Working with the RegEx engine
This article provides instructions for using RegEx for pattern matching in Defender for Cloud Apps policies.
Regular expressions in Defender for Cloud Apps
The Microsoft Defender for Cloud Apps content inspection policies use RegEx for pattern matching. Content inspection may be applied as part of file policies.
Testing regular expressions
To test regular expressions, you can use the following websites:
https://regexpal.com/ - Make sure you select Case insensitive.
https://regex101.com/ - Provides detailed analysis of the RegEx.
Limitations of regular expressions in Defender for Cloud Apps
The following limitations are imposed on custom regular expressions:
The search is always case-insensitive
Allowed quantifiers: {n,m} where n, m < 10
All groups must be non-capturing, for example: (?:xxx)
Instead of (group) use (?:group)
Disallowed quantifiers: *, +, {n,}
Instead of * use {0,9}
Instead of + use {1,9}
Disallowed back-references: \<number> or \k<name>
Example expressions
The following table gives you example expressions and if they would match or not.
Regular expression | Data | Matches |
---|---|---|
Colou?r (?:black|blue|white) |
Color black Color white Color red |
Yes Yes No |
[a-z0-9]{1,9}@[a-z0-9]{1,9}\\.[a-z]{2,} |
Some1@abc.com user@host.org @bad.com |
Yes Yes No |
20\d{2}-(?:0[1-9]|1[0-2])-(?:[0-2][0-9]|30|31) |
2015-12-31 2015-01-09 1999-12-31 |
Yes Yes No |
d.n't\s{0,10}c.r. |
Don't care D!n'tcor0 Doesn't care |
Yes Yes No |
Next steps
If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.
Tilbakemeldinger
https://aka.ms/ContentUserFeedback.
Kommer snart: Gjennom 2024 faser vi ut GitHub Issues som tilbakemeldingsmekanisme for innhold, og erstatter det med et nytt system for tilbakemeldinger. Hvis du vil ha mer informasjon, kan du se:Send inn og vis tilbakemelding for