If you like then share Please So others can also get benefit/knowledge !!!!!
Hi All ,
Today I am oing to share with you about Document fingerprinting .
To protect information, organizations can convert standard forms that they use into a sensitive information
type. This is known as document fingerprinting, which is a DLP feature that you can use to define
transport rules and DLP policies. For example, you can create a document fingerprint based on a blank
patent template and then create a DLP policy that detects and blocks all outgoing patent templates
with sensitive content filled in.
Below are images and steps to do the lab.
Note: As a security measure, the original document itself is not stored on the service; only
the hash value is stored, and the original document cannot be reconstructed from the hash value.
The patent fingerprint then becomes a sensitive information type that can be associated with a DLP
policy. After you associate the fingerprint with a DLP policy, the DLP agent detects any outbound emails
containing documents that match the patent fingerprint and deals with them according to your
organization’s policy.
For example, you might want to set up a DLP policy that prevents regular employees from sending
outgoing messages containing patents. The DLP agent will use the patent fingerprint to detect patents
and block those emails. Alternatively, you might want to let your legal department send patents to other
organizations because it has a business need for doing so. You can allow specific departments to send
sensitive information by creating exceptions for those departments in your DLP policy, or you can allow
them to override a policy tip with a business justification.
Document Fingerprinting supports the same file types that are supported In transport rules. The
Document Fingerprinting DLP agent does not detect sensitive information in password protected files,
files that contain only images, and documents that do not contain all the text from the original form used
to create the document fingerprint.
Using the EAC to Create a Document Fingerprint
To use document fingerprinting, simply upload a blank form, such as an intellectual property document,
government form, or other standard form used in your organization. Then perform the following steps to
add the resulting document fingerprint to a DLP policy or transport rule:
1. In the Exchange Administration Center EAC, go to Compliance Management > Data Loss
Prevention.
2. Click Manage document fingerprints.
3. On the document fingerprints page, click the New Add icon to create a new document fingerprint.
4. Give the document fingerprint a Name and Description. (The name you choose will appear in the
sensitive information types list.)
5. To upload a form, click the Plus sign (+).
6. Choose a form, and click Open. (Make sure that the file you upload contains text, is not password
protected, and is in one of the File types that are supported in the transport rules (otherwise, you will
receive get an error when you try creating the fingerprint.) Repeat for any additional files you want to
add to the document list for this document fingerprint. You can also add or remove files from this
document fingerprint later if you want.
7. Click Save.
The document fingerprint is now part of your sensitive information types, and you can add it to a DLP
policy or add it to a transport rule.
Using PowerShell to Create Classification Rule Packages
DLP uses classification rule packages to detect sensitive content in messages. To create a classification rule
package based on a document fingerprint, use the New-Fingerprint and New-DataClassification
cmdlets. Because the results of New-Fingerprint aren’t stored outside the data classification rule, you
always run New-Fingerprint and New-DataClassification or Set-DataClassification in the same
PowerShell session.
Hi All ,
Today I am oing to share with you about Document fingerprinting .
To protect information, organizations can convert standard forms that they use into a sensitive information
type. This is known as document fingerprinting, which is a DLP feature that you can use to define
transport rules and DLP policies. For example, you can create a document fingerprint based on a blank
patent template and then create a DLP policy that detects and blocks all outgoing patent templates
with sensitive content filled in.
Below are images and steps to do the lab.
Note: As a security measure, the original document itself is not stored on the service; only
the hash value is stored, and the original document cannot be reconstructed from the hash value.
The patent fingerprint then becomes a sensitive information type that can be associated with a DLP
policy. After you associate the fingerprint with a DLP policy, the DLP agent detects any outbound emails
containing documents that match the patent fingerprint and deals with them according to your
organization’s policy.
For example, you might want to set up a DLP policy that prevents regular employees from sending
outgoing messages containing patents. The DLP agent will use the patent fingerprint to detect patents
and block those emails. Alternatively, you might want to let your legal department send patents to other
organizations because it has a business need for doing so. You can allow specific departments to send
sensitive information by creating exceptions for those departments in your DLP policy, or you can allow
them to override a policy tip with a business justification.
Document Fingerprinting supports the same file types that are supported In transport rules. The
Document Fingerprinting DLP agent does not detect sensitive information in password protected files,
files that contain only images, and documents that do not contain all the text from the original form used
to create the document fingerprint.
Using the EAC to Create a Document Fingerprint
To use document fingerprinting, simply upload a blank form, such as an intellectual property document,
government form, or other standard form used in your organization. Then perform the following steps to
add the resulting document fingerprint to a DLP policy or transport rule:
1. In the Exchange Administration Center EAC, go to Compliance Management > Data Loss
Prevention.
2. Click Manage document fingerprints.
3. On the document fingerprints page, click the New Add icon to create a new document fingerprint.
4. Give the document fingerprint a Name and Description. (The name you choose will appear in the
sensitive information types list.)
5. To upload a form, click the Plus sign (+).
6. Choose a form, and click Open. (Make sure that the file you upload contains text, is not password
protected, and is in one of the File types that are supported in the transport rules (otherwise, you will
receive get an error when you try creating the fingerprint.) Repeat for any additional files you want to
add to the document list for this document fingerprint. You can also add or remove files from this
document fingerprint later if you want.
7. Click Save.
The document fingerprint is now part of your sensitive information types, and you can add it to a DLP
policy or add it to a transport rule.
Using PowerShell to Create Classification Rule Packages
DLP uses classification rule packages to detect sensitive content in messages. To create a classification rule
package based on a document fingerprint, use the New-Fingerprint and New-DataClassification
cmdlets. Because the results of New-Fingerprint aren’t stored outside the data classification rule, you
always run New-Fingerprint and New-DataClassification or Set-DataClassification in the same
PowerShell session.
