so the protection isn't applied to specific users. Until you assign the policies to users, the **Standard** and **Strict** preset security policies are assigned to no one. In contrast, the **Built-in protection** preset security policy is assigned to all recipients by default, but you can configure exceptions.
You can't modify the policy settings in the protection profiles. The **Standard*
When multiple policies are applied to a user, the following order is applied from highest priority to lowest priority:
-1. **Strict protection** preset security policy
-2. **Standard protection** preset security policy
-3. Custom security policies
-4. **Built-in protection** preset security policy for Safe Links and Safe Attachments, and the default policies for anti-malware, anti-spam, and anti-phishing.
+1. Strict preset security policy.
+2. Standard preset security policy.
+3. Custom policies. Custom policies are applied based on the priority value of the policy.
+4. Built-in protection preset security policy for Safe Links and Safe Attachments; default policies for anti-malware, anti-spam, and anti-phishing.
+
+In other words, the settings of the **Strict** preset security policy override the settings of the **Standard** preset security policy, which overrides the settings from any custom policies, which override the settings of the **Built-in protection** preset security policy for Safe Links and Safe Attachments, and the default policies for anti-spam, anti-malware, and anti-phishing.
+
+For example, a security setting exists in **Standard protection** and an admin specifies a user for **Standard protection**. The **Standard protection** setting is applied to the user instead of what's configured for that setting in a custom policy or in the default policy for the same user.
-In other words, the settings of the **Strict protection** policy override the settings of the **Standard protection** policy, which overrides the settings from a custom policy, which overrides the settings from the **Built-in protection** preset security policy (Safe Links and Safe Attachments) and the default policy (anti-spam, anti-malware, and anti-phishing).
+You might want to apply the **Standard** or **Strict** preset security policies to a subset of users, and apply custom policies to other users in your organization to meet specific needs. To meet this requirement, do the following steps:
-For example, if a security setting exists in **Standard protection** and an admin has enabled the **Standard protection** for a user, then the **Standard protection** setting will be applied instead of what is configured for that setting in a custom policy or in the default policy (for the same user). Note that you might have some portion of your organization to whom you want to apply only the **Standard** or **Strict protection** policy while applying a custom policy to other users in your organization to meet specific needs.
+- Configure the users who should get the settings of the **Standard** preset security policy and custom policies as exceptions in the **Strict** preset security policy.
+- Configure the users who should get the settings of custom policies as exceptions in the **Standard** preset security policy.
**Built-in protection** does not affect recipients in existing Safe Links or Safe Attachments policies. If you've already configured **Standard protection**, **Strict protection** or custom Safe Links or Safe Attachments policies, those policies are _always_ applied _before_ **Built-in protection**, so there's no impact to the recipients who are already defined in those existing preset or custom policies.
To verify that you've successfully assigned the **Standard protection** or **Str
For example, for email that's detected as spam (not high confidence spam) verify that the message is delivered to the Junk Email folder for **Standard protection** users, and quarantined for **Strict protection** users. Or, for [bulk mail](bulk-complaint-level-values.md), verify that the BCL value 6 or higher delivers the message to the Junk Email folder for **Standard protection** users, and the BCL value 4 or higher quarantines the message for **Strict protection** users.+
+## Preset security policies in Exchange Online PowerShell
+
+In PowerShell, preset security policies consist of the following elements:
+
+- **Individual security policies**: For example, anti-malware policies, anti-spam policies, anti-phishing policies, Safe Links policies, and Safe Attachments policies.
+
+ > [!WARNING]
+ > Do not attempt to create, modify, or remove the individual security policies that are associated with preset security policies. The only supported method for creating the individual security policies for Standard or Strict preset security policies is to turn on the preset security policy in the Microsoft 365 Defender portal for the first time.
+
+- **Rules**: Separate rules for the Standard preset security policy, the Strict preset security policy, and the Built-in protection preset security policy define the recipient conditions and exceptions for the policies (identify the recipients that the protections of the policy apply to).
+
+ For the Standard and Strict preset security policies, these rules are created the first time you turn on the preset security policy in the Microsoft 365 Defender portal. If you've never turned on the preset security policy, the associated rules don't exist. Subsequently turning off the preset security policy does not delete the associated rules.
+
+ The Built-in protection preset security policy has a single rule that controls exceptions to the default Safe Links and Safe Attachments protection of the policy.
+
+ The Standard and Strict preset security policies have the following rules:
+
+ - **Rules for Exchange Online Protection (EOP) protections**: The rule for the Standard Preset security policy and the rule for the Strict preset security policy controls who the EOP protections in the policy (anti-malware, anti-spam, and anti-phishing) apply to (the recipient conditions and exceptions for EOP protections).
+ - **Rules for Defender for Office 365 protections**: The rule for the Standard Preset security policy and the rule for the Strict preset security policy controls who the Defender for Office 365 protections in the policy (Safe Links and Safe Attachments) apply to (the recipient conditions and exceptions for Defender for Office 365 protections).
+
+ The rules for Standard and Strict preset security policies also allow you to turn on or turn of the preset security policy by enabling or disabling the rules that are associated with the policies.
+
+ The rules for preset security policies are not available to the regular rule cmdlets that work for individual security policies (for example, **Get-AntiPhishRule**). Instead, the following cmdlets are required:
+
+ - Built-in protection preset security policy: **\*-ATPBuiltInProtectionRule** cmdlets.
+ - Standard and strict preset security policies: **\*-EOPProtectionPolicyRule** and **\*-ATPProtectionPolicyRule** cmdlets.
+
+The following sections describe how to use these cmdlets in **supported scenarios**.
+
+To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
+
+### Use PowerShell to view individual security policies for preset security policies
+
+Remember, if you never turned on the Standard preset security policy or the Strict preset security policy in the Microsoft 365 Defender portal, the associated security policies for the preset security policy don't exist.
+
+> [!WARNING]
+> Do not attempt to create, modify, or remove the individual security policies that are associated with preset security policies. The only supported method for creating the individual security policies for Standard or Strict preset security policies is to turn on the preset security policy in the Microsoft 365 Defender portal for the first time.
+
+- **Built-in protection preset security policy**: The associated policies are named Built-In Protection Policy. The IsBuiltInProtection property value is True for these policies.
+
+ To view the individual security policies for the Built-in protection preset security policy, run the following command:
+
+ ```powershell
+ Write-Output -InputObject ("`r`n"*3),"Built-in protection Safe Attachments policy",("-"*79);Get-SafeAttachmentPolicy -Identity "Built-In Protection Policy" | Format-List; Write-Output -InputObject ("`r`n"*3),"Built-in protection Safe Links policy",("-"*79);Get-SafeLinksPolicy -Identity "Built-In Protection Policy" | Format-List
+ ```
+
+- **Standard preset security policy**: The associated policies are named `Standard Preset Security Policy<13-digit number>`. For example, `Standard Preset Security Policy1622650008019`. The RecommendPolicyType property value is Standard.
+
+ - **Organizations without Defender for Microsoft 365**:
+
+ To view the individual security policies for the Standard preset security policy in organizations without Defender for Microsoft 365, run the following command:
+
+ ```powershell
+ Write-Output -InputObject ("`r`n"*3),"Standard anti-malware policy",("-"*79);Get-MalwareFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"; Write-Output -InputObject ("`r`n"*3),"Standard anti-spam policy",("-"*79);Get-HostedContentFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"; Write-Output -InputObject ("`r`n"*3),"Standard anti-phishing policy",("-"*79);Get-AntiPhishPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"
+ ```
+
+ - **Organizations with Defender for Microsoft 365**:
+
+ To view the individual security policies for the Standard preset security policy in organizations with Defender for Microsoft 365, run the following command:
+
+ ```powershell
+ Write-Output -InputObject ("`r`n"*3),"Standard anti-malware policy",("-"*79);Get-MalwareFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"; Write-Output -InputObject ("`r`n"*3),"Standard anti-spam policy",("-"*79);Get-HostedContentFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"; Write-Output -InputObject ("`r`n"*3),"Standard anti-phishing policy",("-"*79);Get-AntiPhishPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"; Write-Output -InputObject ("`r`n"*3),"Standard Safe Attachments policy",("-"*79);Get-SafeAttachmentPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"; Write-Output -InputObject ("`r`n"*3),"Standard Safe Links policy",("-"*79);Get-SafeLinksPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"
+ ```
+
+- **Strict preset security policy**: The associated policies are named `Strict Preset Security Policy<13-digit number>`. For example, `Strict Preset Security Policy1642034872546`. The RecommendPolicyType property value is Strict.
+
+ - **Organizations without Defender for Microsoft 365**:
+
+ - To view the individual security policies for the Strict preset security policy in organizations without Defender for Microsoft 365, run the following command:
+
+ ```powershell
+ Write-Output -InputObject ("`r`n"*3),"Strict anti-malware policy",("-"*79);Get-MalwareFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"; Write-Output -InputObject ("`r`n"*3),"Strict anti-spam policy",("-"*79);Get-HostedContentFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"; Write-Output -InputObject ("`r`n"*3),"Strict anti-phishing policy",("-"*79);Get-AntiPhishPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"
+ ```
+
+ - **Organizations with Defender for Microsoft 365**:
+
+ - To view the individual security policies for the Strict preset security policy in organizations with Defender for Microsoft 365, run the following command:
+
+ ```powershell
+ Write-Output -InputObject ("`r`n"*3),"Strict anti-malware policy",("-"*79);Get-MalwareFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"; Write-Output -InputObject ("`r`n"*3),"Strict anti-spam policy",("-"*79);Get-HostedContentFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"; Write-Output -InputObject ("`r`n"*3),"Strict anti-phishing policy",("-"*79);Get-AntiPhishPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"; Write-Output -InputObject ("`r`n"*3),"Strict Safe Attachments policy",("-"*79);Get-SafeAttachmentPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"; Write-Output -InputObject ("`r`n"*3),"Strict Safe Links policy",("-"*79);Get-SafeLinksPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"
+ ```
+
+### Use PowerShell to view rules for preset security policies
+
+Remember, if you never turned on the Standard preset security policy or the Strict preset security policy in the Microsoft 365 Defender portal, the associated rules for those policies don't exist.
+
+- **Built-in protection preset security policy**: The associated rule is named ATP Built-In Protection Rule.
+
+ To view the rule that's associated with the Built-in protection preset security policy, run the following command:
+
+ ```powershell
+ Get-ATPBuiltInProtectionRule
+ ```
+
+ For detailed syntax and parameter information, see [Get-ATPBuiltInProtectionRule](/powershell/module/exchange/get-atpbuiltinprotectionrule).
+
+- **Standard preset security policy**: The associated rules are named Standard Preset Security Policy.
+
+ Use the following commands to view the rules that are associated with the Standard preset security policy:
+
+ - To view the rule that's associated with EOP protections in the Standard preset security policy, run the following command:
+
+ ```powershell
+ Get-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"
+ ```
+
+ - To view the rule that's associated with Defender for Office 365 protections in the Standard preset security policy, run the following command:
+
+ ```powershell
+ Get-ATPProtectionPolicyRule -Identity "Standard Preset Security Policy"
+ ```
+
+ - To view both rules at the same time, run the following command:
+
+ ```powershell
+ Write-Output -InputObject ("`r`n"*3),"EOP rule - Standard preset security policy",("-"*79);Get-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"; Write-Output -InputObject ("`r`n"*3),"Defender for Office 365 rule - Standard preset security policy",("-"*79);Get-ATPProtectionPolicyRule -Identity "Standard Preset Security Policy"
+ ```
+
+- **Strict preset security policy**: The associated rules are named Strict Preset Security Policy.
+
+ Use the following commands to view the rules that are associated with the Strict preset security policy:
+
+ - To view the rule that's associated with EOP protections in the Strict preset security policy, run the following command:
+
+ ```powershell
+ Get-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy"
+ ```
+
+ - To view the rule that's associated with Defender for Office 365 protections in the Strict preset security policy, run the following command:
+
+ ```powershell
+ Get-ATPProtectionPolicyRule -Identity "Strict Preset Security Policy"
+ ```
+
+ - To view both rules at the same time, run the following command:
+
+ ```powershell
+ Write-Output -InputObject ("`r`n"*3),"EOP rule - Strict preset security policy",("-"*79);Get-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy"; Write-Output -InputObject ("`r`n"*3),"Defender for Office 365 rule - Strict preset security policy",("-"*79);Get-ATPProtectionPolicyRule -Identity "Strict Preset Security Policy"
+ ```
+
+For detailed syntax and parameter information, see [Get-EOPProtectionPolicyRule](/powershell/module/exchange/get-eopprotectionpolicyrule) and [Get-ATPProtectionPolicyRule](/powershell/module/exchange/get-atpprotectionpolicyrule).
+
+### Use PowerShell to turn on or turn off preset security policies
+
+As described earlier, To turn on or turn off the Standard or Strict preset security policies, you enable or disable the rules that are associated with policy. The State property value of the rule shows whether the rule is Enabled or Disabled.
+
+Depending on whether your organization has Defender for Office 365, you might need to enable or disable one rule (the rule for EOP protections) or two rules (one rule for EOP protections, and one rule for Defender for Office 365 protections) to turn on or turn off the preset security policy.
+
+- **Standard preset security policy**:
+
+ - **Organizations without Defender for Office 365**:
+
+ - In organizations without Defender for Office 365, run the following command to determine whether the rule for the Standard preset policy is currently enabled or disabled:
+
+ ```powershell
+ Get-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy" | Format-Table Name,State
+ ```
+
+ - Run the following command to turn off the Standard preset security policy if it's turned on:
+
+ ```powershell
+ Disable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"
+ ```
+
+ - Run the following command to turn on the Standard preset security policy if it's turned off:
+
+ ```powershell
+ Enable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"
+ ```
+
+ - **Organizations with Defender for Office 365**:
+
+ - In organizations with Defender for Office 365, run the following command to determine whether the rules for the Standard preset policy are currently enabled or disabled:
+
+ ```powershell
+ Write-Output -InputObject ("`r`n"*3),"EOP rule - Standard preset security policy",("-"*63);Get-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy" | Format-Table Name,State; Write-Output -InputObject `r`n,"Defender for Office 365 rule - Standard preset security policy",("-"*63);Get-ATPProtectionPolicyRule -Identity "Standard Preset Security Policy" | Format-Table Name,State
+ ```
+
+ - Run the following command to turn off the Standard preset security policy if it's turned on:
+
+ ```powershell
+ Disable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"; Disable-ATPProtectionPolicyRule -Identity "Standard Preset Security Policy"
+ ```
+
+ - Run the following command to turn on the Standard preset security policy if it's turned off:
+
+ ```powershell
+ Enable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"; Enable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"
+ ```
+
+- **Strict preset security policy**:
+
+ - **Organizations without Defender for Office 365**:
+
+ - In organizations with Defender for Office 365, run the following command to determine whether the rule for the Strict preset policy is currently enabled or disabled:
+
+ ```powershell
+ Get-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy" | Format-Table Name,State
+ ```
+
+ - Run the following command to turn off the Strict preset security policy if it's turned on:
+
+ ```powershell
+ Disable-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy"
+ ```
+
+ - Run the following command to turn on the Strict preset security policy if it's turned off:
+
+ ```powershell
+ Enable-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy"
+ ```
+
+ - **Organizations with Defender for Office 365**:
+
+ - In organizations with Defender for Office 365, run the following command to determine whether the rules for the Strict preset policy are currently enabled or disabled:
+
+ ```powershell
+ Write-Output -InputObject ("`r`n"*3),"EOP rule - Strict preset security policy",("-"*63);Get-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy" | Format-Table Name,State; Write-Output -InputObject `r`n,"Defender for Office 365 rule - Strict preset security policy",("-"*63);Get-ATPProtectionPolicyRule -Identity "Strict Preset Security Policy" | Format-Table Name,State
+ ```
+
+ - Run the following command to turn off the Strict preset security policy if it's turned on:
+
+ ```powershell
+ Disable-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy"; Disable-ATPProtectionPolicyRule -Identity "Strict Preset Security Policy"
+ ```
+
+ - Run the following command to turn on the Strict preset security policy if it's turned off:
+
+ ```powershell
+ Enable-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy"; Enable-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy"
+ ```
+
+For detailed syntax and parameter information, see [Enable-EOPProtectionPolicyRule](/powershell/module/exchange/enable-eopprotectionpolicyrule), [Enable-ATPProtectionPolicyRule](/powershell/module/exchange/enable-atpprotectionpolicyrule), [Disable-EOPProtectionPolicyRule](/powershell/module/exchange/disable-eopprotectionpolicyrule), and [Disable-ATPProtectionPolicyRule](/powershell/module/exchange/disable-atpprotectionpolicyrule).
+
+### Use PowerShell to specify recipient conditions and exceptions for preset security policies
+
+> [!IMPORTANT]
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The preset security policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ >
+ > - The recipient is: romain@contoso.com
+ > - The recipient is a member of: Executives
+ >
+ > The policy is applied to romain@contoso.com _only_ if he's also a member of the Executives group. If he's not a member of the group, then the policy is not applied to him.
+ >
+ > Likewise, if you use the same recipient filter as an exception to the policy, the policy is not applied to romain@contoso.com _only_ if he's also a member of the Executives group. If he's not a member of the group, then the policy still applies to him.
+
+For the Built-in protection preset security policy, you can only specify recipient exceptions. If all exception parameter values are empty (`$null`), there are no exceptions to the policy.
+
+For the Standard and Strict preset security policies, you can specify recipient conditions and exceptions for EOP protections and Defender for Office 365 protections. If all of conditions and exception parameter values are empty (`$null`), there are no recipient conditions or exceptions to the Standard or Strict preset security policies.
+
+Even if there are no recipient conditions or exceptions applied to a preset security policy, whether the policy is applied to all recipients depends on the [the order of precedence for policies](#order-of-precedence-for-preset-security-policies-and-other-policies) as previously described in this article.
+
+- **Built-in protection preset security policy**:
+
+ Use the following syntax:
+
+ ```powershell
+ Set-ATPBuiltInProtectionRule -Identity "ATP Built-In Protection Rule" -ExceptIfRecipientDomainIs <"domain1","domain2",... | $null> -ExceptIfSentTo <"user1","user2",... | $null> -ExceptIfSentToMemberOf <"group1","group2",... | $null>
+ ```
+
+ This example removes all recipient exceptions from the Built-in protection preset security policy.
+
+ ```powershell
+ Set-ATPBuiltInProtectionRule -Identity "ATP Built-In Protection Rule" -ExceptIfRecipientDomainIs $null -ExceptIfSentTo $null -ExceptIfSentToMemberOf $null
+ ```
+
+ For detailed syntax and parameter information, see [Set-ATPBuiltInProtectionRule](/powershell/module/exchange/set-atpbuiltinprotectionrule).
+
+- **Standard or Strict preset security policies**
+
+ Use the following syntax:
+
+ ```powershell
+ <Set-EOPProtectionPolicyRule | SetAtpProtectionPolicyRule> -Identity "<Standard Preset Security Policy | Strict Preset Security Policy>" -SentTo <"user1","user2",... | $null> -ExceptIfSentTo <"user1","user2",... | $null> -SentToMemberOf <"group1","group2",... | $null> -ExceptIfSentToMemberOf <"group1","group2",... | $null> -RecipientDomainIs <"domain1","domain2",... | $null> -ExceptIfRecipientDomainIs <"domain1","domain2",... | $null>
+ ```
+
+ This example configures exceptions from the EOP protections in the Standard preset security policy for members of the distribution group named Executives.
+
+ ```powershell
+ Set-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy" -ExceptIfSentToMemberOf Executives
+ ```
+
+ This example configures exceptions from the Defender for Office 365 protections in the Strict preset security for the specified security operations (SecOps) mailboxes.
+
+ ```powershell
+ Set-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy" -ExceptIfSentTo "SecOps1","SecOps2"
+ ```
+
+ For detailed syntax and parameter information, see [Set-EOPProtectionPolicyRule](/powershell/module/exchange/set-eopprotectionpolicyrule) and [Set-ATPProtectionPolicyRule](/powershell/module/exchange/Set-atpprotectionpolicyrule).
security Quarantine Email Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-email-messages.md
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
Anti-malware policies automatically quarantine a message if _any_ attachment is found to contain malware. For more information, see [Configure anti-malware policies in EOP](configure-anti-malware-policies.md).
-By default, anti-spam polices quarantine phishing and high confidence phishing messages, and deliver spam, high confidence spam, and bulk email messages to the user's Junk Email folder. But, you can also create and customize anti-spam policies to quarantine spam, high confidence spam, and bulk-email messages. For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
+By default, anti-spam policies quarantine phishing and high confidence phishing messages, and deliver spam, high confidence spam, and bulk email messages to the user's Junk Email folder. But, you can also create and customize anti-spam policies to quarantine spam, high confidence spam, and bulk-email messages. For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
Both users and admins can work with quarantined messages:
security Quarantine Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-policies.md
The global settings for quarantine policies allow you to customize the quarantin
Follow these steps to customize quarantine notifications based on the recipient's language:
- 1. Select the language from the **Choose language** box. The default value is **Default**, which means English.
+ 1. Select the language from the **Choose language** box. The default value is **Default**, which means the default language for the Microsoft 365 organization. For more information, see [How to set language and region settings for Microsoft 365](/office365/troubleshoot/access-management/set-language-and-region).
2. Enter values for **Display name** and **Disclaimer**. The values must be unique for each language. If you try to reuse a **Display name** or **Disclaimer** value for multiple languages, you'll get an error when you click **Save**. 3. Click the **Add** button. 4. Repeat the previous steps to create a maximum of three customized quarantine notifications based on the recipient's language. An unlabeled box shows the languages that you've configured:
security Recommended Settings For Eop And Office365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md
In PowerShell, you use the [Set-AtpPolicyForO365](/powershell/module/exchange/se
|Security feature name|Default|Built-in protection|Comment| ||::|::|| |**Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams** <br><br> _EnableATPForSPOTeamsODB_|Off <br><br> `$false`|On <br><br> `$true`|To prevent users from downloading malicious files, see [Use SharePoint Online PowerShell to prevent users from downloading malicious files](turn-on-mdo-for-spo-odb-and-teams.md#step-2-recommended-use-sharepoint-online-powershell-to-prevent-users-from-downloading-malicious-files).|
-|**Turn on Safe Documents for Office clients** <br><br> _EnableSafeDocs_|Off <br><br> `$false`|On <br><br> `$true`|This feature is available and meaningful only with licenses that are not included in Defender for Office 365 (for example, Microsoft 365 E5 or Microsoft 365 E5 Security). For more information, see [Safe Documents in Microsoft 365 E5](safe-docs.md).|
+|**Turn on Safe Documents for Office clients** <br><br> _EnableSafeDocs_|Off <br><br> `$false`|On <br><br> `$true`|This feature is available and meaningful only with licenses that are not included in Defender for Office 365 (for example, Microsoft 365 A5 or Microsoft 365 E5 Security). For more information, see [Safe Documents in Microsoft 365 A5 or E5 Security](safe-docs.md).|
|**Allow people to click through Protected View even if Safe Documents identified the file as malicious** <br><br> _AllowSafeDocsOpen_|Off <br><br> `$false`|Off <br><br> `$false`|This setting is related to Safe Documents.| #### Safe Attachments policy settings
security Report Junk Email Messages To Microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft.md
Watch this video that shows more information about the unified submissions exper
|[Enable the Report Message or the Report Phishing add-ins](enable-the-report-message-add-in.md)|Works with Outlook and Outlook on the web (formerly known as Outlook Web App). <br/><br/> Depending on your subscription, messages that users reported with the add-ins are available in [the Admin Submissions portal](admin-submission.md), [Automated investigation and response (AIR) results](air-view-investigation-results.md), the [User-reported messages report](view-email-security-reports.md#user-reported-messages-report), and [Explorer](threat-explorer-views.md#email--submissions). <br/><br/> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md). |[Report false positives and false negatives in Outlook](report-false-positives-and-false-negatives.md)|Submit false positives (good email that was blocked or sent to junk folder) and false negatives (unwanted email or phish that was delivered to the inbox) to Exchange Online Protection (EOP) using the Report Message feature.| |[Use mail flow rules to see what users are reporting to Microsoft](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-see-what-users-are-reporting-to-microsoft)|Learn how to create a mail flow rule (also known as a transport rule) that notifies you when users report messages to Microsoft for analysis.|
-|[Submit suspicious files to Microsoft for analysis](submitting-malware-and-non-malware-to-microsoft-for-analysis.md)|Use the Microsoft Security Intelligence site to submit attachments and other files.|
+|[Submit files for analysis](../intelligence/submission-guide.md)|Submit email attachments and other suspected files to Microsoft for analysis.|
> [!NOTE] > When you report an email entity to Microsoft, we make a copy of everything associated with the email to include it in our continual algorithm reviews. This copy includes the email content, the email headers, and related data about the email routing. Attachments in the message are also included.
security Safe Attachments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-attachments.md
The following table describes scenarios for Safe Attachments in Microsoft 365 an
|Pat's Microsoft 365 E5 organization has no Safe Attachments policies configured.|Pat is protected by Safe Attachments due to the **Built-in protection** preset security policy that applies to all recipients who are not otherwise defined in Safe Attachments policies.| |Lee's organization has a Safe Attachments policy that applies only to finance employees. Lee is a member of the sales department.|Lee and the rest of the sales department are protected by Safe Attachments due to the **Built-in protection** preset security policy that applies to all recipients who are not otherwise defined in Safe Attachments policies.| |Yesterday, an admin in Jean's organization created a Safe Attachments policy that applies to all employees. Earlier today, Jean received an email message that included an attachment.|Jean is protected by Safe Attachments due to that custom Safe Attachments policy. <br/><br/> Typically, it takes about 30 minutes for a new policy to take effect.|
-|Chris's organization has long-standing Safe Attachments policies for everyone in the organization. Chris receives an email that has an attachment, and then forwards the message to external recipients.|Chis is protected by Safe Attachments. <br/><br/> If the external recipients in a Microsoft 365 organization, then the forwarded messages are also protected by Safe Attachments.|
+|Chris's organization has long-standing Safe Attachments policies for everyone in the organization. Chris receives an email that has an attachment, and then forwards the message to external recipients.|Chis is protected by Safe Attachments. <br/><br/> If the external recipients are in a Microsoft 365 organization, then the forwarded messages are also protected by Safe Attachments.|
Safe Attachments scanning takes place in the same region where your Microsoft 365 data resides. For more information about datacenter geography, see [Where is your data located?](https://products.office.com/where-is-your-data-located?geo=All)
This section describes the settings in Safe Attachments policies:
You can only use a condition or exception once, but the condition or exception can contain multiple values. Multiple values of the same condition or exception use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions or exceptions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_). > [!IMPORTANT]
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Safe Links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links.md
You need to specify the recipient conditions and exceptions that determine who t
You can only use a condition or exception once, but the condition or exception can contain multiple values. Multiple values of the same condition or exception use OR logic (for example, _\<recipient1\>_ or _\<recipient2\>_). Different conditions or exceptions use AND logic (for example, _\<recipient1\>_ and _\<member of group 1\>_). > [!IMPORTANT]
-> Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+> Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Set Up Anti Phishing Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-anti-phishing-policies.md
The following policy settings are available in anti-phishing policies in EOP and
> [!NOTE] > At least one selection in the **Users, groups, and domains** settings is required in custom anti-phishing policies to identify the message **recipients** <u>that the policy applies to</u>. Anti-phishing policies in Defender for Office 365 also have [impersonation settings](#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365) where you can specify individual sender email addresses or sender domains <u>that will receive impersonation protection</u> as described later in this article. >
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Set Up Safe Attachments Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-safe-attachments-policies.md
Creating a custom Safe Attachments policy in the Microsoft 365 Defender portal c
- **Exclude these users, groups, and domains**: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions. > [!IMPORTANT]
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Set Up Safe Links Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-safe-links-policies.md
Creating a custom Safe Links policy in the Microsoft 365 Defender portal creates
- **Exclude these users, groups, and domains**: To add exceptions for the internal recipients that the policy applies to (recipient exceptions), select this option and configure the exceptions. The settings and behavior are exactly like the conditions. > [!IMPORTANT]
- > Multiple different conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
+ > Multiple different types of conditions or exceptions are not additive; they're inclusive. The policy is applied _only_ to those recipients that match _all_ of the specified recipient filters. For example, you configure a recipient filter condition in the policy with the following values:
> > - The recipient is: romain@contoso.com > - The recipient is a member of: Executives
security Assess The Impact Of Security Configuration Changes With Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/assess-the-impact-of-security-configuration-changes-with-explorer.md
ms.technology: mdo
# Assess the impact of security configuration changes with Explorer
-Before you make change(s) to your security configuration, such as policies or transport rules, itΓÇÖs important to understand the impact of the change(s) so that you can plan and ensure *minimal* disruption to your organization.
+Before you make change(s) to your security configuration, such as policies or transport rules, it's important to understand the impact of the change(s) so that you can plan and ensure *minimal* disruption to your organization.
This step-by-step guide will take you through assessing a change, and exporting the impacted emails for assessment. The procedure can be applied to many different changes, by altering the criteria (filters) you use in explorer.
security Deploy And Configure The Report Message Add In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/deploy-and-configure-the-report-message-add-in.md
Depending on whether you are licensed for Defender for Office 365, you'll also g
1. On the page that loads, press **Get Apps**. 1. In the page that appears, in the top right Search box, enter **Report Message** or **Report Phishing**, and then select **Search**. 1. Press **Get it now** on your chosen app within the search results (publisher is **Microsoft Corporation**).
-1. On the flyout that appears, select who to deploy the add-in to. If testing you may wish to use a specific group, otherwise configure it for the **entire organisation** ΓÇô when youΓÇÖve made a selection press **Next**.
+1. On the flyout that appears, select who to deploy the add-in to. If testing you may wish to use a specific group, otherwise configure it for the **entire organisation** ΓÇô when you've made a selection press **Next**.
1. Review the permissions, information and capabilities then press **Next**. 1. Press **Finish deployment** (it can take 12-24 hours for the add-in to appear automatically in Outlook clients).
Depending on whether you are licensed for Defender for Office 365, you'll also g
1. On the configuration page from the earlier steps, underneath the **User reporting experience**, configure the before and after reporting pop-ups title and body if desired. The end users will see the before reporting pop up if **Ask me before reporting** is also enabled. 2. If you wish for notifications to come from an internal organisational mailbox, select **Specify Office 365 email address to use as sender** and search for a valid mailbox in your organisation to send the notifications from. 3. Press **Customize notifications** to set up the text sent to reporting users after admin reviews a reported message using Mark & Notify, configure the **Phishing**, **Junk** & **No threats** found options.
-4. On the **Footer** tab, select the global footer to be sent for notifications, along with your organisationΓÇÖs logo if appropriate.
+4. On the **Footer** tab, select the global footer to be sent for notifications, along with your organisation's logo if appropriate.
### Further reading
security Ensuring You Always Have The Optimal Security Controls With Preset Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies.md
ms.technology: mdo
Preset security policies allow you to select a security profile of either Standard or Strict, and have Microsoft manage and maintain security controls across Microsoft Defender for Office 365 for you.
-As new controls are added or if the best practice setting for a security control changes with the evolving threat landscape, Microsoft will automatically update security control settings for users assigned to a Standard or Strict preset security policy. By using Security Preset policies, you will always have MicrosoftΓÇÖs recommended, best practice configuration for your users.
+As new controls are added or if the best practice setting for a security control changes with the evolving threat landscape, Microsoft will automatically update security control settings for users assigned to a Standard or Strict preset security policy. By using Security Preset policies, you will always have Microsoft's recommended, best practice configuration for your users.
## What you will need - Microsoft Defender for Office 365 Plan 1 or higher (Included in E5)
Our Strict preset security policy has more aggressive limits and settings for se
## Enable Security Presets
-Once youΓÇÖve chosen between the Standard and Strict security preset policies for your users, it takes a few further steps to assign users to each preset.
+Once you've chosen between the Standard and Strict security preset policies for your users, it takes a few further steps to assign users to each preset.
1. Identify the users, groups, or domains you would like to include in Standard and Strict security presets. 1. Login to the Microsoft Security portal at https://security.microsoft.com.
Once youΓÇÖve chosen between the Standard and Strict security preset policies fo
## Next Steps
-Use config analyzer to determine if your users are configured per MicrosoftΓÇÖs best practices.
+Use config analyzer to determine if your users are configured per Microsoft's best practices.
> [!TIP] > Configuration analyzer allows admins to find and fix security policies where the settings are below the Standard or Strict protection profile settings in preset security policies. Find out more about Configuration analyzer [here](../../office-365-security/configuration-analyzer-for-security-policies.md).
security How To Configure Quarantine Permissions With Quarantine Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-configure-quarantine-permissions-with-quarantine-policies.md
Providing security admins and users with a very simple way to manage false posit
Our custom policies give admins the ability to decide what items their users can triage in the ***False positive*** folder with an extended ability of allowing the user to request the *release* of those items from the folder. 1. Decide what verdicts category (bulk, spam, phish, high confidence phish, or malware) of items you want your user to triage and not triage.
-1. For those categories that you donΓÇÖt want the users to triage, assign the items to the **AdminOnlyPolicy**. As for the category you want users to triage with limited access, you can *create a custom policy* with a request release access and assign users to that category.
+1. For those categories that you don't want the users to triage, assign the items to the **AdminOnlyPolicy**. As for the category you want users to triage with limited access, you can *create a custom policy* with a request release access and assign users to that category.
1. It's **strongly recommended** that malware and high confidence phish items be assigned to **AdminOnlyPolicy**, regular confidence phish items be assigned *limited access with request release*, while bulk and spam can be left as full access for users. > [!IMPORTANT]
security How To Enable Dmarc Reporting For Microsoft Online Email Routing Address Moera And Parked Domains https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-enable-dmarc-reporting-for-microsoft-online-email-routing-address-moera-and-parked-domains.md
ms.technology: mdo
# How to enable DMARC Reporting for Microsoft Online Email Routing Address (MOERA) and parked Domains
-Best practice for domain email security protection is to protect yourself from spoofing using Domain-based Message Authentication, Reporting, and Conformance (DMARC). If you havenΓÇÖt already enabled DMARC for your domains, that should be the first step, detailed here: [Domain-based Message Authentication, Reporting, and Conformance (DMARC)](/microsoft-365/security/office-365-security/use-dmarc-to-validate-email)
+Best practice for domain email security protection is to protect yourself from spoofing using Domain-based Message Authentication, Reporting, and Conformance (DMARC). If you haven't already enabled DMARC for your domains, that should be the first step, detailed here: [Domain-based Message Authentication, Reporting, and Conformance (DMARC)](/microsoft-365/security/office-365-security/use-dmarc-to-validate-email)
-This guide is designed to help you configure DMARC for the domains not covered in the above guide, both your Microsoft Online Email Routing Address (MOERA) aka contosocorp.onmicrosoft.com and parked domains which you may not be using for email yet, but could be leveraged by attackers until protected.
+This guide is designed to help you configure DMARC for domains not covered by the main DMARC article. These domains include domains that you're not using for email, but could be leveraged by attackers if they remain unprotected:
-## What youΓÇÖll need
+- Your `onmicrosoft.com` domain, also known as the Microsoft Online Email Routing Address (MOERA) domain.
+- Parked custom domains that you're currently not using for email yet.
-- Microsoft 365 admin centre and access to your DNS provider hosting your domains-- Sufficient permissions as Global Admin to make the appropriate changes in the Microsoft 365 Admin Center-- 10 Minutes to complete the following steps
+## What you'll need
+
+- Microsoft 365 admin center and access to your DNS provider hosting your domains.
+- Sufficient permissions as Global Admin to make the appropriate changes in the Microsoft 365 admin center.
+- 10 minutes to complete the steps in this article.
## Activate DMARC for MOERA Domain
-1. Login to the [Microsoft 365 Admin Center](https://admin.microsoft.com).
+1. Open the Microsoft 365 admin center at <https://admin.microsoft.com>.
1. On the left-hand navigation, select **Show All**.
-1. Expand Settings and press **Domains**.
-1. Select your tenant domain (contoso.onmicrosoft.com).
+1. Expand **Settings** and press **Domains**.
+1. Select your tenant domain (for example, contoso.onmicrosoft.com).
1. On the page that loads, select **DNS records**. 1. Select **+ Add record**.
-1. A flyout will appear on the right, ensure that the selected Type is **TXT (Text)**.
-1. Add _dmarc as TXT name.
+1. A flyout will appear on the right. Ensure that the selected Type is **TXT (Text)**.
+1. Add `_dmarc` as **TXT name**.
1. Add your specific DMARC value. 1. Press **Save**. ## Active DMARC for parked domains
-1. Check if SPF is already configured for your parked domain, following this guide: [Set up SPF to help prevent spoofing - Office 365 | Microsoft Docs](/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing#how-to-handle-subdomains)
+1. Check if SPF is already configured for your parked domain. For instructions, see [Set up SPF to help prevent spoofing - Office 365 | Microsoft Docs](/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing#how-to-handle-subdomains)
1. Contact your DNS Domain provider.
-1. Ask to add this DMARC txt record with your appropriate email addresses `v=DMARC1; p=reject; rua=mailto:d@rua.contoso.com;ruf=mailto:d@ruf.contoso.com`.
+1. Ask to add this DMARC txt record with your appropriate email addresses: `v=DMARC1; p=reject; rua=mailto:d@rua.contoso.com;ruf=mailto:d@ruf.contoso.com`.
## Next Steps
Wait until the DNS changes are propagated and try to spoof the configured domain
## More Information [Set up SPF to help prevent spoofing - Office 365 | Microsoft Docs](/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing)+ [Use DMARC to validate email, setup steps - Office 365 | Microsoft Docs](/microsoft-365/security/office-365-security/use-dmarc-to-validate-email)
security How To Prioritize And Manage Automated Investigations And Response Air https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-prioritize-and-manage-automated-investigations-and-response-air.md
Investigation actions (and investigations) are accessible from several points in
As automated investigations on *Email & collaboration* content results in verdicts, such as *Malicious* or *Suspicious*, certain remediation actions are created. The remediation actions suggested aren't carried out automatically. SecOps must navigate to each investigation to *approve* those suggested actions. In the *Action Center* all the pending actions are aggregated for quick approval.
-## What youΓÇÖll need
+## What you'll need
- Microsoft Defender for Office 365 Plan 2 or higher (Included with E5) - Sufficient permissions (Security reader, security operations, or security administrator, plus [Search and purge](../permissions-microsoft-365-security-center.md) role)
security How To Prioritize Manage Investigate And Respond To Incidents In Microsoft 365 Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-prioritize-manage-investigate-and-respond-to-incidents-in-microsoft-365-defender.md
ms.technology: mdo
# Prioritize, Manage, Investigate & Respond to Incidents in Microsoft 365 Defender
-When alerts are triggered in Microsoft 365 Defender, automated investigation and response (AIR) will trigger to hunt across an organization's subscription, determine the impact and scope of the threat, and collate the information into a single Incident so that admins donΓÇÖt have to manage multiple incidents.
+When alerts are triggered in Microsoft 365 Defender, automated investigation and response (AIR) will trigger to hunt across an organization's subscription, determine the impact and scope of the threat, and collate the information into a single Incident so that admins don't have to manage multiple incidents.
-## What youΓÇÖll need
+## What you'll need
- Microsoft Defender for Office 365 Plan 2 or higher - Sufficient permissions (Security reader, security operations, or security administrator, plus [Search and purge](../permissions-microsoft-365-security-center.md) role)
If you are looking for specific alerts, either use the incident search capabilit
## Investigate & Respond to Incidents
-After you have prioritized your incident queue, click on the Incident youΓÇÖd like to investigate to load the incidents Overview page. There will be useful information such as *MITRE ATT&CK techniques observed* and a *timeline of the attack*.
+After you have prioritized your incident queue, click on the Incident you'd like to investigate to load the incidents Overview page. There will be useful information such as *MITRE ATT&CK techniques observed* and a *timeline of the attack*.
The tabs at the top of the incident page allow you to explore more details such as the affected users, mailboxes, endpoints, and et cetera.
security How To Run Attack Simulations For Your Team https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-run-attack-simulations-for-your-team.md
Attack simulation training allows you to run realistic but benign cyber attack s
1. Navigate to [Attack Simulation Training](https://security.microsoft.com/attacksimulator ) in your subscription. 1. Choose **Simulations** from the top navigation bar. 1. Select **Launch a simulation**.
-1. Pick the technique youΓÇÖd like to use from the flyout, and press **Next**.
+1. Pick the technique you'd like to use from the flyout, and press **Next**.
1. Name the Simulation with something relevant / memorable and press **Next**. 1. Pick a relevant payload from the wizard, review the details and customize if appropriate, when you are happy with the choice, press **Next**. 1. Choose who to target with the payload. If choosing the entire organization highlight the radio button and press **Next**.
Attack simulation training allows you to run realistic but benign cyber attack s
1. Customize the landing page displayed when a user is phished if appropriate, or otherwise leave the Microsoft Default. 1. Under **Payload indicators**, check the box to add payload indicators to email. Adding payloads will help users to learn how to identify the phishing email. Select *Open preview panel* to view the message. 1. Click **Next** to continue.
-1. Choose if youΓÇÖd like end user notifications, and if so, select the delivery preferences and customize where needed.
+1. Choose if you'd like end user notifications, and if so, select the delivery preferences and customize where needed.
1. Notice that you can also select *default language* for the notification under the **Select default language** drop-down menu. 1. Select when to launch the simulation, and how long it should be valid for. You can also enable *region aware time zone delivery*. This option will deliver simulated attack messages to your employees during *their working hours* based on their region. Select **Next**. 1. Send a test if you're ready. Review the summary of choices. Click **Submit**.
security How To Setup Attack Simulation Training For Automated Attacks And Training https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-setup-attack-simulation-training-for-automated-attacks-and-training.md
ms.technology: mdo
Attack simulation training lets you run benign attack simulations on your organization to assess your phishing risk and teach your users how to better avoid phish attacks. By following this guide, you will configure automated flows with specific techniques and payloads that run when the specified conditions are met, launching simulations against your organization.
-## What youΓÇÖll need
+## What you'll need
- Microsoft Defender for Office 365 Plan 2 (included as part of E5). - Sufficient permissions (Security Administrator role).
Attack simulation training lets you run benign attack simulations on your organi
1. Choose **Simulation automations** from the top navigation bar. 1. Press **Create automation**. 1. Name the Simulation automation with something relevant and memorable. *Next*.
-1. Pick the techniques youΓÇÖd like to use from the flyout. *Next*.
-1. Manually select up to 20 payloads youΓÇÖd like to use for this automation, or alternatively select Randomize. *Next*.
-1. If you picked OAuth as a Payload, youΓÇÖll need to enter the name, logo and scope (permissions) youΓÇÖd like the app to have when itΓÇÖs used in a simulation. *Next*.
+1. Pick the techniques you'd like to use from the flyout. *Next*.
+1. Manually select up to 20 payloads you'd like to use for this automation, or alternatively select Randomize. *Next*.
+1. If you picked OAuth as a Payload, you'll need to enter the name, logo and scope (permissions) you'd like the app to have when it's used in a simulation. *Next*.
1. Choose who to target with the payload, if choosing the entire organization highlight the radio button. *Next*. 1. Otherwise, select **Add Users** and then search or filter the users with the wizard, press Add User(s). *Next*. 1. Customize the training if appropriate, otherwise leave Assign training for me (recommended) selected. *Next*. 1. Customize the landing page displayed when a user is phished if appropriate, otherwise leave as the Microsoft Default. *Next*.
-1. Choose if youΓÇÖd like end user notifications, if so select the delivery preferences and customize where appropriate. *Next*.
+1. Choose if you'd like end user notifications, if so select the delivery preferences and customize where appropriate. *Next*.
1. For Simulation schedule, you can either select **Randomized** or **Fixed**, the recommended option is Randomized, once selected, select *Next*. 1. Depending on your choice of Randomized or Fixed, the schedule details may differ, but select preferences on the choice, including the start and end dates of the automation. *Next*. 1. For **Launch Details**, select any final options you want, such as using unique payloads, or targeting repeat offenders and then select *Next*.
security Optimize And Correct Security Policies With Configuration Analyzer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/optimize-and-correct-security-policies-with-configuration-analyzer.md
ms.technology: mdo
Configuration analyzer is a central location and single pane of glass for administering and viewing the email security policies you have configured in your tenant. You can perform a side-to-side comparison of your settings to our Standard and Strict recommended settings, apply recommendations and view historical changes that affected your posture.
-## What youΓÇÖll need
+## What you'll need
- Exchange Online Protection - Sufficient permissions (Security Administrator role) - 5 minutes to perform the steps below. ## Compare settings and apply recommendations 1. Navigate to [https://security.microsoft.com/configurationAnalyzer](https://security.microsoft.com/configurationAnalyzer).
-1. Pick either **Standard recommendations** or **Strict recommendations** from the top menu based on the side-to-side comparison youΓÇÖd like to make.
+1. Pick either **Standard recommendations** or **Strict recommendations** from the top menu based on the side-to-side comparison you'd like to make.
1. Recommendations for policy changes will be displayed. (If applicable) 1. You can then select a recommendation, note the recommended action, policy which the recommendation is applicable to, setting name & current configuration etc. 1. With a recommendation selected, you can press **Apply recommendation** and then **OK** on the confirmation message that appears.
security Protect Your C Suite With Priority Account Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/protect-your-c-suite-with-priority-account-protection.md
ms.technology: mdo
Priority account protection helps IT and security teams ensure a high quality of service and protection for the critical people within your organization. Tagging an account as a priority account will enable the additional protection tuned for the mail flow patterns targeting company executives, along with extra visibility in reports, alerts, and investigations.
-## What youΓÇÖll need
+## What you'll need
- Microsoft Defender for Office 365 Plan 2 (included as part of E5 plans) - Sufficient permissions (Security Administrator role) - 5 minutes to perform the steps below.
security Search For Emails And Remediate Threats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/search-for-emails-and-remediate-threats.md
ms.technology: mdo
Email remediation is an already existing feature that helps admins act on emails that are threats.
-## What youΓÇÖll need
+## What you'll need
- Microsoft Defender for Office 365 Plan 2 (Included in E5 plans) - Sufficient permissions (be sure to grant the account [Search and Purge](https://sip.security.microsoft.com/securitypermissions) role)
Email remediation is an already existing feature that helps admins act on emails
1. The side pane will open and ask for details like a name for the remediation, severity, and description. Once the information is reviewed, press **Submit**. 1. As soon as the admin approves this action, they will see the Approval ID and a link to the Microsoft 365 Defender Action Center [here](https://security.microsoft.com/action-center/history). This page is where **actions can be tracked**.
- 1. **Admin action alert** - A system alert shows up in the alert queue with the name ΓÇÿAdministrative action submitted by an AdministratorΓÇÖ. This indicates that an admin took the action of remediating an entity. It gives details such as the name of the admin who took the action, and the investigation link and time. This makes admins aware of each important action, like remediation, taken on entities.
- 1. **Admin action investigation** - Since the analysis on entities was already done by the admin and thatΓÇÖs what led to the action taken, no additional analysis is done by the system. It shows details such as related alert, entity selected for remediation, action taken, remediation status, entity count, and approver of the action. This allows admins to keep track of the investigation and actions carried out *manually*--an admin action investigation.
+ 1. **Admin action alert** - A system alert shows up in the alert queue with the name 'Administrative action submitted by an Administrator'. This indicates that an admin took the action of remediating an entity. It gives details such as the name of the admin who took the action, and the investigation link and time. This makes admins aware of each important action, like remediation, taken on entities.
+ 1. **Admin action investigation** - Since the analysis on entities was already done by the admin and that's what led to the action taken, no additional analysis is done by the system. It shows details such as related alert, entity selected for remediation, action taken, remediation status, entity count, and approver of the action. This allows admins to keep track of the investigation and actions carried out *manually*--an admin action investigation.
1. **Action logs in unified action center** - History and action logs for email actions like soft delete and move to deleted items folder, are *all available in a centralized view* under the unified **Action Center** > **History tab**. 1. **Filters in unified action center** - There are multiple filters such as remediation name, approval ID, Investigation ID, status, action source, and action type. These are useful for finding and tracking email actions in unified Action center.
Email remediation is an already existing feature that helps admins act on emails
Here are scenarios of email remediation:
-1. As part of an investigation SecOps identifies a threat in an end-userΓÇÖs mailbox and wants to clear out the problem email(s).
+1. As part of an investigation SecOps identifies a threat in an end-user's mailbox and wants to clear out the problem email(s).
1. When suggested email actions in Automated Investigation and Response (AIR) are approved by SecOps, remediation action triggers automatically for the given email or email cluster. Two manual email remediation scenarios:
security Use Arc Exceptions To Mark Trusted Arc Senders https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/use-arc-exceptions-to-mark-trusted-arc-senders.md
Services that modify content during transport of the message before delivery to
## When to use trusted ARC sealers?
-A list of trusted ARC sealers is only needed where intermediaries are part of an organizationΓÇÖs email flow and:
+A list of trusted ARC sealers is only needed where intermediaries are part of an organization's email flow and:
1. May modify the email header or email contents. 2. May cause authentication to fail for other reasons (example, by removing attachments).
header.from=contoso.com;compauth=pass reason=130
## PowerShell steps to add or remove a trusted ARC sealer
-**Admins can also set up ARC configurations with Exchange Online Powershell.**
+**Admins can also set up ARC configurations with Exchange Online PowerShell.**
-1. Connect to Exchange online powershell.
+1. Connect to Exchange Online PowerShell.
2. Connect-ExchangeOnline. 3. To add or update a domain into a trusted ARC sealer: </br>
security User Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-submission.md
- M365-security-compliance - m365initiative-defender-office365
-description: How to configure a mailbox to collect spam and phishing email reported by users. Make a mailbox for messages that users report as spam, phish, as malicious, or not malicious.
+description: Admins can learn how identify a custom mailbox (also known as a user submissions mailbox) to collect spam and phishing messages that are reported by users. Other settings complete the reporting experience for users when they report messages.
ms.technology: mdo ms.prod: m365-security
ms.prod: m365-security
- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
-In Microsoft 365 organizations with Exchange Online mailboxes, you can direct mail to a mailbox when users report spam, phish, as malicious, or even not malicious messages. When users report emails using various reporting options, admins can use this mailbox to intercept those email messages (send to the custom mailbox only) or receive copies of messages (send to the custom mailbox and Microsoft).
+In Microsoft 365 organizations with Exchange Online mailboxes, you can direct mail to a custom mailbox (also known as the _user submissions mailbox_) when users report malicious or not malicious messages. When users report email messages using the supported reporting options, admins can configure the user reported message settings in their organization to send reported messages to the user submissions mailbox. You can configure the user submissions mailbox to intercept user-reported messages (send to the user submissions mailbox only) or receive copies of user-reported messages as users report messages to Microsoft. These settings were formerly known as the _User submissions policy_.
-This feature works with these message reporting options:
+User reported message settings and the user submissions mailbox work with the following message reporting options:
- [The Report Message add-in](enable-the-report-message-add-in.md) - [The Report Phishing add-in](enable-the-report-phish-add-in.md)-- [Third-party reporting tools](user-submission.md#third-party-email-reporting-tools)
+- [Third-party reporting tools](#third-party-reporting-tools-options)
-Delivering user-reported messages to a custom mailbox instead of directly to Microsoft allows admins to selectively and manually report email messages to Microsoft using [Admin submission](admin-submission.md). *These settings were formerly known as the User submissions policy*.
+Delivering user reported messages to a user submissions mailbox instead of directly to Microsoft allows admins to selectively and manually report messages to Microsoft on the **Submissions** page at <https://security.microsoft.com/reportsubmission>. For more information, see [Admin submission](admin-submission.md).
> [!NOTE]
- > If reporting has been [disabled in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md#disable-or-enable-junk-email-reporting-in-outlook-on-the-web), enabling user-reported messages here will override that setting and enable users to report messages in Outlook on the web again.
+ > If reporting has been [disabled in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md#disable-or-enable-junk-email-reporting-in-outlook-on-the-web), enabling user-reported messages here will override that setting and allow users to report messages in Outlook on the web again.
-## Custom mailbox prerequisites
+## Configuration requirements for the user submissions mailbox
-Use the articles below to configure prerequisites user-reported email messages go to your custom mailbox:
+Before you get started, yu need to configure Exchange Online Protection and Defender for Office 365 so user reported messages are delivered to the user submissions mailbox without being filtered as described in the following steps:
-- [Identify the custom mailbox as a SecOps mailbox](configure-advanced-delivery.md#use-the-microsoft-365-defender-portal-to-configure-secops-mailboxes-in-the-advanced-delivery-policy).
+- Identify the user submissions mailbox as a SecOps mailbox. For instructions, see [Use the Microsoft 365 Defender portal to configure SecOps mailboxes in the advanced delivery policy](configure-advanced-delivery.md#use-the-microsoft-365-defender-portal-to-configure-secops-mailboxes-in-the-advanced-delivery-policy).
-- [Create an anti-malware policy](configure-anti-malware-policies.md#use-the-microsoft-365-defender-portal-to-create-anti-malware-policies) for the custom mailbox with the following settings:
- - Zero-hour auto purge (ZAP) for malware is turned off (**Protection settings** section \> **Enable zero-hour auto purge for malware** is not selected).
- - The common attachment filter option is turned off (**Protection settings** section \> **Enable the common attachments filter** is not selected).
+- Create a custom anti-malware policy for the user submissions mailbox with the following settings:
-**If you have Microsoft Defender for Office 365**, you should also configure the following settings so that our advanced filtering doesn't impact the reported emails:
+ - Turn off Zero-hour auto purge (ZAP) for malware (**Protection settings** section \> **Enable zero-hour auto purge for malware** is not selected or `-ZapEnabled $false` in PowerShell).
-- Make sure the custom mailbox is not part of any [preset security policies](preset-security-policies.md#use-the-microsoft-365-defender-portal-to-modify-the-assignments-of-standard-and-strict-preset-security-policies)
+ - Turn off common attachments filtering (**Protection settings** section \> **Enable the common attachments filter** is not selected or `EnableFileFilter $false` in PowerShell).
+
+ For instructions, see [Create an anti-malware policy](configure-anti-malware-policies.md#use-the-microsoft-365-defender-portal-to-create-anti-malware-policies).
-- [Create a Safe Links policy](set-up-safe-links-policies.md) for the custom mailbox where Safe Links scanning is turned off (**Select the action for unknown potentially malicious URLs in messages** section > **Off**).
+- Verify the user submissions mailbox is not included in the **Standard** or **Strict** preset security policies. For instructions, see [Preset security policies](preset-security-policies.md).
-- [Create a Safe Attachments policy](set-up-safe-attachments-policies.md) for the custom mailbox where Safe Attachments scanning, including Dynamic Delivery, is turned off (**Safe Attachments unknown malware response** section > **Off**).
+- **Defender for Office 365**: Configure the following additional settings:
-After you've verified that your mailbox meets prerequisites, you can use the rest of this article to configure the user submissions mailbox.
+ - Exclude the user submissions mailbox from the **Built-in protection** preset security policy. For instructions, see [Preset security policies](preset-security-policies.md).
+
+ - Create a Safe Attachments policy for the user submissions mailbox where Safe Attachments scanning, including Dynamic Delivery, is turned off (**Settings** \> **Safe Attachments unknown malware response** section \> **Off** or `-Enable $false` in PowerShell). For instructions, see [Set up Safe Attachments policies in Microsoft Defender for Office 365](set-up-safe-attachments-policies.md).
+
+ - Create a Safe Links policy for the user submissions mailbox where Safe Links scanning in email is turned off (**URL & click protection settings** \> **On: Safe Links checks a list of known, malicious links when users click links in email** is not selected or `EnableSafeLinksForEmail $false` in PowerShell). For instructions, see [Set up Safe Links policies in Microsoft Defender for Office 365](set-up-safe-links-policies.md).
+
+After you've verified that the mailbox meets these requirements, use the rest of the instructions in this article to identify the user submissions mailbox and other user reported message settings.
## What do you need to know before you begin? - You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the **User submissions** page, use <https://security.microsoft.com/userSubmissionsReportMessage>.
+- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
+ - To modify the configuration for User submissions, you need to be a member of one of the following role groups: - **Organization Management** or **Security Administrator** in the [Permissions in the Microsoft 365 Defender portal](permissions-microsoft-365-security-center.md).
After you've verified that your mailbox meets prerequisites, you can use the res
- [Enable or disable access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell) - [Client Access Rules in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules)
-## Use the Microsoft 365 Defender portal to configure the user submissions mailbox for emails
+## Use the Microsoft 365 Defender portal to configure the user submissions mailbox for email
+
+1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat policies** \> **User reported message settings** in the **Others** section. To go directly to the **User submissions** page, use <https://security.microsoft.com/userSubmissionsReportMessage>.
+
+2. On the **User submissions** page, what you see is largely determined by the **Microsoft Outlook Report Message button** toggle:
+
+ - **On** ![Toggle on.](../../media/scc-toggle-on.png): You use the Microsoft integrated reporting experience, which includes the Report Message add-in, the Report Phishing add-in or the built-in reporting in Outlook on the web.
+
+ This setting also allows users to report false positive messages from the quarantine portal.
+
+ - **Off** ![Toggle off.](../../media/scc-toggle-off.png): You use third-party message reporting tools instead of the Microsoft integrated reporting experience.
+
+The related configuration options are described in the following sections.
+
+### Microsoft integrated reporting experience options
+
+When **Microsoft Outlook Report Message button** is **On** ![Toggle on.](../../media/scc-toggle-on.png), the following settings are available on the **User submissions** page:
+
+- **Send the reported messages to** section: Select one of the following options:
+
+ - **Microsoft**: The user submissions mailbox isn't used (all reported messages go to Microsoft for analysis).
+
+ - **Microsoft and my organization's mailbox**: In the box that appears, enter the email address of an existing Exchange Online mailbox to use as the user submissions mailbox. Distribution groups are not allowed. User submissions go to Microsoft for analysis and to the user submissions mailbox for an admin or security operations team to analyze.
+
+ - **My organization's mailbox**: In the box that appears, enter the email address of an existing Exchange Online mailbox. Distribution groups are not allowed. User submissions go only to the user submissions mailbox for an admin or the security operations team to analyze. Messages don't go to Microsoft for analysis unless an admin manually submits the messages.
+
+ > [!IMPORTANT]
+ > In U.S. Government organizations (GCC, GCC High, and DoD) organizations, the only available selection in the **Send the reported messages to** section is **My organization's mailbox**. The other two options are grayed out.
+ >
+ > If you used [Outlook on the web mailbox policies](/exchange/clients-and-mobile-in-exchange-online/outlook-on-the-web/configure-outlook-web-app-mailbox-policy-properties) to disable junk email reporting in Outlook on the web, but you select **Microsoft** or **Microsoft and my organization's mailbox**, users will be able to report messages to Microsoft in Outlook on the web using the Report Message add-in or the Report Phishing add-in.
+ >
+ > If you select **My organization's mailbox**, reported messages appear on the **User reported messages** tab on the **Submissions** page at <https://security.microsoft.com/reportsubmission>. But the **Result** value of these messages will always be empty, because the messages were not rescanned.
+ >
+ > If you use [Attack simulation training](attack-simulation-training-get-started.md) or a third-party product to do phishing simulations, you must configure the user submissions mailbox as a SecOps mailbox as previously described in the [Configuration requirements for the user submissions mailbox](#configuration-requirements-for-the-user-submissions-mailbox) section earlier in this article. If you don't, a user reporting a message might trigger a training assignment in the phishing simulation product.
+
+ Regardless of your selection, the following settings are also available in the **Send the reported messages to** section:
+
+ - **Let users choose if they want to report**: This setting controls the options that are available in the **Select reporting options that are available to users** section:
+
+ - **Let users choose if they want to report** selected: You can select some, all or none of the settings in the **Select reporting options that are available to users** section.
+ - **Let users choose if they want to report** not selected: You can select only one setting in the **Select reporting options that are available to users** section.
+
+ - **Select reporting options that are available to users** section:
+ - **Ask me before sending the message**
+ - **Always report the message**
+ - **Never report the message**
+
+- **User reporting experience** section: The following settings are available:
+
+ As shown on the page, if you select an option that sends the reported messages to Microsoft, the following text is also added to the notification:
+
+ > Your email will be submitted as-is to Microsoft for analysis. Some emails might contain personal or sensitive information.
+
+ - **Before reporting** tab: In the **Title** and **Message body** boxes, enter the descriptive text that users see before they report a message using the Report Message add-in or the Report Phishing add-in. You can use the variable `%type%` to include the submission type (junk, not junk, phishing, etc.).
+ - **After reporting** tab: In the **Title** and **Confirmation message** boxes, enter the descriptive text that users see after they report a message using the Report Message add-in or the Report Phishing add-in. You can use the variable `%type%` to include the submission type.
-1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** > **Threat policies** > **User reported message settings** in the **Others** section. To go directly to the **User submissions** page, use <https://security.microsoft.com/userSubmissionsReportMessage>.
+ - **Only display when user reports phishing**: Select this option to display the **Before reporting** and **After reporting** notifications only when users report messages as phishing. Otherwise, the notifications are shown for all reported messages.
-2. On the **User submissions** page, what you see is determined by whether the **Microsoft Outlook Report Message button** setting is **Off** or **On**:
+- **Email notifications for admin review results** section: The following settings are available:
- - **Microsoft Outlook Report Message button** > **On** ![Toggle on.](../../media/scc-toggle-on.png): Select this option if you use the Report Message add-in, the Report Phishing add-in or the built-in reporting in Outlook on the web, and then configure the following settings:
- - **Send the reported messages to**: Select one of the following options:
- - **Microsoft**: The user submissions mailbox isn't used (all reported messages go to Microsoft).
- - **Microsoft and my organization's mailbox**: In the box that appears, enter the email address of an existing Exchange Online mailbox. Distribution groups are not allowed. User submissions will go to both Microsoft for analysis and to the custom mailbox for your admin or security operations team to analyze.
- - **My organization's mailbox**: In the box that appears, enter the email address of an existing Exchange Online mailbox. Distribution groups are not allowed. Use this option if you want the message to only go to an admin or the security operations team for analysis first. Messages will not go to Microsoft unless the admin forwards it themselves.
+ - **Specify Office 365 email address to use as sender**: Select this setting and enter the email address in the box that appears.
+
+ - **Customize notifications**: Click this link to customize the email notification that's sent after an admin reviews and marks a reported messages.
- > [!IMPORTANT]
- > U.S. Government organizations (GCC, GCC High, and DoD) can only configure **My organization's mailbox**. The other two options are disabled.
- >
- > If organizations are configured to send user reported messages to the custom mailbox only, reported messages will appear in **User reported messages** but their results will always be empty (as they would not have been rescanned).
- >
- > If you do phishing simulations using [Attack simulation training](attack-simulation-training-get-started.md) or a third-party product, you need to [configure this mailbox as a SecOps mailbox](configure-advanced-delivery.md). If you don't, reporting messages may trigger training assignments in the phishing simulation product.
+ On the **Customize confirmation message** flyout that appears, configure the following settings:
- Regardless of the value you selected for **Send the reported messages to**, the following settings are available:
+ - **Phishing**, **Junk** and **No threats found** tabs: In the **Review result text** on some, none, or all of the tabs, enter the custom text to use.
+ - **Footer** tab: The following options are available:
+ - **Footer text**: Enter the custom message footer text to use.
+ - **Display company logo**: Before select this option, you need to follow the instructions in [Customize the Microsoft 365 theme for your organization](../../admin/setup/customize-your-organization-theme.md) to upload your custom logo.
- - **Let users choose if they want to report their message to Microsoft**
- - **Select reporting options that are available to users** section: Select at least one among the following options:
- - **Ask me before sending the message**
- - **Always report the message**
- - **Never report the message**
+ When you're finished on the **Customize confirmation message** flyout, click **Confirm**.
- > [!CAUTION]
- > If you have [disabled junk email reporting in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md#disable-or-enable-junk-email-reporting-in-outlook-on-the-web) using Outlook on the web mailbox policies, but you configured any of the previous settings to report messages to Microsoft, users will be able to report messages to Microsoft in Outlook on the web using the Report Message add-in or the Report Phishing add-in.
+- **Customize your organization's experience when reporting potential threats in quarantine** section:
- Leave the **Microsoft Outlook Report Message button** setting ![Toggle on](../../media/scc-toggle-on.png) **On** to allow end-users to report false positive messages from the quarantine portal.
+ **Quarantine report message button**: Verify this setting is **On** ![Toggle on.](../../media/scc-toggle-on.png) to let users report messages from quarantine. Otherwise, turn this setting **Off** ![Toggle off.](../../media/scc-toggle-off.png).
- - **User reporting experience section**
- - **Before reporting** tab: In the **Title** and **Message body** boxes, enter the descriptive text that users see before they report a message using the Report Message add-in or the Report Phishing add-in. You can use the variable %type% to include the submission type (junk, not junk, phish, etc.).
- - **After reporting** tab: In the **Title** and **Confirmation message** boxes, enter the descriptive text that users see after they report a message using the Report Message add-in or the Report Phishing add-in. You can use the variable %type% to include the submission type.
- - **Only display when user reports phishing**: Check this option if you want to display the message only when an email is reported as phish. If not, checked messages will be shown for any kind of report.
+When you're finished on the **User submissions** page, click **Save**. To restore the settings to their immediately previous values, click **Restore**.
- As shown on the page, if you select an option that sends the reported messages to Microsoft, the following text is also added to the notification:
+### Third-party reporting tools options
- > Your email will be submitted as-is to Microsoft for analysis. Some emails might contain personal or sensitive information.
+You can turn off the Microsoft integrated reporting experience to use third-party message reporting tools to send reported messages to the user submissions mailbox.
- - **Microsoft Outlook Report Message button** > **Off** ![Toggle off.](../../media/scc-toggle-off.png): Select this option if you use third-party reporting tools instead of the Report Message add-in, the Report Phishing add-in, or the built-in reporting in Outlook on the web, and then configure the following settings:
- - Select **Use this custom mailbox to receive user reported submissions**. In the box that appears, enter the email address of an existing Exchange Online mailbox that can receive email.
+The only requirement is that the original messages are included as uncompressed .EML or .MSG attachments in messages that are sent to user submissions mailbox. In other words, don't just forward the original messages to the user submissions mailbox.
- - **Quarantine report message button**: Enable this feature if you want to let end users report messages from quarantine.
+> [!NOTE]
+> If multiple email attachments exist in the message, then the submission will be discarded. We only support message with one email attachment.
-3. When you're finished, click **Confirm**. To clear these values, click **Restore**.
+The message formatting requirements are described in the next section. The formatting is optional, but reported messages don't follow the prescribed format, the reported messages are always identified as phishing.
-## Third-party email reporting tools
+When **Microsoft Outlook Report Message button** is **Off** ![Toggle off.](../../media/scc-toggle-off.png) the following settings are available on the **User submissions** page:
-You can configure third-party message reporting tools to send reported messages to the custom mailbox. You would do this by setting the **Microsoft Outlook Report Message button** setting to **Off** and setting the **My organization's mailbox** to an Office 365 mailbox of your choice.
+- **Microsoft and my organization's mailbox**: In the box that appears, enter the email address of an existing Exchange Online mailbox to use as the user submissions mailbox. Distribution groups are not allowed.
-The only requirement is that the original message is included as a .EML or .MSG attachment (not compressed) in the message that's sent to the custom mailbox (don't just forward the original message to the custom mailbox).
+- **Customize your organization's experience when reporting potential threats in quarantine** section:
- > [!NOTE]
- > If multiple email attachments are present in the email, then the submission will be discarded. We only support emails with one email attachment.
+ **Quarantine report message button**: Verify this setting is **On** ![Toggle on.](../../media/scc-toggle-on.png) to let users report messages from quarantine. Otherwise, turn this setting **Off** ![Toggle off.](../../media/scc-toggle-off.png).
-The message formatting requirements are described in the next section. The formatting is optional, but if it does not follow the prescribed format, the reports will always be submitted as phish.
+When you're finished on the **User submissions** page, click **Save**. To restore the settings to their immediately previous values, click **Restore**.
-## Message submission format
+#### Message submission format
-To correctly identify the original attached messages, messages that are sent to the custom mailbox require specific formatting. If the messages don't use this format, the original attached messages are always identified as phishing submissions.
+To correctly identify the original attached messages, messages sent to the custom mailbox require specific formatting. If the messages don't use this format, the original attached messages are always identified as phishing.
-If you want to specify the reported reason for the original attached messages, messages that are sent to the custom mailbox (don't modify the attachment) need to start with one of the following prefixes in the Subject (Envelope Title):
+To specify the reason why the original attached messages were reported, messages sent to the user submissions mailbox must meet the following criteria:
-- 1| or Junk:-- 2| or Not junk:-- 3| or Phishing:
+- The original message attachment is unmodified.
+- The Subject line (Envelope Title) of messages sent to the user submissions mailbox must start with one of the following prefix values:
+ - `1|` or `Junk:`.
+ - `2|` or `Not junk:`.
+ - `3|` or `Phishing:`.
-For example:
+ For example:
-`3|This part is ignored by the system` <br>
-`Not Junk:This part of the subject is ignored as well`
+ - `3|This text in the Subject line is ignored by the system`
+ - `Not Junk:This text in the Subject line is also ignored by the system`
-Messages that don't follow this format will not display properly in the Submissions portal.
+ Messages that don't follow this format will not display properly on the **Submissions** page at <https://security.microsoft.com/reportsubmission>.
solutions Collaborate Teams Direct Connect https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-teams-direct-connect.md
description: Learn how to enable shared channels in Microsoft Teams for collabor
# Collaborate with external participants in a shared channel
-If you want to enable your users to collaborate with people outside your organization in [shared channels](/MicrosoftTeams/shared-channels), you need to configure B2B direct connect for each organization that you want to collaborate with. (Alternatively, you can [Enable shared channels with all external organizations](/microsoft-365/solutions/allow-direct-connect-with-all-organizations).)
+If you want to enable your users to collaborate with people in other Microsoft 365 organizations in [shared channels](/MicrosoftTeams/shared-channels), you need to configure B2B direct connect for each organization that you want to collaborate with. (Alternatively, you can [Enable shared channels with all external organizations](/microsoft-365/solutions/allow-direct-connect-with-all-organizations).)
When you enable shared channels in Teams with another organization:
solutions Limit Invitations From Specific Organization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/limit-invitations-from-specific-organization.md
description: Learn how to limit which of your users can be invited as a guest or
If you collaborate with another organization and want to limit who can be invited to that organization as a guest or a shared channel member in Teams, you can specify who can be invited in the cross-tenant access settings in Azure Active Directory. > [!NOTE]
-> Changes to cross-tenant access settings may take two hours to take effect.
+> Changes to cross-tenant access settings may take six hours to take effect.
## Create a security group
To limit who can be invited as a shared channel participant
[Limit organizations where users can have guest accounts](limit-organizations-where-users-have-guest-accounts.md)
-[Limit guest sharing to specific organizations](limit-guest-sharing-to-specific-organization.md)
+[Limit guest sharing to specific organizations](limit-guest-sharing-to-specific-organization.md)