Microsoft Message ID

Check the technical review of the Microsoft Purview update regarding Sensitive Information Type (SIT) proximity matching below.

Summary

Microsoft is standardizing the detection logic for all out-of-box (OOB) Sensitive Information Types (SITs) within Microsoft Purview by removing “relaxed proximity matching.” Previously, some OOB SITs allowed for a broader distance between supporting elements (such as a keyword and a regex pattern) to trigger a match. Moving forward, all OOB SITs will utilize stricter proximity rules to enhance detection precision and minimize false positives. This change is currently active across all environments, including Production, GCC, GCC High, and DoD.

Impact

• Reduced False Positives: Administrators may notice a decrease in “noisy” or incorrect detections, as the stricter rules require sensitive data and their associated keywords to be closer together in a document or email.
• Potential Drop in Detections: Content that previously triggered a DLP policy or auto-labeling event under relaxed rules may no longer be flagged. This could lead to a perceived gap in protection if your organization relies on broad matching for specific workflows.
• DLP and Classification Consistency: Enforcement behavior across Data Loss Prevention (DLP) and Information Protection labels is affected, as the underlying SITs used for identification have been tightened.
• Scope of Change: This update applies exclusively to Microsoft’s pre-defined OOB SITs. Any Custom Sensitive Information Types created by your organization are unaffected and will maintain their existing proximity configurations.

Action Required

• Audit Existing Policies: Review your current DLP and data classification policies that rely on OOB SITs. Monitor for a significant drop in incident volume that might indicate valid data is no longer being detected.
• Perform Gap Analysis: If your organization requires broader detection (e.g., a keyword appearing further away from a sensitive number), test these scenarios in a non-production or “Test Mode” environment.
• Transition to Custom SITs: If the stricter OOB proximity rules are too restrictive for your business needs, create Custom Sensitive Information Types. You can clone the logic of the OOB SIT and manually configure the proximity character count to meet your requirements.
• Update Documentation: Ensure internal compliance and security teams are aware that detection thresholds have shifted toward higher precision.