When at first I was looking into this the TechNet documentation was extensive and yet not as specific as I would prefer, so here is the quick and dirty DLP classification!
Creating and importing custom Classifications
- First you need to create your custom policy XML (Example Below)
- Save as XML Unicode file type (C:\MyNewPolicy.xml)
- Open the XML in internet explorer if its formatted correctly you will see the XML.
- Then import with Powershell
New-ClassificationRuleCollection –FileData ([Byte[]]$(Get-Content -path C:\MyNewPolicy.xml -Encoding byte -ReadCount 0)) - Once its imported you should be able to create a new DLP policy using the EAC
Creating a custom DLP Rule
- Login to EAC (i.e https://mail.domain.com/ecp)
- Click Compliance Management, data loss prevention
- Click the Plus
, then New custom policy
- Name your policy and Choose your mode (I like to test with Policy tags), and click Save
- Select the policy and click the
edit your new policy
- Select Rules from the left
- Click the
to Create a new rule
- On the Apply this rule if field choose The message contains Sensitive information..
- Click *Select sensitive information types….. (if applicable)
- Click the
to choose from the list,
- You should now see your new classification (from the example below it would be Secure Product Codes\ DLP by Exchangemasters.info)
Useful Tools
- Regex – http://gskinner.com/RegExr/
- GUID creator – http://www.guidgenerator.com/online-guid-generator.aspx
- Technet – http://technet.microsoft.com/en-us/library/jj674704(v=exchg.150).aspx
Example of a Rule Classification XML
<?xml version=”1.0″ encoding=”utf-16″?>
<RulePackage xmlns=”http://schemas.microsoft.com/office/2011/mce”>
<RulePack id=”b4b4c60e-2ff7-47b2-a672-86e36cf608be”>
<Version major=”1″ minor=”0″ build=”0″ revision=”0″/>
<Publisher id=”7ea13c35-0e58-472a-b864-5f2e717edec6″/>
<Details defaultLangCode=”en-us”>
<LocalizedDetails langcode=”en-us”>
<PublisherName>DLP by Exchangemasters.info</PublisherName>
<Name>Secure Product Codes</Name>
<Description>Secure Products</Description>
</LocalizedDetails>
</Details>
</RulePack>
<Rules>
<!– Product Code –>
<Entity id=”acc59528-ff01-433e-aeee-13ca8aaee159″ patternsProximity=”300″ recommendedConfidence=”75″>
<Pattern confidenceLevel=”75″>
<IdMatch idRef=”Regex_Product_Code” />
<Match idRef=”Code” />
</Pattern>
</Entity>
<Regex id=”Regex_Product_Code”>[A-Z]{3}[0-9]{9}
</Regex>
<Keyword id=”Code”>
<Group matchStyle=”word”>
<Term>Code</Term>
</Group>
</Keyword>
<LocalizedStrings>
<Resource idRef=”acc59528-ff01-433e-aeee-13ca8aaee159″>
<Name default=”true” langcode=”en-us”>
Product Code
</Name>
<Description default=”true” langcode=”en-us”>
A custom classification for detecting product codes that have 3 uppercase letters and 9 numbers
</Description>
</Resource>
</LocalizedStrings>
</Rules>
</RulePackage>