Merge pull request #771 from microsoft/Feature-35033

Network-35033: Custom Sensitive Information Types (SITs) Configured

Author: SagarSathe

src/powershell/tests/Test-Assessment.35033.md

@@ -0,0 +1,37 @@
+Custom Sensitive Information Types (SITs) are organization-specific classification rules that detect patterns of sensitive data beyond the built-in SIT library. Custom SITs enable organizations to identify proprietary data formats, business-specific terminology, regulatory identifiers, or internal classification schemes that are unique to their industry or operations. By creating custom SITs, organizations can extend Microsoft Purview's data discovery capabilities to automatically detect and protect organization-specific sensitive information in auto-labeling policies, Data Loss Prevention (DLP) rules, and communication compliance monitoring. Custom SITs are particularly critical for organizations handling proprietary data formats, internal identifiers, specialized healthcare codes, financial account numbers, or regulatory compliance data that doesn't match standard built-in patterns. Without custom SITs, data protection mechanisms rely exclusively on generic patterns and may miss organization-specific sensitive information that requires targeted protection.
+
+**Remediation action**
+
+To create custom Sensitive Information Types:
+
+1. Sign in as a Global Administrator or Compliance Administrator to the [Microsoft Purview portal](https://purview.microsoft.com)
+2. Navigate to Data Classification > Sensitive Info Types
+3. Select "+ Create sensitive info type" to create a new custom SIT
+4. Enter a name and description for your custom SIT
+5. Define detection patterns:
+   - **Regex pattern**: Define a regular expression to match the data format
+   - **Keyword list**: Create a list of specific terms or identifiers to match
+   - **Supporting evidence**: Add additional patterns that provide confidence to the match
+6. Set confidence level (Low, Medium, High) based on pattern specificity
+7. Define character proximity for multi-pattern matching
+8. Test the pattern with sample data to verify accuracy
+9. Create and activate the custom SIT
+10. Use the custom SIT in auto-labeling policies or DLP rules
+
+Example custom SIT patterns:
+- **Internal Project Codes**: Regex pattern matching "PROJ-[0-9]{6}" format
+- **Employee ID Numbers**: Regex pattern matching "EMP-[0-9]{8}" format
+- **Healthcare Record Numbers**: Regex pattern matching proprietary medical record identifiers
+- **Financial Account Numbers**: Regex pattern matching internal bank account formats
+- **Regulatory Reference Numbers**: Keyword lists or patterns specific to industry compliance codes
+
+Alternatively, create via PowerShell:
+1. Connect to Compliance & Security PowerShell: `Connect-IPPSSession`
+2. Custom SITs cannot be created directly via PowerShell; use the portal for creation
+3. Verify creation: `Get-DlpSensitiveInformationType -Filter "IsBuiltIn -eq $false"`
+
+- [Create and configure custom sensitive information types](https://learn.microsoft.com/en-us/purview/create-a-custom-sensitive-information-type)
+- [Sensitive information types (SITs) reference](https://learn.microsoft.com/en-us/purview/sit-learn-about-exact-data-match-based-sits)
+- [Regular expressions for custom SITs](https://learn.microsoft.com/en-us/purview/sensitive-information-type-entity-definitions)
+<!--- Results --->
+%TestResult%

src/powershell/tests/Test-Assessment.35033.ps1

@@ -0,0 +1,122 @@
+<#
+.SYNOPSIS
+    Validates that custom Sensitive Information Types (SITs) are configured in the organization.
+
+.DESCRIPTION
+    This test checks if custom Sensitive Information Types are configured, enabling detection of
+    organization-specific sensitive data patterns beyond the built-in SIT library. Custom SITs are
+    critical for protecting proprietary data formats and industry-specific information.
+
+.NOTES
+    Test ID: 35033
+    Category: Advanced Classification
+    Pillar: Data
+    Required Module: ExchangeOnlineManagement
+    Required Connection: Security & Compliance PowerShell
+#>
+
+function Test-Assessment-35033 {
+    [ZtTest(
+        Category = 'Advanced Classification',
+        ImplementationCost = 'High',
+        MinimumLicense = ('Microsoft 365 E5 Compliance'),
+        Pillar = 'Data',
+        RiskLevel = 'High',
+        SfiPillar = 'Protect tenants and production systems',
+        TenantType = ('Workforce'),
+        TestId = 35033,
+        Title = 'Custom Sensitive Information Types (SITs) Configured',
+        UserImpact = 'Medium'
+    )]
+    [CmdletBinding()]
+    param()
+
+    #region Data Collection
+    Write-PSFMessage '🟦 Start' -Tag Test -Level VeryVerbose
+
+    $activity = 'Checking Custom Sensitive Information Types Configuration'
+    Write-ZtProgress -Activity $activity -Status 'Getting custom SIT configuration'
+
+    # Get all custom Sensitive Information Types
+    $customSITs = $null
+    $errorMsg = $null
+
+    try {
+        $allSITs = Get-DlpSensitiveInformationType -ErrorAction Stop
+        # Filter for custom SITs (Publisher is not "Microsoft Corporation")
+        $customSITs = @($allSITs | Where-Object { $_.Publisher -ne 'Microsoft Corporation' })
+    }
+    catch {
+        $errorMsg = $_
+        Write-PSFMessage "Failed to retrieve custom SIT configuration: $_" -Tag Test -Level Warning
+    }
+    #endregion Data Collection
+
+    #region Assessment Logic
+    $passed = $false
+    $customStatus = $null
+
+    if ($errorMsg) {
+        # Investigate: Cannot query custom SITs
+        $passed = $false
+        $customStatus = 'Investigate'
+    }
+    elseif ($null -eq $customSITs) {
+        # Investigate: Cannot determine custom SIT status
+        $passed = $false
+        $customStatus = 'Investigate'
+    }
+    elseif ($customSITs.Count -ge 1) {
+        # Pass: Custom SITs are configured
+        $passed = $true
+    }
+    else {
+        # Fail: No custom SITs configured
+        $passed = $false
+    }
+    #endregion Assessment Logic
+
+    #region Report Generation
+    $testResultMarkdown = ''
+
+    if ($customStatus -eq 'Investigate') {
+        $testResultMarkdown = "### Investigate`n`n"
+        $testResultMarkdown += "Unable to determine custom SIT status due to permissions issues or service connection failure."
+    }
+    elseif ($passed) {
+        $testResultMarkdown = "✅ Custom Sensitive Information Types are configured, enabling detection of organization-specific sensitive data patterns.`n`n"
+    }
+    else {
+        $testResultMarkdown = "❌ No custom Sensitive Information Types are configured; relying solely on built-in SIT patterns.`n`n"
+    }
+
+    # Build detailed information if we have data
+    if ($customSITs -and $customSITs.Count -gt 0) {
+        $testResultMarkdown += "## [Custom Sensitive Information Types](https://purview.microsoft.com/informationprotection/dataclassification/sensinfoTypes)`n`n"
+        $testResultMarkdown += "| Name | Description | Publisher |`n"
+        $testResultMarkdown += "| :--- | :--- | :--- |`n"
+
+        foreach ($sit in $customSITs | Sort-Object Name) {
+            $safeSITName = Get-SafeMarkdown $sit.Name
+            $safeDescription = if ($sit.Description) { Get-SafeMarkdown $sit.Description } else { 'Not specified' }
+            $safePublisher = if ($sit.Publisher) { Get-SafeMarkdown $sit.Publisher } else { 'Not specified' }
+
+            $testResultMarkdown += "| $safeSITName | $safeDescription | $safePublisher |`n"
+        }
+
+        $testResultMarkdown += "`n**Summary:**`n"
+        $testResultMarkdown += "* Total Custom SITs: $($customSITs.Count)`n"
+    }
+    #endregion Report Generation
+
+    $params = @{
+        TestId = '35033'
+        Title  = 'Custom Sensitive Information Types (SITs) Configured'
+        Status = $passed
+        Result = $testResultMarkdown
+    }
+    if ($customStatus) {
+        $params.CustomStatus = $customStatus
+    }
+    Add-ZtTestResultDetail @params
+}