惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
The GitHub Blog
The GitHub Blog
T
Threatpost
人人都是产品经理
人人都是产品经理
大猫的无限游戏
大猫的无限游戏
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - Franky
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell
M
MIT News - Artificial intelligence
小众软件
小众软件
Hugging Face - Blog
Hugging Face - Blog
云风的 BLOG
云风的 BLOG
S
Security Affairs
P
Proofpoint News Feed
L
LINUX DO - 最新话题
宝玉的分享
宝玉的分享
S
Security @ Cisco Blogs
H
Hacker News: Front Page
Security Archives - TechRepublic
Security Archives - TechRepublic
Vercel News
Vercel News
Engineering at Meta
Engineering at Meta
Know Your Adversary
Know Your Adversary
Y
Y Combinator Blog
美团技术团队
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
月光博客
月光博客
量子位
博客园_首页
The Last Watchdog
The Last Watchdog
D
DataBreaches.Net
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Privacy International News Feed
The Register - Security
The Register - Security
Schneier on Security
Schneier on Security
H
Help Net Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
V
Visual Studio Blog
Google DeepMind News
Google DeepMind News
F
Full Disclosure
C
Cyber Attacks, Cyber Crime and Cyber Security
MyScale Blog
MyScale Blog
aimingoo的专栏
aimingoo的专栏
S
Schneier on Security
L
Lohrmann on Cybersecurity
S
Secure Thoughts
Stack Overflow Blog
Stack Overflow Blog
Cloudbric
Cloudbric
Microsoft Security Blog
Microsoft Security Blog

rss.livelink.threads-in-node

Probably has less bugs than windows 11 | Microsoft Community Hub Windows 10 won't prompt for Windows 11 update Quick question about window PC requirements for meta link cable? Is it possible to run ryujinx canary on an administrator account on windows? Why Windows 11 still depends on 1990s code iphone auf pc spiegeln windows 11 – Welche Methode funktioniert zuverlässig? CHERIoT-Ibex: Closing the door on memory safety vulnerabilities with hardware-enforced protection Known issue: Upgrading Microsoft Tunnel version 20260129.1 What's New in Microsoft Entra: May 2026 Carta de validación TSP (aka.ms/TSP_Achievement_Code_Enroll...) restricted across all accounts unable to enroll Class Admin Build observability for scalable AI apps and agents selling through Microsoft Marketplace Inspektor Gadget Completes Its First Independent Security Audit Retirement of Direct Exchange ActiveSync Certificate-Based Authentication by End of 2026 Export mixed text and tabular Excel to PDF Safely Migrating Terraform Managed Disks on Azure Using Stable Keys and Copilot Microsoft 365 & Power Platform Community call Microsoft 365 & Power Platform product updates call Course Retirement Announcement: AI-3022 The End is Nigh for DES and an Update for hunting down RC4 Unable to Access Scheduling Poll Options Title Plan Update - May 8, 2026 Secure Medallion Architecture Pattern on Azure Databricks (Part II) From Observability to Action: Building an AI-Powered AIOps Agent for Customer-Specific Operations General Availability of Mailbox Import and Export Microsoft Graph APIs Why External Participants Can—or Can’t—Join a Microsoft Teams Meeting CRITICAL: Data Loss on Build 26200.8328 - AI Storage Sense deleted 160+ apps with 870GB free space. Why is everyone hating on Windows 11? I was pissed at the Windows 11 context menu so I built this. Windows 11 Shows ASUS LOGO but then goes dark for 5 minutes Windows 11 causes discrete graphics cards to be locked at their base clock speed when idle In Windows 11 Insider Preview 26300.8346, the Start button is offset to the left and misaligned The Windows 10 update failed, so I'm planning to switch to Windows 11 Using the Microsoft Graph PowerShell SDK to Update User Profiles Someone please help me - Windows Insider Program How to Reduce No-Shows for WooCommerce Appointments Windows 11 Insider Program Download Update Beta Channel stuck at 99% How to transfer photos from iphone to pc on Windows 11 without itunes Windows 11 Dell Laptop Latitude 5500 New PC won’t boot up windows 11 Fresh Windows Install – Driver/Service Advice for G14 (2021 R9 5900HS + RTX 3050 Ti) AD Recycle Bin – “The specified value already exists” but Recycle Bin is non‑functional Why deleting files does not free up space on mac How to delete or clear cache on macbook air automatically Announcing Microsoft Host Integration Server 2028: Modern connectivity for IBM Mainframes Midranges From Test Cases to Trust: Elevating Enterprise Quality with GitHub Copilot Bootfähigen usb stick erstellen am mac für Windows 11? My modpack has this error and I can't find the cause Where is the option to attach file for parent Income Statement Form? Watching streamers with 2k resolution enabled makes my PC lag Update Your Exchange SE Hybrid On-premises Rich Coexistence to Graph Partner Blog | Unlock the cloud benefits in your partner benefits package with a streamlined activation experience Turn your Azure commitments into smarter cloud investments with Microsoft Marketplace Drive stronger Microsoft alignment and unlock co-sell growth at Ultimate Partner LIVE RECAP: Microsoft Elevate Partner Community Monthly Call - May 2026 Public Preview: Migrate your regional virtual machines to availability zones Security Dashboard for AI: 3 Ways CISOs Drive Impact Today PLANNER WILL NOT PUBLISH THE SCHEDULES FOR MY PLANS, BY CREATING AN iCALENDAR LINK....HELP | Microsoft Community Hub Firm AI for professional services: governed, agentic workflows built on Microsoft Azure Azure Incident Retrospective - Please register! Session 2 - Tracking ID: 5GP8-W0G Azure Incident Retrospective - Please register! Session 1 - Tracking ID: 5GP8-W0G Autoruns, ProcDump, ZoomIt, DebugView, NotMyFault, ProcExp, Procmon, and Linux tools Edge Canary not auto updating? Edge Dev on Windows - Tab sync not working Available today: GPT-5.5 Instant in Microsoft 365 Copilot Introducing the Azure Resource Manager MCP Server! Defender Threat & Vulnerability Management Reporting A New Chapter for Realtime AI: Reasoning, Translation, and Real-Time Transcription Plan a fun Family Wellness Month with Copilot Released: May 2026 Exchange Server Hotfix Update Service Bus SBMP Retirement: What BizTalk Server 2020 Customers Need to Know Azure Incident Retrospective Please register for one of the 2 sessions below! Planner Agent brings work management directly into Microsoft 365 Copilot Local account and MS account Cannot reset account password Announcing Windows Admin Center: Virtualization Mode Public Preview 2! Azure RBAC Custom Role Best Practices or Common Build Patterns Pivot Table Data Centering How to design production-ready AI architectures for apps and agents on Microsoft Marketplace Troubleshoot with OpenTelemetry in Azure Monitor - Public Preview Secure, Keyless Application Access with Managed Identities - Now GA in Azure Files SMB Help shape the Microsoft 365 Copilot community experience — your input matters Microsoft 365 Security Best Practices for Enterprises Running multimedia AI models on Container Apps with Serverless GPU (A100 & T4) SharePoint List Migration to new Tenant Windows 11: Task Manager: Background Processes: Stop Unnecessary Ones from Starting Automatically MVP Enthusiast Effective, engaging events in communities and storylines Change Optics Report released into Public Preview to showcase messages impacted by future changes RECAP: Microsoft Elevate Partner Community Monthly Call - April 2026 | Microsoft Community Hub Networking in Windows Server 2025 - Windows Server Summit Want to get more out of Microsoft Copilot Chat without adding another tool—or cost—to your stack? Announcing Public Preview: Security Copilot’s Email Summary in Microsoft Defender Copilot Chat in financial services: Is productivity moving faster than policy? How manufacturers can scale AI from pilot to production with Microsoft Marketplace SSO for a Python Teams Bot (M365 Agents SDK + FastAPI) — Single-Tenant, Multi-Tenant, and UAMI | Microsoft Community Hub Advice required for temp / agency staff | Microsoft Community Hub 'You've tried to sign in too many times with incorrect account/password' | Microsoft Community Hub When will Windows 11 natively support Auracast broadcasting? | Microsoft Community Hub Authenticator | Microsoft Community Hub
Detecting Plain‑Text Password Exposure Using Custom Regex in Microsoft Purview
samsul_ahame · 2026-04-21 · via rss.livelink.threads-in-node
Strong authentication controls like MFA significantly reduce account compromise — but they don’t eliminate the risk of password exposure. In many organizations, users still interact with legacy systems, third‑party tools, or service accounts that rely on password‑only authentication. When those credentials are shared or stored in plain text — whether accidentally or out of convenience — they introduce a serious security risk. Microsoft Purview helps organizations identify and protect sensitive information using Sensitive Information Types (SITs). While built‑in detections provide a solid foundation, certain scenarios benefit from organization‑specific context and policy‑driven patterns. This post walks through how to extend password detection using a custom regex pattern — allowing you to identify strong passwords stored in plain text and respond before exposure turns into an incident. The Challenge: Passwords Still Appear in Everyday Content Despite user awareness training and improved security posture, passwords still surface in places like: Emails shared for “quick access” Documents stored in collaboration sites Notes created during troubleshooting Spreadsheets used for credential tracking Even a single exposed password — especially for non‑MFA‑protected systems — can lead to unauthorized access or data leakage. Extending Password Detection to Align with Organizational Policies Microsoft Purview includes built‑in patterns to detect generic password formats. These offer a strong baseline and are effective for broad protection scenarios. However, many organizations define specific password standards and want detection logic that reflects how passwords are referenced according to their organization policy. For example: Enforcing minimum and maximum password length Requiring complexity (letters, digits, special characters) Detecting passwords only when explicitly referenced, such as near the word password Reducing false positives from random strong strings (API keys, hashes, tokens) In these cases, custom regex‑based Sensitive Information Types allow organizations to build on existing protection and apply targeted, high‑confidence detection. Detection Requirements for This Scenario In this example, we want to identify passwords that meet all of the following criteria: ✔ Minimum length: 10 characters ✔ Maximum length: 20 characters ✔ Must contain: At least one alphabet character At least one digit At least one special character ✔ Must appear in close proximity (within 2 characters) to a keyword such as: password pwd passcode This ensures we’re detecting intentional password disclosures, not unrelated strong strings. In this scenario, the detection logic is intentionally split across three components: Primary element – Detects password length and structure First supporting element – Validates password complexity rules Second supporting element (keywords) – Adds human context using proximity This structured design ensures that detection aligns closely with real‑world password disclosure patterns. Detection Architecture Overview Component Purpose Primary Element Identifies candidate password strings Supporting Element (Complexity) Confirms password strength Supporting Element (Keywords) Confirms contextual intent Primary Element: Password Length Identification The primary element focuses purely on identifying potential password strings based on length. Regex Pattern \S{10,20} What this enforces No whitespace characters Minimum length: 10 characters Maximum length: 20 characters Proximity Configuration Distance between Primary and Supporting Element: 1 character This ensures that the supporting complexity patterns evaluate directly against the same string, rather than unrelated values nearby. First Supporting Element: Password Complexity Validation The first supporting element ensures that the detected string meets organizational password complexity requirements. All the following patterns are grouped within the same supporting element, and no internal proximity is configured (as they evaluate the same primary value). Complexity Patterns Included Requirement Regex Pattern At least one uppercase letter [A-Z] At least one lowercase letter [a-z] At least one digit [0-9] Allowed character set [A-Za-z0-9!@#$%^&*()_+\-=]{10,} At least one special character [!@#$%&*+=]   This approach avoids relying on a single large regex, making the detection more readable, maintainable, and auditable. Second Supporting Element: Keyword Context (Human Intent) To further improve accuracy, a second supporting element is used to ensure the password appears in a meaningful, human context. Keyword List (Case‑Insensitive) credential password pwd pswd Keywords are configured in case‑insensitive mode to match variations such as Password, PWD, or Pswd. (You can change the keyword and Proximity Character as per the need) Proximity Configuration Proximity value: 30 characters Why 30 Characters? This value accounts for: Maximum keyword length: 10 characters Maximum password length: 20 characters This ensures the keyword and password must appear within the same meaningful sentence or fragment, for example: Password: P@ssW0rd123! credential=Adm1n#Secure pwd -> Qwerty@2024! It avoids triggering on: RandomStrongString123! API_KEY = A9$kLmZpQw How This Comes Together in Microsoft Purview When implemented as a custom Sensitive Information Type: The primary element detects candidate passwords The first supporting element confirms password strength The second supporting element confirms user intent via keywords Proximity rules ensure all components relate to the same disclosure This SIT can then be used across: Data Loss Prevention (DLP) Endpoint DLP Auto‑labelling Email and collaboration workload protection Why This Design Is Effective This structured approach allows organizations to: Detect real password disclosures with high confidence Align detection with internal password policy Reduce false positives from random strong strings Apply protection consistently across Microsoft 365 workloads Maintain a clean, auditable detection design Most importantly, it extends Microsoft Purview’s native capabilities without changing the underlying security model. Final Takeaway Even in environments with strong authentication controls, password exposure remains a real risk — especially for legacy and third‑party systems. By combining length validation, complexity enforcement, and contextual keyword proximity, Microsoft Purview enables precise and scalable password detection, helping organizations identify and protect sensitive credentials before they are misused.