Document Fingerprint in Exchange Online
Introduction:
If your organization uses forms to collect sensitive information, Document Fingerprint makes it easier for you to protect this information by identifying standard forms that are used throughout your organization.
Document Fingerprint is a feature of Data Loss Prevention that converts a standard form into a sensitive information type which you can use to define DLP Policies.
Working:
Documents have unique word patterns. When you upload a file, the DLP agent identifies the unique word pattern in the document and creates a document fingerprint based on that pattern and uses that document fingerprint to detect outbound documents containing the same pattern.
Limitation:
Document Fingerprint DLP agent will not detect sensitive information in the following cases:
- Password protected files
- Files that contain only images
- Documents that don’t contain all the text from the original form used to create document fingerprint.
To upload a blank form:
- Go to Exchange Admin Center > Compliance Management > Data Loss Prevention.
- Click Manage document fingerprints.
- Click + New, provide a Name and Description. The name you choose will appear in the sensitive information types list.
- Click Add + to upload a form.
- Choose a Form and click Open.
- Click Save.
The Document Fingerprint is now part of your sensitive information types, and you can add it to a DLP policy .
Creating a rule in DLP policy:
- Go to Compliance Management > Data Loss Prevention.
- Click + New, choose custom DLP policy.
- Provide a Name and Description for DLP policy, Enable the state of the DLP policy and Enforce the policy.
- Click Save. New created DLP policy will be shown.
- Click Edit and go to Rules > Create a new rule.
- Add a Condition, so that if this (Employee Information Form) sensitive info type is sent to the external Recipient. Depending upon your organization requirement add an Action, that it will block the message, but sender can override and can send the documents to external recipient if there is a business requirement.
- Fill out the other properties of this rule as per your requirements and Save.
- So, whenever a user will try to send a form which has been managed by Document Fingerprint to external contacts the results will be as below.
Conclusion:
In this way you can secure and monitor the sensitive information from leaking outside your organization.