Microsoft Purview compliance portal: Optical character recognition (OCR) support for SharePoint Online and OneDrive for Business

🚨 The Signal: Microsoft Purview now uses Optical Character Recognition (OCR) to detect sensitive data within images and image-only PDFs stored in SharePoint Online and OneDrive. This enhances Data Loss Prevention (DLP) policies, preventing exfiltration of sensitive information embedded in visual content.

The Impact

Security teams and data owners are affected by enhanced data loss prevention, reducing the risk of sensitive data exposure via images.

• Security Teams: Reduced risk of data exfiltration from image content.
• Data Owners: Improved protection for sensitive information in visual formats.
• Compliance Officers: Enhanced ability to meet data protection regulatory requirements.
• End Users: Potential blocks on sharing images containing sensitive data.

The Action

1. Review existing Microsoft Purview DLP policies for SharePoint Online and OneDrive.
2. Evaluate if current policies adequately cover image-based sensitive information.
3. Consider creating new DLP policies or modifying existing ones to leverage OCR capabilities.
4. Test DLP policy effectiveness with various image file types containing sensitive data.
5. Communicate new DLP capabilities to data owners and end-users.

Impact: high · Workload: Microsoft Purview