Step 1 - Problem statement
User1 has the Compliance Administrator role but cannot view the regular expression in the built-in IP Address sensitive info type.
This is expected because:
Microsoft provides a large set of built-in sensitive info types (SITs).
For these built-in SITs, the underlying regular expressions, keywords, or detection logic are not exposed to administrators for security reasons.
As a result, even with Compliance Administrator privileges, User1 cannot directly see or modify the regex in the built-in IP Address SIT.
Step 2 - Microsoft solution
To view or modify the regex:
You must create a copy of the built-in SIT.
Once copied, the new custom SIT allows you to edit and view the regex and supporting elements.
This is the only supported way to customize or examine the detection logic.
# Reference: Create a custom sensitive information type
"You can't directly modify the definitions of built-in sensitive information types, but you can create a copy of an existing SIT and then edit it." Step 3 - Why not the other options?
A). Reviewer role group # Reviewers are for records management/discovery, not SIT regex visibility.
C). Test function # Allows you to test SIT detection but does not reveal the regex.
D). Global Reader role # Read-only access, does not expose regex definitions either.