Create a Custom Data Loss Prevention “DLP” Policy to look for credit card numbers in emails within the organization and applying the policy as a rule in Office 365.

Scenario:

The default DLP templates in Office 365 to capture credit information is not capturing Credit Card numbers on email messages leaving the organization. Company policy does not permit credit card numbers to be emailed outside of the company.

Additional Sources:

Solution:

  • Open notepad, modify the source to meet the criteria for you company and Save it as a XML file.
  • Connect to O365 via Powershell and import the template. Below is the source code for the template and it can be modified.

Verify the classificationRuleCollection:

Get-ClassificationRuleCollection

Import the customer XML file:

New-ClassificationRuleCollection -FileData (Get-Content -Path “C:\temp\File-Name.xml ” -Encoding Byte)

  • Create the Rule on EAC Below is also a screen shot of the rule created. This rule will look for messages being sent outside of the organization and if it meets the values for a credit card it will not allow the message to be sent out and send it to which ever mailbox specified for approval.

Credit Card DLP screenshot

XML file code example:

 <?xml version=”1.0″ encoding=”utf-16″?>

<RulePackage xmlns=”http://schemas.microsoft.com/office/2011/mce“>

  <RulePack id=”deec49d3-ee70-4a81-ae7b-d7df308522a4″>

    <Version major=”1″ minor=”0″ build=”0″ revision=”0″ />

    <Publisher id=”0fc899c6-ddbd-4929-aab5-2db7b761ac07″ />

    <Details defaultLangCode=”en-us”>

      <LocalizedDetails langcode=”en-us”>

         <PublisherName>Custom DLP Template Filter CC</PublisherName>

         <Name>Custom DLP Template Filter CC </Name>

         <Description>Custom DLP Template Filter CC </Description>

      </LocalizedDetails>

    </Details>

  </RulePack>

 

 <Rules>

   <Entity id=”953f3b87-5c58-4c70-b26a-b4c6de31df91″ patternsProximity=”300″>

      <Pattern confidenceLevel=”65″>

        <IdMatch idRef=”Func_credit_card” />

      </Pattern>

    </Entity>

 

      <LocalizedStrings>

         <Resource idRef=”953f3b87-5c58-4c70-b26a-b4c6de31df91″>

           <Name default=”true” langcode=”en-us”> Custom DLP Template Filter CC </Name>

           <Description default=”true” langcode=”en-us”> Custom DLP Template Filter CC Description>

         </Resource>

      </LocalizedStrings>

 

   </Rules>

</RulePackage>

Was this article helpful?
YesNo