Email SIT Finder Update: All Credentials Bundled Entity

Matthew Silcox

28 Oct 2025 — 2 min read

Found this nugget buried in the Purview Blueprints Github repo. Figured I'd take a crack at integrating credential SITs into my EXO SIT Finder. The "All Credentials" Bundled SIT is multitudinous and complex, as you can see in the linked Learn Doc below. Current SITs being scanned via the script are:

→U.S. SSN

→Credit Card Number

→U.S. Bank Account

→GitHub PAT

→Google API Key

→Slack Token

→Azure Storage SAS

→Azure Storage Account Key

→JWT Bearer Token

→Azure SQL Connection String

→Generic Client Secret / API Key

→General Password

False positives were of course a big concern of mine with this particular update; however, confidence scoring helps with that, and decoupling the deletion script from the reporting script allows you to report on alleged matches without the risk of accidental data deletion.

I know some of you have asked for country-specific SITs, and I promise those are coming. Just got a little distracted 👀

Previous blogs on this topic:

GitHub Repo:

Read more

Using Microsoft’s Data Security Stack to Prevent the Next Breach

Using Microsoft’s Data Security Stack to Prevent the Next Breach

AI is transforming industries worldwide, but it’s simultaneously creating one of the largest data risks we've ever seen. According to the Varonis 2025 State of Data Security Report, 95% of healthcare organizations have exposed sensitive cloud data, and 64% have employees using unverified AI tools. The same

Architectural Case Study | Extending Microsoft Purview with Fortra (Digital Guardian) DLP via the MIP SDK

Architectural Case Study | Extending Microsoft Purview with Fortra (Digital Guardian) DLP via the MIP SDK

This post is a continuation of a series. See part 1, here. Most enterprises already live in dual worlds. On one side, Microsoft Purview governs information inside Microsoft 365. But on the other, dedicated DLP platforms like Digital Guardian DLP control endpoints, networks, and file movement. So what's

Uniting Purview and Third-Party Data Security Products

Uniting Purview and Third-Party Data Security Products

As a consultant in the Microsoft Security & Compliance space, you learn that some projects are more like therapy sessions. Half the organization wants to migrate to Microsoft, and the other half, clutching their Varonis or Symantec licenses, waits in the shadows for their "I told you so"

Recap: Finding SITs in Exchange Mail at Rest

I didn't have much of a following when I initially wrote about SIT-search limitations in mailbox data-at-rest. Since then, I've spoken with multiple clients and data security professionals who were under the mistaken impression that Purview could find that data. Since this limitation still exists, and