My organization is new to 365 & has licensed EHE & Intune.
Among other confidential data we need to encrypt HIPAA PHI
I had expected a level of maturity equal to other tools where very detailed rule engines
exist for common compliance needs like HIPAA.
So far Hosted Exchange seems a bits a bit old school, roll your own.
The DLP US HIPAA Policy has a rule to block sensitive data but only gets perfectly formed SSN with dashes and apparently does not scan the subject or attachments. So we have created several custom rules.
Our rule blocking attachment containing SSNs is using .
\d\d\d(\s|.|-)\d\d(\s|.|-)\d\d\d\d\s and \d\d\d\d\d\d\d\d\d\s
However this does not hit a SSN in a .docx.
Suggestions please. Thank You.