Type something to search...
How to create Sensitive Information Types in Purview

How to create Sensitive Information Types in Purview


Introduction

In previous articles, we examined how Microsoft Purview can protect sensitive data through DLP (Data Loss Prevention) policies and Sensitivity Labels. However, all these features rely on one essential element : the ability to accurately identify sensitive information.

This is where Sensitive Information Types (SIT) come in. Whether detecting credit card numbers, social security numbers, employee IDs, passwords, or custom business identifiers, these sensitive information types form the foundation of many Purview features. They allow organizations to automatically classify, protect, and monitor sensitive data, as well as prevent its unauthorized sharing within Microsoft 365.


Prerequisites

Required licenses

  • Microsoft 365 Business Premium, Microsoft 365 E3 and Microsoft 365 E5.
  • Microsoft Purview Suite as an add-on with another license (E1, Standard, …).

Administrator role

  • An account with the Global Administrator or Compliance Administrator role to access the Microsoft Purview Portal.

Step 1 : Sign in to the Microsoft Purview Portal

Sign in to the Microsoft Purview Portal by opening your web browser to https://purview.microsoft.com.


Step 2 : Create a Sensitive Information Type

In the left menu, click Solutions, then Information Protection, then Classifiers, and Sensitive info types.

Click Create sensitive info type.

image

Set a name and description. (I use a ”>” prefix to easily find my custom Sensitive Information Types).

image

Here, I use a regex to detect the CLI-20XX-YYYY format (for example CLI-2026-1234).

image

And a keyword list that can support the expression I am trying to validate.

image

tip

The combination of the regex and the keyword list raises the confidence level in what is detected and reduces “false positives”.

Step 3 : Test the Sensitive Information Type

I created the Word file Lorem ipsum.docx with random text and the format I am looking to detect, embedded in the middle.

image

On the created Sensitive Information Type, click Test and import the file.

image

We can see 3 results here :

  • Low : Matching elements have the fewest false negatives, but the most false positives. The low confidence level returns all low, medium, and high confidence matches. This level has a value of 65.
  • Medium : Matching elements have an average number of false positives and false negatives. The medium confidence level returns all medium and high confidence matches. This level has a value of 75.
  • High : Matching elements have the fewest false positives, but the most false negatives. The high confidence level returns only high confidence matches. This level has a value of 85.

image

note

The confidence level reflects the amount of evidence detected alongside the primary element. The more supporting evidence the detected element contains, the higher the confidence that the matching element contains the sensitive information you are looking for.

So, what do we do with that now ?

Sensitive Information Types allow you to find and sort important and sensitive information within your organization. This can include credit card numbers, social security numbers, passport numbers, etc.

They are essential for identifying sensitive information when using Microsoft Purview, including :

  • Data Loss Prevention policies
  • Sensitivity Labels
  • Retention Labels
  • Insider Risk Management
  • Communication Compliance
  • Auto-Labelling policies

Conclusion

By understanding how Sensitive Information Types work and learning to create custom detection rules, organizations can go beyond generic protection and adapt Microsoft Purview to their specific business needs. Whether protecting customer data, employee information, financial documents, or strategic company assets, well-designed sensitive information types reduce false positives, improve policy accuracy, and strengthen your overall security posture.

You now know how to create Sensitive Information Types in Purview.


Sources

Microsoft Learn - Sensitive Information Type


Did you enjoy this post ? If you have any questions, comments or suggestions, please feel free to send me a message from the contact form.

Don’t forget to follow us and share this post.

Related Posts

Email verification of external Teams participants

Email verification of external Teams participants

Introduction Microsoft Teams Premium introduces a new feature to enhance the security and reliability of your meetings: email verification for external participants. This feature allows m

Read More
How to activate Microsoft 365 Passkey in Entra ID

How to activate Microsoft 365 Passkey in Entra ID

Introduction Microsoft 365 Passkey is an authentication method that replaces passwords with more secure options like facial recognition, fingerprint, or a PIN.Prerequisites **<

Read More
How to sign in with Passkey to Microsoft 365

How to sign in with Passkey to Microsoft 365

Introduction Microsoft 365 Passkey is an authentication method that replaces passwords with more secure options like facial recognition, fingerprint, or a PIN.Prerequisites **<

Read More
How to enable LAPS on the MTR Admin account via Intune

How to enable LAPS on the MTR Admin account via Intune

Introduction Microsoft's LAPS (Local Administrator Password Solution) is a free tool designed to improve password security for local administrator accounts on workstations, servers and

Read More
Microsoft Purview for Azure Data Lake and Blob Storage

Microsoft Purview for Azure Data Lake and Blob Storage

Introduction Microsoft announced that Microsoft Purview protection policies for Azure Data Lake and Blob Storage are now available in all regions. This advancement allows organization

Read More
Impact analysis of Entra ID conditional access policies

Impact analysis of Entra ID conditional access policies

Introduction Conditional access in Entra is a security policy that allows administrators to control access to applications and resources based on specific conditions. These conditions can i

Read More
How to create a Windows local admin account via Intune LAPS

How to create a Windows local admin account via Intune LAPS

Introduction I wrote an article last February on how to replace the password of your MTR's local account using LAPS (Local Administrator Password Solution) in Intune. I concluded my article

Read More
New security approach for non-compliant emails

New security approach for non-compliant emails

Introduction Microsoft has announced a major update to Defender for Office 365 that strengthens email security by improving the handling of non-RFC compliant emails. This initiative is

Read More
Blocking screenshots during Teams meetings

Blocking screenshots during Teams meetings

Introduction Microsoft Teams continues to strengthen the privacy and security of online meetings. Starting in July 2025, a new feature will be rolled out to prevent screenshots during meeti

Read More
"Anti-Tampering" certification for Defender for Endpoint (2025)

"Anti-Tampering" certification for Defender for Endpoint (2025)

Introduction Microsoft recently announced that Microsoft Defender for Endpoint has successfully passed the 2025 anti-tampering tests conducted by AV-Comparatives, a recognized independe

Read More
How to enable DLP for Teams with Purview

How to enable DLP for Teams with Purview

Introduction In a context where sensitive data, particularly banking information, is increasingly circulating in collaborative tools, businesses must be extra vigilant to avoid accidental o

Read More
How to enable DLP for Outlook with Purview

How to enable DLP for Outlook with Purview

Introduction Last week, I showed you how to enable DLP for Teams with Microsoft Purview to prevent accidental or malicious data leaks (Data Loss Prevention). Purview is a comprehensive

Read More
Entra Private Access for Domain Controllers

Entra Private Access for Domain Controllers

Introduction Microsoft has announced the Public Preview of Microsoft Entra Private Access for Active Directory Domain Controllers, a major step forward in strengthening the security of

Read More
Sensitive content detection in Teams meetings

Sensitive content detection in Teams meetings

Introduction In a world where business interactions increasingly take place via video conferencing, the security of information shared in meetings is becoming a major issue. Microsoft is ad

Read More
How to activate Defender EDR in "Block Mode"

How to activate Defender EDR in "Block Mode"

Introduction In a context of constantly evolving cyber threats, antivirus solutions are no longer sufficient to effectively protect workstations. Microsoft Defender for Endpoint's *Block

Read More
How to enable DSPM for AI with Purview

How to enable DSPM for AI with Purview

Introduction With the rise of generative AI models, the phenomenon of Shadow AI (the use of artificial intelligence tools and services not approved or controlled by organizations) is incr

Read More
How to block a website URL in Edge with Defender

How to block a website URL in Edge with Defender

Introduction Web browsing is one of the most common attack vectors in business environments. To strengthen security, Microsoft Defender for Endpoint offers a powerful feature : blocking m

Read More
How to enable DLP for cloud storage with Purview

How to enable DLP for cloud storage with Purview

Introduction A few months ago, I showed you how to enable DLP for Outlook with Microsoft Purview to prevent accidental or malicious data leaks (Data Loss Prevention). Purview is a com

Read More
Blocking screen captures in Teams meetings

Blocking screen captures in Teams meetings

Introduction In a world where business interactions increasingly take place via video conferencing, the security of information shared in meetings is becoming a major issue. A simple screen

Read More
Extend Zero Trust to AI agent identities in Entra ID

Extend Zero Trust to AI agent identities in Entra ID

Introduction AI agents are becoming increasingly widespread in businesses (incident summaries, log analysis, flow execution, etc.), and it is crucial that their access is continuously evalu

Read More
How to enable DLP for printing with Purview

How to enable DLP for printing with Purview

Introduction A few weeks ago, I showed you how to enable DLP to prevent the copying of financial data to an external cloud storage solution using Microsoft Purview, in order to prevent

Read More
How to enable DLP for AI websites with Purview

How to enable DLP for AI websites with Purview

Introduction Last week, I showed you how to enable DLP to prevent printing of financial data using Microsoft Purview, in order to prevent accidental or malicious data leaks (*Data Loss

Read More
How to enable DLP for copy/paste with Purview

How to enable DLP for copy/paste with Purview

Introduction Last month, I showed you how to enable DLP to prevent financial data from being sent to an AI website using Microsoft Purview, in order to prevent accidental or malicious d

Read More
Purview Sensitivity Labels are coming to OneNote

Purview Sensitivity Labels are coming to OneNote

Introduction Good news for security and compliance teams, Sensitivity Labels are now General Availability in OneNote. This update finally allows you to apply the same classification a

Read More
How to block Teams calls and chats with Purview IB

How to block Teams calls and chats with Purview IB

Introduction Microsoft Purview's Information Barriers allow you to restrict communication and collaboration between specific user groups within a Microsoft 365 environment. Their prim

Read More
External MFA is now available in Entra ID

External MFA is now available in Entra ID

Introduction Microsoft has announced the General Availability of External MFA, in Microsoft Entra ID, formerly known as External Authentication Methods. This feature allows the use

Read More
How to create Sensitivity Labels for emails in Purview

How to create Sensitivity Labels for emails in Purview

Introduction Emails remain one of the primary vectors for information leaks in businesses. Whether it's a message sent to the wrong recipient, an attachment forwarded without proper oversig

Read More
How to secure your emails with Sensitivity Labels

How to secure your emails with Sensitivity Labels

Introduction Last week, I showed you how to create Sensitivity Labels to secure your emails, without explaining how they work. Today I'll talk about how to use them and what results you g

Read More
Detect exposed passwords in plain text with Purview

Detect exposed passwords in plain text with Purview

Introduction In a Microsoft 365 environment, data breaches aren't limited to credit card numbers or personal information. A frequently underestimated risk is the sharing of passwords in p

Read More
Microsoft raises the conditional access policy limit

Microsoft raises the conditional access policy limit

Introduction Microsoft quietly raises the limit of conditional access policies per tenant, from 195 to 244. This limit applies to all policies, whether active, disabled, or in *report-onl

Read More
Purview Sensitivity Labels now support security groups

Purview Sensitivity Labels now support security groups

Introduction Microsoft has updated the scoping of Sensitivity Labels policies in Microsoft Purview, now generally available. Administrators can now include non-mail-enabled security

Read More