In conversations with customers as Microsoft Ireland’s Security Partner of the Year, we often hear how Microsoft Purview is an overwhelming obstacle on the path to fully deploying Microsoft Security, causing hesitation and a reluctancy to adopt all of its capabilities. There’s a common fear that changes to how data is processed and protected might disrupt workflows or upset employees. This reluctance can make it challenging to gain management approval, and as a result, the advantages of Microsoft Purview are often overlooked.
We’ve compiled this blog post with that in mind, to demystify the tools under the Purview umbrella, and shine a light on the (often, now essential) products that you may already have access to within your Microsoft licence.
In today’s cyber threat landscape, where data breaches and AI-driven threats are on the rise, Purview’s tools can transform your approach to securing and governing data, without the unnecessary complexity.
Microsoft Purview at a Glance
Microsoft Purview is an integrated platform for data governance and compliance, enabling organisations to manage, safeguard, and oversee their data across Microsoft 365 and various cloud environments. It offers a complete set of tools for ensuring compliance, protecting data, and maintaining governance.
Microsoft Purview enables you to identify the location of sensitive data, apply digital labels for protection, and prevent accidental sharing or data breaches. It mitigates insider risks and ensures that tools like Microsoft 365 Copilot or other generative AI systems do not access sensitive information beyond user authorisation, providing you with full control over your data and its accessibility.
Microsoft Purview's Tools - What's Under the Umbrella?
Microsoft Information Protection
Microsoft Information Protection (MIP), a key feature within Microsoft Purview, is designed to classify, label, and secure data based on its sensitivity, ensuring protection whether data is at rest, in transit, or in use.
Through sensitivity labels and classifiers, MIP helps safeguard sensitive data by assigning digital “Top Secret” or “Confidential” labels to files. For example, just as a finance department may restrict access to certain physical files, MIP uses these labels to limit access to confidential data on platforms like SharePoint. Sensitivity labels can protect files stored in SharePoint by controlling actions like reading, editing, or printing when a file is opened, while SharePoint permissions would still dictate whether a user can access the site or library where the file resides.
Without MIP, tools like Microsoft 365 Copilot could unintentionally expose sensitive data, as they operate based on user permissions.
Insider Risk Management
Insider Risk Management helps organisations detect, investigate, and respond to risks posed by internal users who may mishandle sensitive data, either intentionally or unintentionally. It identifies potential threats, such as an employee downloading large amounts of data or sending sensitive files to personal accounts. These activities may signal data theft or leaks, and Insider Risk Management sends alerts to prevent such incidents.
Policies can be set to trigger actions when risky behaviours occur, such as excessive file downloads or the sharing of sensitive data. For example, if an employee is suspected of leaking confidential customer information, the tool helps identify and investigate their actions.
Insider Risk Management is an integral part of Microsoft Purview’s data security strategy. It helps organisations mitigate risks from internal actors, ensuring that sensitive information remains protected, and compliance goals are met.
Communication Compliance
Communication Compliance allows organisations to monitor and manage employee communications across platforms like email, Teams, and documents to ensure compliance with regulations, policies, and company standards. It flags inappropriate or non-compliant messages, helping businesses stay aligned with legal and internal requirements.
A key feature of Communication Compliance is its ability to monitor interactions with generative AI tools, such as Microsoft 365 Copilot. It tracks two key risks: risky prompts, where employees input sensitive information into AI tools, and sensitive responses, where the AI outputs confidential data. This feature helps prevent the inappropriate sharing of sensitive information through AI, offering greater control over company data.
Organisations can set policies to flag specific phrases or topics, such as harassment or inappropriate language, and apply actions like archiving or preventing the sharing of sensitive data. For example, a healthcare organisation might use Communication Compliance to ensure compliance with HIPAA by preventing discussions of patient information over email.
Information Barriers
Information Barriers (IB) prevent data sharing between specific groups or individuals within an organisation to avoid conflicts of interest, such as between legal and sales teams. These virtual walls ensure sensitive information stays secure and separate, particularly in industries where maintaining strict boundaries is essential.
When IB policies are applied, individuals who should not communicate or share data with each other are blocked from finding, messaging, or collaborating via Microsoft Teams, SharePoint, or OneDrive. This automatic restriction prevents unauthorised interactions and data leaks.
IB policies are particularly useful for industries like finance and legal, where confidentiality and conflict avoidance are crucial.
Data Lifecycle Management
Data Lifecycle Management (DLM) within Microsoft Purview helps organisations define policies for managing data from creation to deletion, ensuring compliance and efficient storage.
DLM automates data management tasks that could otherwise become laborious, or potentially forgotten, creating risks, such as:
- Automatically emptying the “Deleted Items” folder if users consistently exceed mailbox storage.
- Deleting outdated data, like emails or documents older than a set period (e.g., 7 years).
- For critical data, like emails in management mailboxes, DLM can require a disposition review before deletion.
- Making exceptions for specific data types, like contacts or calendar items, ensuring they are retained indefinitely.
By automating these processes, DLM helps businesses save storage, reduce clutter, and ensure they retain only necessary data. DLM enables organisations to manage their data efficiently, ensuring compliance with retention and deletion policies while integrating seamlessly into Microsoft Purview’s broader governance framework.
DSPM (Data Security Posture Management)
Microsoft Purview DSPM offers a simple yet powerful way to assess and manage data security across your organisation. By providing prioritised visibility into data security risks, it allows you to focus your efforts on the most critical areas of concern, helping you strengthen your data security measures where they are most needed.
DSPM for AI (Data Security Posture Management for AI)
Microsoft Purview DSPM for AI is a comprehensive solution designed to help organisations secure, govern, and identify risks in their use of AI applications. It offers an array of tools and policies to protect sensitive data while using AI, including ready-to-use policies that prevent data loss in AI prompts. Integrated seamlessly with Microsoft’s broader Purview features like sensitivity labelling, auditing, and data classification, DSPM for AI enables organisations to manage security and compliance across generative AI ecosystems, ensuring that tools like Microsoft 365 Copilot adhere to organisational security policies and regulatory standards.
Data Loss Prevention
Microsoft Purview’s Data Loss Prevention (DLP) is designed to protect sensitive data from being unintentionally shared or leaked outside the organisation. It helps minimise human error, such as when an employee mistakenly emails confidential information to an external recipient. DLP works by using sensitivity labels and predefined information types to block or flag risky actions, like sharing plain-text passwords or sensitive documents.
For example, DLP can:
- Flag or block emails containing sensitive information, such as credit card numbers or social security numbers.
- Prevent the sharing of files with external recipients that contain sensitive data.
- Apply policies to ensure attachments or documents with confidential data are restricted.
In practice, a legal team might use DLP to stop confidential client details from being shared inappropriately via email. DLP ensures sensitive data remains secure, even in cases of accidental sharing, and helps organisations comply with data privacy regulations. As a core component of Microsoft Purview, it offers businesses a proactive approach to data security and privacy management.
Compliance Manager
Compliance Manager is a centralised tool that helps organisations manage compliance with regulations such as GDPR, HIPAA, and others. It provides assessments, guidance, and pre-built templates to track and improve compliance efforts.
An example use case might be during an audit, or when pursuing an ISO certification, wherein Compliance Manager allows organisations to assess their readiness, track progress, and address compliance gaps. It also helps provide necessary documentation for audits.
Compliance Manager simplifies compliance tracking and management, offering a streamlined approach to meeting regulatory standards. It integrates seamlessly with other Microsoft Purview solutions, creating a comprehensive compliance strategy for organisations.
Audit
Audit in Microsoft Purview enables organisations to track and log user activities across Microsoft 365 services, providing insights for investigations and compliance monitoring. It records who did what, when, and where within the organisation’s Microsoft 365 environment.
If a document is deleted, Audit helps identify who deleted it and when. It can also track access to sensitive data, showing who accessed it and from which location, providing valuable information for security or compliance investigations. Purview’s Audit tooling helps organisations maintain oversight of user activities, enhancing security and compliance.
eDiscovery
eDiscovery assists organisations in identifying, collecting, and exporting data relevant to legal investigations, regulatory compliance, or litigation. It’s designed to retrieve important emails, documents, or data for both complex legal cases and simpler tasks like HR or compliance reviews.
Common use cases might include:
- Searching for emails or messages between employees for internal reviews.
- Exporting mailboxes when an employee leaves the company.
- Conducting complex searches and managing legal holds for investigations.
eDiscovery streamlines data retrieval for legal and compliance purposes within the broader Microsoft Purview compliance framework, making it easier to manage investigations efficiently.
Records Management
Records Management in Microsoft Purview helps businesses to manage important records, such as contracts or financial documents, by defining retention policies. These policies ensure that records are kept for the required time and disposed of properly once no longer needed. While similar to Data Lifecycle Management (DLM), Records Management focuses on managing legal or business-critical data.
Examples of where Records Management may prove useful could be:
- It helps organisations comply with regulations by ensuring records are kept for the required period and securely deleted afterward.
- It provides evidence to vendors or courts about how records are managed over time.
- In essence, while DLM focuses on organising and cleaning data, Records Management ensures compliance with legal, regulatory, or business requirements by tracking retention and disposal of critical records.
Unified Catalog
Purview’s Unified Catalog is a centralised repository that helps manage and govern both structured and unstructured data across the organisation. It provides visibility into where data is stored, what it contains, and how it should be protected. The Unified Catalog extends beyond Microsoft 365, covering cloud platforms like Azure Data Lakehouse, Azure SQL, AWS, and third-party storage systems.
It works by listing all data sources (such as files, databases, cloud services) and providing metadata and classifications. Policies are utilised to create rules surrounding who can access data and how it should be classified, ultimately offering a comprehensive overview of all organisational data, and helping to maintain data governance and compliance across multiple platforms within Microsoft Purview.
For those organisations requiring a helping hand through their Purview implementation, Threatscape’s complimentary Microsoft Purview Advisory Service offers insight into the data security protections available within your Microsoft 365 license. With a no-obligation consultation with one of our award-winning Microsoft security experts, you’ll receive advice and recommendations on the type of data security risks companies face, and insight into how Purview and other capabilities within Microsoft 365 help defend against those risks.
