Introduction
I often hear from people how Microsoft Purview can seem incredibly complicated, which leads many organisations to hesitate in implementing it. There's often a fear that making changes to the way data is processed and protected will disrupt workflows or upset employees. This hesitation can make it hard to get management buy-in, and as a result, the benefits of Purview often get overlooked. With that in mind, I decided to write this blog post to help demystify Microsoft Purview and its suite of products. The truth is, when you take the time to explore them, they’re not as daunting as they may seem at first glance. In fact, they’re absolutely crucial in today’s world, where data breaches and AI-driven threats are increasingly common. So, let’s dive in and explore how these tools can be a game-changer for securing and governing your data, without all the fear and complexity with this guide to Microsoft Purview products and features.
Table of contents
Data Lifecycle Management DSPM (Data Security Posture Management) DSPM for AI Data Loss Prevention Compliance Manager Audit
Guide to Microsoft Purview products and features
Microsoft Purview
Tech Talk:
Microsoft Purview is a unified data governance and compliance platform designed to help organisations manage, protect, and govern their data across Microsoft 365 and other cloud environments. It provides a comprehensive suite of tools for compliance, data protection, and governance.
Real Talk:
Microsoft Purview is like a set of tools that helps companies keep track of and protect their data. It ensures that data is organised, secure, and compliant with regulations.
It integrates seamlessly with both Microsoft and third-party solutions to provide a robust data governance and protection framework. For instance, when integrated with Microsoft Defender for Cloud Apps, it enables advanced scenarios such as blocking the download of highly sensitive files (e.g., labelled as "Highly Confidential") on non-corporate devices.
Examples of Application:
How it works: You can use Microsoft Purview to monitor and protect sensitive data stored across emails, files, SharePoint, Teams, and other Microsoft 365 services.
Policies: You can create compliance and governance policies such as data retention, audit logs, and data loss prevention policies.
Scenarios: A company may use Microsoft Purview to ensure that employees are following data retention policies and to prevent any confidential data from being shared outside the organisation.
Summary:
Microsoft Purview acts as the umbrella solution for all data governance and compliance tools. It integrates all of the tools and policies like information protection, data lifecycle management, DLP, eDiscovery, and more into a centralised platform.
In short, Microsoft Purview helps you locate where your sensitive data resides, apply digital labels to protect it, and prevent accidental oversharing or data leaks. It safeguards against insider risks and ensures tools like Microsoft 365 Copilot or other generative AI systems do not access sensitive information that users aren’t authorised to see, giving you complete control over your data and its accessibility.
The below image (Figure 1) illustrates Microsoft Purview products and solutions.
Microsoft Information Protection
Tech Talk:
Microsoft Information Protection (MIP) is a set of capabilities within Microsoft Purview designed to classify, label, and protect data based on its sensitivity. It ensures that data is secure whether it’s at rest, in transit, or in use.
Real Talk:
Microsoft Information Protection enables you to safeguard sensitive data through features like sensitivity labels and a wide range of classifiers, with hundreds available out of the box. Sensitivity labels act like digital "Top Secret" or "Confidential" stamps, helping you classify and protect files in the digital realm. For example, in a physical workplace, the finance department might have a locked office, a secure closet, and locked cabinets accessible only to specific individuals handling payroll or financial data. Similarly, in the digital world, sensitivity labels can restrict access to confidential files uploaded to platforms like SharePoint, ensuring only authorised users can access sensitive information. Without these measures, tools like Microsoft 365 Copilot might inadvertently expose private data, as they operate based on the user’s permissions. MIP ensures sensitive data is properly labelled and protected, even in the age of AI.
Examples of Application:
How it works: When a document is created, MIP can automatically label it as “Confidential” based on its content. It can also apply encryption or restrict access to specific users.
Policies: Policies such as auto-labelling documents as "Confidential" or "Internal", restricting access to sensitive emails, or encrypting documents that contain personal data.
Scenarios: A legal department may use MIP to ensure contracts are labelled as "Confidential" to prevent accidental sharing of sensitive legal content.
Summary:
MIP plays a critical role in ensuring that the data stored or transmitted within an organisation is classified and secured based on its sensitivity level. It integrates with Microsoft Purview and other solutions for broader compliance and governance.
***
Insider Risk Management
Tech Talk:
Insider Risk Management in Microsoft Purview helps detect, investigate, and respond to potential risks posed by employees or other internal users who might intentionally or unintentionally cause harm to the organisation by mishandling sensitive data.
Real Talk:
Insider Risk Management helps identify and mitigate potential risks from within the organisation, particularly from users with access to sensitive data. For example, if an employee resigns and starts syncing their entire OneDrive or SharePoint library to their local machine or copying data to a USB drive, this behaviour could indicate an attempt to take corporate data. Similarly, a sudden surge in sending hundreds of emails with sensitive attachments to personal accounts may signal malicious intent. Insider Risk Management detects such suspicious activities, sends alerts, and helps prevent data theft or leaks, ensuring the organisation’s sensitive information remains protected.
Examples of Application:
How it works: It uses machine learning to detect risky behaviour, like downloading a large number of files or accessing sensitive data they don’t normally use.
Policies: Policies such as flagging any user who downloads an unusually high number of files in a short time or sends too many emails with sensitive data.
Scenarios: If an employee is suspected of leaking sensitive customer data, Insider Risk Management can help flag and investigate their actions.
Summary:
This tool ties into Microsoft Purview’s overall data security strategy, allowing organisations to manage risks posed by internal actors while aligning with broader compliance and governance goals.
***
Communication Compliance
Tech Talk:
Communication Compliance is a Microsoft Purview tool designed to help organisations monitor and manage employee communications (emails, chats, and documents) for compliance with regulations, policies, and company standards.
Real Talk:
It helps businesses make sure employees are following the rules when communicating, whether through email, Teams, or other platforms, by flagging inappropriate or non-compliant messages.
In addition, Communication Compliance now includes a new policy template that helps monitor how your employees interact with generative AI tools like Microsoft 365 Copilot. In simple terms, it allows you to track two things:
Risky prompts: If someone types something sensitive (like confidential company information) into tools like Copilot, it can flag this as a potential risk.
Sensitive responses: It also checks whether Copilot or similar AI tools reply with sensitive or confidential information, such as quoting or linking to protected files.
This feature ensures your company can identify and prevent inappropriate or risky sharing of confidential data through AI tools, helping you stay in control of sensitive information.
Examples of Application:
How it works: You can set up policies to monitor certain phrases or topics (e.g., harassment or inappropriate language) within emails or chats.
Policies: Policies for flagging or archiving emails that contain inappropriate language or terms, or preventing employees from sharing sensitive data.
Scenarios: A company in the healthcare industry could use this to ensure that employees are not discussing patient information over email in violation of HIPAA regulations.
Summary:
Communication Compliance enhances the monitoring capabilities within Microsoft Purview, providing compliance teams with an effective way to manage communication risks across the organisation.
***
Information Barriers
Tech Talk:
Information Barriers (IB) in Microsoft Purview help prevent data sharing between certain groups or individuals in an organisation to avoid conflicts of interest, such as between a sales team and a legal team.
Real Talk:
It sets up virtual walls inside the company to ensure that sensitive information doesn’t leak between departments that shouldn’t share certain data.
This is especially useful in industries where keeping information separate is important to avoid conflicts or protect sensitive data.
When IB policies are set up:
People who shouldn’t talk to each other or share files won’t be able to find, message, call, or collaborate with each other in Microsoft Teams, SharePoint, or OneDrive.
These restrictions are automatic and ensure no unauthorised communication or file sharing happens between specific groups or individuals.
Here are some examples of how IB policies work:
Teachers in one school can’t communicate or share files with students in a different school in the same district.
Finance employees working on confidential information can’t share it with other groups in the company.
A team handling trade secrets can’t call or message other teams that don’t need access to that information.
IB ensures sensitive data stays with the right people and prevents unwanted communication or sharing.
Examples of Application:
How it works: You can restrict communication between certain departments, like the legal team and the marketing team, so they don’t accidentally share sensitive information.
Policies: Policies to block Teams chat or sharing of files between specific groups within the company.
Scenarios: A financial services firm might use Information Barriers to prevent analysts from sharing investment strategies with salespeople.
Summary:
Information Barriers is an essential part of data governance within Microsoft Purview, ensuring that sensitive data does not flow between departments or teams that could lead to conflicts of interest.
***
Data Lifecycle Management
Tech Talk:
Data Lifecycle Management (DLM) is a Microsoft Purview solution that helps organisations define policies for the management and retention of data from creation to deletion based on its value and compliance requirements.
Real Talk:
Data Lifecycle Management helps you manage and clean up your organisation's data automatically. For example:
If some of your users keep running out of mailbox storage because they don’t delete emails, DLM can automatically empty their "Deleted Items" folder every so often.
If you don’t want to keep stale data (e.g., emails or documents older than 7 years), DLM can automatically delete it.
For important data, like emails in management mailboxes, DLM can require a disposition review, where someone confirms it’s okay to delete the data before it’s permanently removed.
You can also make exceptions for specific data, like contacts, calendar items, or notes, ensuring these are kept indefinitely and don’t follow your regular retention rules.
In short, DLM helps you save storage space, keep your data organised, and ensure you only retain what’s necessary.
Examples of Application:
How it works: You can set a policy that ensures emails older than five years are archived, while files containing sensitive personal data are deleted after three years.
Policies: Policies for retaining certain types of data for a set period, automatically archiving or deleting old data, and flagging outdated files.
Scenarios: A company in the legal industry may use this to retain contracts for seven years and then automatically archive them for compliance.
Summary:
Data Lifecycle Management ensures that organisations can manage data efficiently and comply with retention and deletion policies, working seamlessly within Microsoft Purview.
***
DSPM (Data Security Posture Management)
Tech Talk:
DSPM is a tool for assessing and managing the security posture of an organisation’s data, helping to identify sensitive data vulnerabilities and implement protections based on security standards.
Real Talk:
It’s like a security audit for your data, making sure your sensitive information is protected from potential threats and vulnerabilities.
DSPM helps you identify and fix security risks related to your sensitive data. Once enabled, it scans your organisation’s data and generates a detailed report showing where unprotected sensitive information is stored, how it’s being used, and what risks it faces. It also provides recommendations on how to address these risks by combining insights from tools like Data Loss Prevention, Insider Risk Management, and Information Protection.
Examples of Application:
How it works: DSPM continuously monitors data access and security measures, alerting you to any potential data breaches.
Policies: Policies for restricting access to sensitive data or encrypting data in transit to ensure security.
Scenarios: A financial institution may use DSPM to ensure that customer account information is encrypted and only accessible by authorised personnel.
Summary:
DSPM complements Microsoft Purview’s compliance features by actively monitoring the security and protection of sensitive data, ensuring that data protection measures are in place.
***
DSPM for AI
Tech Talk:
DSPM for AI (previously AI Hub), involves implementing data security posture management practices specifically designed for AI models and algorithms, ensuring that AI systems access and process data in a secure and compliant manner.
Real Talk:
DSPM for AI helps you securely use AI tools like Microsoft 365 Copilot, other Microsoft copilots, and even third-party AI apps like ChatGPT Enterprise. It provides:
Insights and reports: Clear visuals and analytics on how AI is being used in your organisation.
Protection policies: One-click policies to prevent sensitive data from being shared in AI prompts or responses.
Data Assessments (preview): Tools to identify and fix risks related to data oversharing, such as AI apps accessing sensitive information.
Activity explorer: A dedicated tool where you can review AI interactions, including the prompts users have entered and how AI responded, to identify risky behaviour.
It includes features to monitor risky AI interactions, ensure compliance with regulations, and prevent AI tools from summarising or exposing labelled sensitive data. For example, if someone asks Microsoft 365 Copilot about confidential information, DSPM policies can block this interaction.
DSPM for AI helps organisations adopt AI safely without compromising data security or compliance. It’s especially useful for managing risks like oversharing sensitive data, monitoring AI usage, and ensuring regulatory compliance while using AI-powered tools.
Examples of Application:
How it works: Ensuring that any personal data used in AI models is anonymised or encrypted.
Policies: Policies around data access controls for AI algorithms, such as limiting which data sets AI systems can access.
Scenarios: A healthcare provider may use DSPM for AI to ensure that patient data used for predictive analytics is protected.
Summary:
DSPM for AI ensures that the use of data in AI models within Microsoft Purview is both secure and compliant with privacy regulations.
***
Data Loss Prevention
Tech Talk:
Data Loss Prevention (DLP) is a technology within Microsoft Purview that identifies, monitors, and protects sensitive data from being shared or leaked outside an organisation without permission.
Real Talk:
DLP helps reduce the risk of accidental data oversharing, acknowledging that human error is inevitable. For instance, if an employee accidentally emails corporate data meant for internal use to an external recipient, DLP policies tied to sensitivity labels can block such sharing. You can also leverage out-of-the-box sensitive information types to prevent common mistakes, like storing or sharing plain-text passwords with unauthorised individuals, both inside and outside the organisation. With DLP in place, you ensure that sensitive data stays secure and doesn’t end up in the wrong hands, even due to human error.
Examples of Application:
How it works: DLP can flag or block emails containing credit card numbers, social security numbers, or other sensitive data.
Policies: Policies to block attachments containing sensitive data, or prevent files from being shared to external recipients.
Scenarios: A legal team could use DLP to ensure that confidential client information isn’t shared via email.
Summary:
DLP is one of the core features within Microsoft Purview, helping organisations prevent unauthorised data sharing and ensuring compliance with data privacy regulations.
***
Compliance Manager
Tech Talk:
Compliance Manager is a Microsoft Purview solution that provides a centralised interface for managing compliance activities, offering templates and workflows for adhering to regulations like GDPR, HIPAA, and others.
Real Talk:
Compliance Manager helps companies ensure that they are following the laws and regulations that apply to their industry by providing tools to track compliance efforts.
It provides:
Assessments: These track how well your organisation is meeting specific regulations or standards, like GDPR or ISO certifications.
Guidance: Offers step-by-step recommendations and tasks to improve compliance.
Templates: Pre-built templates tailored to various regulations to help you meet industry standards efficiently.
Common use case: If your organisation is preparing for an audit or trying to achieve an ISO standard, Compliance Manager can show you how ready you are by using an assessment. It highlights gaps, tracks progress, and ensures you’re on the right path to meeting those compliance requirements. It’s also a helpful tool to provide evidence and documentation during an audit.
Examples of Application:
How it works: Compliance Manager includes pre-configured templates for regulations like GDPR, enabling organisations to perform compliance assessments.
Policies: Policies for compliance tracking, audit logging, and regulatory reporting.
Scenarios: A company that handles personal data in Europe can use Compliance Manager to track GDPR compliance.
Summary:
Compliance Manager helps organisations track and manage compliance requirements, integrating smoothly with other Microsoft Purview features for a holistic compliance strategy.
***
Audit
Tech Talk:
Audit within Microsoft Purview allows for tracking and logging of user activities across Microsoft 365 services, enabling organisations to investigate suspicious behaviour and maintain compliance.
Real Talk:
Audit helps organisations keep track of everything users are doing within the system, making sure all activities are logged and can be reviewed for compliance or security purposes. In short, it records all activities within your organisation’s Microsoft 365 tenant. It shows who did what, when, and where.
Common use case: If a document gets deleted, Audit can help identify who deleted it and when. Or, if sensitive data is accessed, it can track who accessed it and from where, providing crucial insights for investigations.
Examples of Application:
How it works: You can use audit logs to track who accessed a document, when it was accessed, and what changes were made.
Policies: Audit policies for tracking sensitive document access or employee actions during investigations.
Scenarios: If an employee is suspected of deleting important files, the audit logs can show who accessed the file and when.
Summary:
Audit integrates with Microsoft Purview’s security and compliance tools to offer a comprehensive view of all user activities across the organisation.
***
eDiscovery
Tech Talk:
eDiscovery in Microsoft Purview is a process for identifying, collecting, and exporting data relevant to legal investigations, regulatory compliance, or litigation.
Real Talk:
eDiscovery is a tool that helps companies find and retrieve important emails, documents, or other data when they are involved in a legal case or investigation.
However, it’s not just for complex legal scenarios - it can be used for simpler tasks as well.
Common use cases:
Search for emails or messages exchanged between two employees for HR or compliance reviews.
Export someone’s mailbox to a .pst file when they leave the company.
Conduct more complex searches and manage legal holds for large investigations.
Examples of Application:
How it works: You can search for emails, files, or chat messages based on specific keywords, dates, or participants involved.
Policies: You can set policies to retain or archive certain data during a legal hold.
Scenarios: A company involved in litigation may use eDiscovery to collect emails relevant to the case.
Summary:
eDiscovery allows organisations to efficiently manage legal investigations within the broader compliance framework of Microsoft Purview.
***
Records Management
Tech Talk:
Records Management within Microsoft Purview allows organisations to define retention policies for records, ensuring that records are retained for the required amount of time and properly disposed of once they are no longer needed.
Real Talk:
It helps organisations manage important records (like contracts or financial documents) by setting rules for how long they need to be kept and when they should be deleted.
Records Management is similar to Data Lifecycle Management but focuses on managing legal or business-critical data. For example:
If you need to prove to an external vendor or a court how you handle data after a specific period (e.g., when it’s deleted or disposed of), Records Management ensures you can provide evidence.
It ensures your organisation complies with regulations, like keeping business-critical records for the required time and securely disposing of items no longer needed.
In simple terms, while DLM is about keeping data clean and organised, Records Management ensures you can prove how you manage important records to meet legal, regulatory, or business requirements.
Examples of Application:
How it works: You can set retention policies for different types of documents, like keeping contracts for 7 years and deleting them after.
Policies: Retention and deletion policies for different types of records across the organisation.
Scenarios: An accounting department may use records management to ensure financial statements are kept for 7 years.
Summary:
Records Management ensures that essential data is kept for as long as necessary for legal or business purposes and discarded once no longer needed.
***
Unified Catalog
Tech Talk:
Unified Catalog within Microsoft Purview is a centralised repository for data assets across the organisation, providing visibility, classification, and governance for both structured and unstructured data.
Real Talk:
The Unified Catalog is like a big inventory list of all the data across the organisation, helping everyone know where it is, what it contains, and how to protect it.
The Unified Catalog in Microsoft Purview helps you manage and govern data stored across your cloud platforms, just like how Purview organises emails and files in SharePoint or OneDrive. But this is for other cloud repositories and third-party storage systems.
Common use cases:
Manage and govern data in platforms like Azure Data Lakehouse, Azure SQL, Microsoft Fabric, AWS, or other cloud services.
Ensure consistent data protection and compliance rules across all your data, not just within Microsoft 365.
It provides a central view to control and protect your data, no matter where it’s stored.
Examples of Application:
How it works: It can list all data sources across your organisation, such as files, databases, or cloud services, and provide metadata and classifications for each.
Policies: Catalog policies that define who can access certain data sets or how data should be classified.
Scenarios: A data scientist could use the catalog to find datasets while ensuring they comply with data privacy standards.
Summary:
The Unified Catalog provides a comprehensive inventory of all organisational data, helping you maintain a holistic view of your data governance and compliance efforts within Microsoft Purview.
Thanks for sharing this article ! Very helpful for beginners.
Thank you for sharing these Microsoft Purview articles! The language is clear and the content is pure insights!
Great write up as always! I'd love to see a separate article on Insider Risk Management because at the moment it seems very noisy, for me anyway.. I'd like to know how other people fine tune it and value its output. As an example I'd like to zone in on people sending mail and attachments to personal email addresses, but I don't see a way to focus a policy exclusively on that activity. Or maybe I just need to approach it with a different mindset.