Recently I was made aware of a change that Microsoft made with regards to the DLP Fingerprinting function that is present in Exchange Online. If you use the DLP part of Exchange online and rely on DLP Fingerprinting, you may have already noticed. The short of it is that the GUI side of DLP Fingerprints has been disabled. In order for you to add new DLP Fingerprints, you need to use PowerShell. If you use the UI an error will appear:
The question here is why is this not working? Why would this have been removed? It is part of Microsoft’s larger plan to move certain functionality (DLP, tags, etc.) to the Security and Compliance Center (SCC) to provide a more unified experience for all workloads:
However, in this case, I believe they jumped the gun a bit as there is no UI interface for the DLP Fingerprints in the SCC. Hopefully this will be corrected quickly.
Fingerprints were something that had been noticeably missing since the SCC and DLP combination appeared. For now, PowerShell is your only way to work with DLP Fingerprints for Exchange Online. Notice that it isn’t as intuitive yet either as they cmdlets Microsoft recommends are based on the ‘DLPSensitiveInformationTypes’ noun. However, reviewing the help for the New-DLPSensitiveInformationTypes, there is a reference to another needed cmdlet called ‘New-DLPFingerprint’:
So keep in mind that you will need to construct the fingerprint and then add it into the sensitive information types, similar to how you would in the UI for Exchange.
A blog about PowerShell! … and Office 365
