ASD's Blueprint for Secure Cloud

Data Loss Prevention: Australia Financial Data

This section describes the configuration of data loss prevention policies within Microsoft Purview associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.

Estimated reading time: 5 minutes

Name

ItemValue
NameAustralia Financial Data (Policy Template)
DescriptionHelps detect the presence of information commonly considered to be financial data in Australia, including credit cards, and SWIFT codes.

Admin units

ItemValue
Admin unitsFull directory

Locations

ItemValue
Exchange emailAll groups
SharePoint sitesAll sites
OneDrive accountsAll users and groups
Teams chat and channel messagesAll users and groups
DevicesAll users and groups
InstancesAll instances
On-premises repositoriesAll repositories
Power BI workspaces

Advanced DLP rules

Low volume of content detected Australia Financial

ItemValue
NameLow volume of content detected Australia Financial
Description
Conditions

Content contains

ItemValue
Group nameDefault
- Group operatorAny of these
Sensitive info types
- SWIFT CodeMedium confidencebr>Instance count: 1 to 9
- Australia Tax File NumberHigh confidencebr>Instance count: 1 to 9
- Australia Bank Account NumberMedium confidencebr>Instance count: 1 to 9
- Credit Card NumberHigh confidencebr>Instance count: 1 to 9
User notifications
ItemValue
Use notifications to inform your users and help educate them on the proper use of sensitive infoOn
Endpoint devices
Show users a policy tip notification when an activity is restricted.Not checked
Microsoft 365 services
Notify users in Office 365 service with a policy tipChecked
Email notificationsNotify these people
- The person who sent, shared, or last modified the contentChecked
- Owner of the SharePoint site or OneDrive accountChecked
- Owner of the SharePoint or OneDrive contentChecked
Attach matching email message to the notificationChecked
Customize the policy tip textNot checked
Show the policy tip as a dialog for the end user before sendNot checked
Provide a compliance URL for the end user to learn more about your organization’s policiesNot checked
User overrides
ItemValue
Allow overrides from M365 servicesNot checked
Incident reports
ItemValue
Use this severity level in admin alerts and reportsLow
Send an alert to admins when a rule match occursOff
Use email incident reports to notify you when a policy match occursOff
Additional options
ItemValue
If there’s a match for this rule, stop processing additional DLP policies and rulesNot checked
Priority0

High volume of content detected Australia Financial

ItemValue
NameHigh volume of content detected Australia Financial
Description
Conditions

Content contains

ItemValue
Group nameDefault
- Group operatorAny of these
Sensitive info types
- SWIFT CodeMedium confidence
Instance count: 10 to Any
- Australia Tax File NumberHigh confidence
Instance count: 10 to Any
- Australia Bank Account NumberMedium confidence
Instance count: 10 to Any
- Credit Card NumberHigh confidence
Instance count: 10 to Any
User notifications
ItemValue
Use notifications to inform your users and help educate them on the proper use of sensitive infoOn
Endpoint devices
Show users a policy tip notification when an activity is restricted.Not checked
Microsoft 365 services
Notify users in Office 365 service with a policy tipChecked
Email notificationsNotify these people
- The person who sent, shared, or last modified the contentChecked
- Owner of the SharePoint site or OneDrive accountChecked
- Owner of the SharePoint or OneDrive contentChecked
Attach matching email message to the notificationChecked
Customize the policy tip textNot checked
Show the policy tip as a dialog for the end user before sendNot checked
Provide a compliance URL for the end user to learn more about your organization’s policiesNot checked
User overrides
ItemValue
Allow overrides from M365 servicesNot checked
Incident reports
ItemValue
Use this severity level in admin alerts and reportsHigh
Send an alert to admins when a rule match occursOn
Send email alerts to these people
Collect original file as evidence for all selected file activities on EndpointNot checked
Send alertSend alert every time an activity matches the rule
Use email incident reports to notify you when a policy matchesOn
Send notifications to these peopleSiteAdmin
You can also include the following information in the report:
The name of the person who last modified the contentChecked
The types of sensitive content that matched the ruleChecked
The rule’s severity levelChecked
The content that matched the rule, including the surrounding textChecked
The item containing the content that matched the ruleChecked
Additional options
ItemValue
If there’s a match for this rule, stop processing additional DLP policies and rulesNot checked
Priority1

Policy mode

ItemValue
Policy modeTurn the policy on immediately

Security & Governance

  • None identified

Design

  • None identified

Configuration

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra