Microsoft 360 Study PDF

Sign in Microsoft Purview Data Lifecycle Management provides you with tools and capabilities to retain the content that you need to keep, and delete the content that you don't. Retaining and deleting emails, documents, and messages are often needed for compliance and regulatory requirements. However, deleting content that no longer has business value also reduces your attack surface. Retention policies and retention labels Retention policies and retention labels are important tools for data lifecycle management. They help organizations to manage and govern information by ensuring content is kept only for a required time, and then permanently deleted. Applying retention labels and assigning retention policies helps organizations: Comply proactively with industry regulations and internal policies that require content to be kept for a minimum time. Reduce risk when there's litigation or a security breach by permanently deleting old content that the organization is no longer required to keep. Ensure users work only with content that's current and relevant to them. Content that is no longer relevant should be deleted. Managing content commonly requires two actions: retaining content and deleting content. Retaining content prevents permanent deletion and ensures content remains available for eDiscovery. Deleting content permanently deletes content from your organization. With these two retention actions, you can configure retention settings for the following outcomes: Retain-only: Retain content forever or for a specified period of time. Delete-only: Permanently delete content after a specified period of time. Retain and then delete: Retain content for a specified period of time and then permanently delete it. When content has retention settings assigned to it, that content remains in its original location. People can continue to work with their documents or mail as if nothing changed. But if they edit or delete content included in the retention policy, a copy of the content is automatically kept in a secure location. The secure locations and the content aren't visible to most people. In most cases, people don't even need to know that their content is subject to retention settings. Retention settings work with the following different workloads: SharePoint OneDrive Microsoft Teams Viva Engage Exchange To assign your retention settings to content, use retention policies and retention labels with label policies. You can use just one of these methods, or combine them. When using retention policies and retention labels to assign retention settings to content, there are some points to understand about each. Listed below are just a few of the key points. For more information, see the article, "Learn about retention policies and retention labels" linked in the Summary and resources unit of this module. Retention policies Retention policies are used to assign the same retention settings to content at a site level or mailbox level. A single policy can be applied to multiple locations, or to specific locations or users. Items inherit the retention settings from their container specified in the retention policy. If a policy is configured to keep content, and an item is then moved outside that container, a copy of the item is kept in the workload's secured location. However, the retention settings don't travel with the content in its new location. Retention labels Retention labels are used to assign retention settings at an item level, such as a folder, document, or email. An email or document can have only a single retention label assigned to it at a time. Retention settings from retention labels travel with the content if it’s moved to a different location within your Microsoft 365 tenant, but don't persist if the content is moved outside of your Microsoft 365 tenant. Admins can enable users in the organization to apply a retention label manually. A retention label can be applied automatically if it matches defined conditions. A default label can be applied for SharePoint documents. Retention labels support disposition review to review the content before it's permanently deleted. Consider the following scenarios. If all documents in a SharePoint site should be kept for five years, it's more efficient to do so with a retention policy than apply the same retention label to all documents in that site. However, if some documents in that site should be kept for five years and others for 10 years, you'd need to apply a policy to the SharePoint site with a retention period of five years. You'd then apply a retention label to the individual items with a retention setting of 10 years. Retention labels and policies that apply them When you publish retention labels, they're included in a retention label policy that makes them available for admins and users to apply to content. Microsoft Purview Data Lifecycle Management Microsoft Purview Data Lifecycle Management provides tools and capabilities to manage the retention and deletion of emails, documents, and messages. This helps organizations comply with regulatory requirements, reduce risk, and ensure content relevance. Key Concepts Retention Policies and Retention Labels: Essential tools for managing and governing information by ensuring content is kept for a required time and then permanently deleted. Retention Actions: o Retain-only: Keeps content forever or for a specified time. o Delete-only: Permanently deletes content after a specified time. o Retain and then Delete: Retains content for a specified time and then deletes it. Retention Settings Workloads Supported: o SharePoint o OneDrive o Microsoft Teams o Viva Engage o Exchange Retention Policies: o Apply to content at a site or mailbox level. o Single policy can apply to multiple or specific locations/users. o Items inherit retention settings from their container. o Settings do not travel with content to new locations. Retention Labels: o Apply at an item level (folder, document, email). o Single retention label per item. o Settings travel with content within the Microsoft 365 tenant. o Can be applied manually by users or automatically by conditions. o Support disposition review before permanent deletion. Practical Scenarios Retention Policies: More efficient for uniformly applying retention settings to all documents in a location. Retention Labels: Useful for applying different retention settings to individual items within the same location. By leveraging these tools, organizations can effectively manage their data lifecycle, ensuring compliance and reducing risks. If you need more information or have specific questions, feel free to ask! Organizations of all types require a management solution to manage regulatory, legal, and business-critical records across their corporate data. Microsoft Purview Records Management helps an organization look after their legal obligations. It also helps to demonstrate compliance with regulations, and increases efficiency with regular disposition of items that are no longer required to be kept, no longer of value, or no longer required for business purposes. Microsoft Purview Records Management includes many features, including: Labeling content as a record. Establishing retention and deletion policies within the record label. Triggering event-based retention. Reviewing and validating disposition. Proof of records deletion. Exporting information about disposed items. When content is labeled as a record, by using a retention label, the following happens: Restrictions are put in place to block certain activities. Activities are logged. Proof of disposition is kept at the end of the retention period. To enable items to be marked as records, an administrator sets up retention labels. An admin can choose for items to be marked as records when configuring a policy. Items such as documents and emails can then be marked as records based on those retention labels. Items might be marked as records, but they can also be shown as regulatory records. Regulatory records provide other controls and restrictions such as: A regulatory label can’t be removed when an item has been marked as a regulatory record. The retention periods can’t be made shorter after the label has been applied. For more information on comparing restrictions between records and regulatory records, see the section, "Compare restrictions for what actions are allowed or blocked section" in the article "Learn about records management," linked in the summary and resources unit of this module. The most important difference is that if content has been marked as a regulatory record, nobody, not even a global administrator, can remove the label. Marking an item as a regulatory record can have irreversible consequences, and should only be used when necessary. As a result, this option isn’t available by default, and has to be enabled by the administrator using PowerShell. Common use cases for Microsoft Purview Records Management There are different ways in which Microsoft Purview Records Management can be used across an organization, including: Enabling administrators and users to manually apply retention and deletion actions for documents and emails. Automatically applying retention and deletion actions to documents and emails. Enabling site admins to set default retain and delete actions for all content in a SharePoint library, folder, or document set. Enabling users to automatically apply retain and delete actions to emails by using Outlook rules. To ensure Microsoft Purview Records Management is used correctly across the organization, administrators can work with content creators to put together training materials. Documentation should explain how to apply labels to drive usage, and ensure a consistent understanding. Microsoft Purview Records Management Microsoft Purview Records Management is designed to help organizations manage regulatory, legal, and business-critical records across their corporate data. It ensures compliance with regulations, enhances efficiency by regularly disposing of items that are no longer required, and helps demonstrate adherence to legal obligations. Key Features 1. Labeling Content as a Record: o Blocks certain activities, logs actions, and keeps proof of disposition at the end of the retention period. 2. Establishing Retention and Deletion Policies: o Applies retention labels to manage how long content is kept and when it is deleted. 3. Triggering Event-Based Retention: o Retains content based on specific events, such as project completion or contract termination. 4. Reviewing and Validating Disposition: o Ensures records are disposed of correctly at the end of their lifecycle. 5. Proof of Records Deletion: o Provides evidence that records have been deleted as per policy. 6. Exporting Information About Disposed Items: o Enables documentation and analysis of deleted items. Records and Regulatory Records Records: o Applied using retention labels, with restrictions on activities and logged actions. Regulatory Records: o Additional controls such as non-removable labels and unchangeable retention periods once applied. o Should be used cautiously due to irreversible consequences and requires PowerShell to enable. Common Use Cases Manual Application of Retention and Deletion Actions: Allows administrators and users to manage documents and emails manually. Automatic Application of Retention and Deletion Actions: Automates the process for documents and emails. Default Retain and Delete Actions for SharePoint Content: Enables site admins to set default actions for entire libraries or folders. Email Rules in Outlook: Users can apply retention and deletion actions automatically using rules. Ensuring Proper Usage Administrators should collaborate with content creators to develop training materials and documentation, explaining how to apply labels and ensure consistent understanding across the organization. By leveraging these features and use cases, Microsoft Purview Records Management helps organizations effectively manage their records, ensuring compliance, reducing risks, and improving efficiency. If you need more information or have specific questions, feel free to ask! The Microsoft Service Trust Portal provides a variety of content, tools, and other resources about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization. The Service Trust Portal (STP) is Microsoft's public site for publishing audit reports and other compliance- related information associated with Microsoft’s cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored whitepapers that provide details on how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization. Accessing the Service Trust Portal To access some of the resources on the Service Trust Portal, you must log in as an authenticated user with your Microsoft cloud services account (Microsoft Entra organization account) and review and accept the Microsoft non-disclosure agreement for Compliance Materials. Service Trust Portal Content Categories The Service Trust Portal landing page includes content that is organized into the following categories: Certifications, Regulations, and Standards Reports, Whitepapers, and Artifacts Industry and Regional Resources Resources for your Organization Screenshot of the Service Trust Portal home page. As users navigate to content in the different categories, selecting the Service Trust Portal link at the top of the page provides a quick way to get back to the home page. Screenshot of the Service Trust Portal link at the top of the home page. Certifications, Regulations and Standards The certification, regulations, and standards section of the STP provides a wealth of security implementation and design information with the goal of making it easier for you to meet regulatory compliance objectives by understanding how Microsoft Cloud services keep your data secure. Screenshot of the tiles available in the certifications, regulations, and standards section of the Service Trust Portal home page. Selecting a tile will provide a list of available documents, including a description and when it was last updated. The screenshot that follows shows some of the documents available by selecting the ISO/IEC tile. Screenshot of the list of documents available by selecting the ISO/IEC tile. Reports, Whitepapers, and Artifacts This section includes general documents relating to the following categories: BCP and DR - Business Continuity and Disaster Recovery Pen Test and Security Assessments - Attestation of Penetration tests and security assessments conducted by third parties Privacy and Data Protection - Privacy and Data Protection Resources FAQ and Whitepapers - Whitepapers and answers to frequently asked questions Screenshot that shows the tiles available in the reports, whitepapers, and artifacts section of the Service Trust Portal home page. Industry and Regional Resources This section includes documents that apply to the following industries and regions: Financial Services - Resources elaborating regulatory compliance guidance for FSI (by country/region) Healthcare and Life Sciences - Capabilities offered by Microsoft for Healthcare Industry Media and Entertainment - Media and Entertainment Industry Resources United States Government - Resources exclusively for US Government customers Regional Resources - Documents describing compliance of Microsoft's online services with various regional policies and regulations Screenshot of the tiles available in the reports, whitepapers, and artifacts section of the Service Trust Portal home page. Resources for your Organization This section lists documents applying to your organization (restricted by tenant) based on your organization’s subscription and permissions. Screenshot showing tiles available in the resources for your organization section of the Service Trust Portal home page. My Library Use the My Library feature to add documents and resources on the Service Trust Portal to your My Library page. This lets you access documents that are relevant to you in a single place. To add a document to your My Library, select the ellipsis (...) menu to the right of a document and then select Save to library. Additionally, the notifications feature lets you configure your My Library so that an email message is sent to you whenever Microsoft updates a document that you've added to your My Library. To set up notifications, go to your My Library and select Notification Settings. You can choose the frequency of notifications and specify an email address in your organization to send notifications to. Email notifications include links to the documents that have been updated and a brief description of the update. If a document is part of a series, you'll be subscribed to the series, and will receive notifications when there's an update to that series. Screenshot of the documents listed in the My Library page. Microsoft Service Trust Portal Overview The Microsoft Service Trust Portal (STP) is a valuable resource for accessing content, tools, and insights about how Microsoft cloud services protect your data and how you can manage cloud data security and compliance for your organization. Accessing the Service Trust Portal To access some resources, you need to log in with your Microsoft cloud services account (Microsoft Entra organization account) and accept the Microsoft non- disclosure agreement for Compliance Materials. Content Categories 1. Certifications, Regulations, and Standards: o Provides security implementation and design information to help you meet regulatory compliance objectives. o Examples: ISO/IEC documents. 2. Reports, Whitepapers, and Artifacts: o Includes documents related to business continuity, penetration tests, privacy, and FAQs. o Examples: BCP and DR, Pen Test and Security Assessments, Privacy and Data Protection. 3. Industry and Regional Resources: o Documents tailored for specific industries and regions. o Examples: Financial Services, Healthcare and Life Sciences, Media and Entertainment, US Government, Regional Resources. 4. Resources for your Organization: o Lists documents specific to your organization based on your subscription and permissions. My Library Feature Save Documents: Add documents to your My Library page for easy access. Notifications: Set up email notifications for updates to documents in your My Library. By leveraging the Service Trust Portal, you can access a wide range of resources to help you manage your organization's compliance and data security effectively. If you have any more questions or need further details, feel free to ask! For more detailed information, you can access the Service Trust Portal here. Microsoft’s products and services run on trust. At Microsoft, we value, protect, and defend privacy. We believe in transparency, so that people and organizations can control their data and have meaningful choices in how it's used. We empower and defend the privacy choices of every person who uses our products and services. Microsoft's approach to privacy is built on the following six principles: Control: Putting you, the customer, in control of your data and your privacy with easy-to-use tools and clear choices. Your data is your business, and you can access, modify, or delete it at any time. Microsoft will not use your data without your agreement, and when we have your agreement, we use your data to provide only the services you have chosen. Your control over your data is reinforced by Microsoft compliance with broadly applicable privacy laws and privacy standards. Transparency: Being transparent about data collection and use so that everyone can make informed decisions. We only process your data based on your agreement and in accordance with the strict policies and procedures that we've contractually agreed to. When we deploy subcontractors or subprocessors to perform work that requires access to your data, they can perform only the functions that Microsoft has hired them to provide, and they're bound by the same contractual privacy commitments that Microsoft makes to you. The Microsoft Online Services Subprocessor List identifies authorized, subprocessors, who have been audited against a stringent set of security and privacy requirements in advance. This document is available as one of the data protection resources in the Service Trust Portal. Security: Protecting the data that's entrusted to Microsoft by using strong security and encryption. With state-of-the-art encryption, Microsoft protects your data both at rest and in transit. Our encryption protocols erect barriers against unauthorized access to the data, including two or more independent encryption layers to protect against compromises of any one layer. All Microsoft-managed encryption keys are properly secured and offer the use of technologies such as Azure Key Vault to help you control access to passwords, encryption keys, and other secrets. Strong legal protections: Respecting local privacy laws and fighting for legal protection of privacy as a fundamental human right. Microsoft defends your data through clearly defined and well-established response policies and processes, strong contractual commitments, and if necessary, the courts. We believe all government requests for your data should be directed to you. We don’t give any government direct or unfettered access to customer data. We will not disclose data to a government or law enforcement agency, except as you direct or where required by law. Microsoft scrutinizes all government demands to ensure they're legally valid and appropriate. If Microsoft receives a request for your data, we'll promptly notify you and provide a copy of the request unless legally prohibited from doing so. Moreover, we'll direct the requesting party to seek the data directly from you. Our contractual commitments to our enterprise and public sector customers include defending your data, which builds on our existing protections. We'll challenge every government request for commercial and public sector customer data where we can lawfully do so. No content-based targeting: Not using email, chat, files, or other personal content to target advertising. We do not share your data with advertiser- supported services, nor do we mine it for any purposes like marketing research or advertising. Benefits to you: When Microsoft does collect data, it's used to benefit you, the customer, and to make your experiences better. For example: Troubleshooting: Troubleshooting for preventing, detecting, and repairing problems affecting operations of services. Feature improvement: Ongoing improvement of features including increasing reliability and protection of services and data. Personalized customer experience: Data is used to provide personalized improvements and better customer experiences. These principles form Microsoft’s privacy foundation, and they shape the way that products and services are designed. Microsoft’s commitment to privacy and data protection is rooted in six key principles: 1. Control Customer Control: You control your data with easy-to-use tools and choices. Your data is your business. You can access, modify, or delete it anytime. Agreed Use: Microsoft uses your data only with your agreement and for the services you choose. Compliance: Reinforced by adherence to privacy laws and standards. 2. Transparency Clarity: Clear information about data collection and use. Agreed Processing: Data is processed only with your agreement, following strict policies. Subprocessors: Microsoft’s subprocessors can only perform functions they’re hired for, bound by privacy commitments. 3. Security Strong Encryption: Data is protected with state-of-the-art encryption both at rest and in transit. Encryption Layers: Multiple encryption layers protect against unauthorized access. Key Management: Secure management of encryption keys, with tools like Azure Key Vault. 4. Strong Legal Protections Legal Compliance: Adherence to local privacy laws and strong contractual commitments. Government Requests: Government requests for data are directed to you, and Microsoft defends your data through established policies and the courts when necessary. No Unfettered Access: No government is given direct access to your data. 5. No Content-Based Targeting Privacy in Advertising: Microsoft does not use email, chat, files, or other personal content for targeted advertising. No Data Sharing: Data is not shared with advertiser-supported services or mined for marketing research. 6. Benefits to You Troubleshooting: Used to prevent, detect, and repair service issues. Feature Improvement: Ongoing improvements to features, reliability, and protection. Personalized Experience: Enhancements to provide a better user experience. These principles are the foundation of Microsoft’s privacy practices, ensuring that your data is protected and used transparently and securely. If you have any more questions or need further details, feel free to ask! Privacy is top of mind for organizations and consumers today, and concerns about how private data is handled are steadily increasing. Regulations and laws impact people around the world, setting rules for how organizations store personal data and giving people rights to manage personal data collected by an organization. To meet regulatory requirements and build customer trust, organizations need to take a "privacy by default" stance. Rather than manual processes and a patchwork of tools, organizations need a comprehensive solution. Microsoft Priva is a comprehensive set of privacy solutions that support privacy operations across your organization's entire digital estate and enables your organization to consolidate privacy protection across your data landscape, streamline compliance to regulations, and mitigate privacy risk. The Priva suite of solutions has expanded to include the following solutions: Subject Rights Requests Privacy Risk Management Consent Management (preview) Privacy Assessments (preview) Tracker Scanning (preview) These solutions can be found in the new Microsoft Priva portal (preview). A diagram showing the Priva solutions, which include Privacy Assessments, Privacy Risk Management, Tracker Scanning, Consent Management, and Subject Rights Requests. Priva Privacy Risk Management Microsoft Priva Privacy Risk Management gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Policy options in Privacy Risk Management can help you find issues in the following areas of privacy concern and guide your users through recommended steps for remediation. Limit data overexposure. Data overexposure policies, which can be set up to cover both Microsoft 365 and multicloud (preview) locations, can help you detect and handle situations in which data that your organization has stored is insufficiently secure. For example, Privacy Risk Management can alert you if access to an internal site is open to too many people or your permissions settings haven't been maintained. Privacy Risk Management also offers remediation options that help your users resolve any issues that are found. For data overexposure, these include making content items private, notifying content owners, or tagging items for further review. Find and mitigate data transfers. Data transfer policies allow you to monitor for transfers between different world regions or between departments in your organization, and transfers outside of your organization. When a policy match is detected, you can send users email notifications that allow them to take corrective action right in the email, such as making content items private, notifying content owners, or tagging items for further review. Minimize stored data. Data minimization policies allow you to look for data that your organization has been storing for at least a certain length of time. This can help you manage your ongoing storage practices. When policy matches are found, remediation options include marking items for deletion, notifying content owners, or tagging items for further review. The summary and resources unit of this module, includes a link to learn more about Privacy Risk Management policies that provides more details on policy settings, including data sources supported and the data types to monitor. Priva Subject Rights Requests In accordance with certain privacy regulations around the world, individuals (or data subjects) may make requests to review or manage the personal data about themselves that companies have collected. These requests are sometimes also referred to as data subject requests (DSRs), data subject access requests (DSARs), or consumer rights requests. For companies that store large amounts of information, finding the relevant data can be a formidable task. Microsoft Priva can help you handle these inquiries through the Subject Rights Requests solution, which can address subject rights request for data within your organization's Microsoft 365 environment or for subject rights request for data beyond Microsoft 365, currently in preview. The solution provides automation, insights, and workflows to help organizations fulfill requests more confidently and efficiently. Consent Management (preview) Nearly all interactions with companies, service providers, websites, programs, and apps are conducted digitally, which has resulted in an explosion of data belonging to individuals. It’s never been more important for organizations to meet the requirements of data privacy regulations to provide the right type of consent and notice around the collection and use of personal data. Consent models refer to the approaches used by organizations to obtain, manage, and record user consent for the collection, processing, and sharing of personal data. These models are crucial for ensuring that organizations comply with privacy regulations. Priva Consent Management is a regulatory-independent solution for streamlining the management of consented personal data. Consent management empowers organizations to effectively track consumer consent across their entire data estate. Consent management provides customizable consent models that allow you to add branding and style elements specific to your organization. Consent models also support adding, importing, or machine-generating language translations to support visitors in multiple regions who have different language requirements. The consent models you create don’t need to be created for specific websites, meaning you can use the same model across your public domains. When you’re ready to publish your consent models, a centralized process allows you to publish consent models at scale to multiple regions. Privacy Assessments (preview) Organizations today face significant challenges in maintaining current justified documentation of data usage across their data estates. The assessment of personal data use often involves manual and time-consuming tasks like generating and updating custom questionnaires as well as monitoring data use across the business. As a result, privacy impact assessments are performed after the fact or quickly become stale, failing to accurately reflect the current state of data use within the organization. Priva Privacy Assessments automates the discovery, documentation, and evaluation of personal data use across your entire data estate. Using this regulatory-independent solution, you can automate privacy assessments and build a complete compliance record for the responsible use of personal data. Tracker Scanning (preview) Web tracker compliance refers to the adherence of websites to legal and regulatory requirements regarding the use of web tracking technologies. These technologies, such as cookies and other tracking mechanisms, are used to monitor and collect data about users' activities on a website. Many organizations find it challenging to effectively manage and monitor web tracker compliance. Navigating the intricate realm of tracker compliance is a complex and often burdensome task due to the swift evolution of technology, the proliferation of websites, and the evolving landscape of privacy regulations. Priva Tracker Scanning empowers organizations to automate the identification of tracking technologies across multiple web properties, driving the efficient management of website privacy compliance. With Tracker Scanning you can automate scans for trackers, evaluate and manage web trackers, and streamline compliance reporting. Priva portal (preview) The new Priva portal (preview) has a unified experience that streamlines navigation for all Priva solutions and provides a single-entry point for settings, search, and roles and permissions management. The classic Microsoft Purview compliance portal doesn't support the newest solutions currently in preview: Consent Management, Privacy Assessments, Tracker scanning, and Subject Rights Request beyond Microsoft 365. Screenshot of the Priva portal landing page. Microsoft Priva Microsoft Priva is a comprehensive suite of privacy solutions designed to support privacy operations across your organization's entire digital estate. It helps consolidate privacy protection, streamline compliance, and mitigate privacy risks. Key Solutions 1. Priva Privacy Risk Management o Data Overexposure Policies: Identify and handle insufficiently secure data. o Data Transfer Policies: Monitor and mitigate transfers between regions or outside the organization. o Data Minimization Policies: Manage data that has been stored for extended periods. 2. Priva Subject Rights Requests o Facilitates handling requests to review or manage personal data, aiding compliance with global privacy regulations. 3. Consent Management (Preview) o Manages and tracks consumer consent for data collection, processing, and sharing. o Customizable consent models for branding and multilingual support. 4. Privacy Assessments (Preview) o Automates the discovery, documentation, and evaluation of personal data use. o Ensures privacy impact assessments are up-to-date and accurate. 5. Tracker Scanning (Preview) o Automates the identification and management of web tracking technologies. o Enhances compliance with web tracker regulations. Priva Portal (Preview) The new Priva portal offers a unified experience for all Priva solutions, streamlining navigation and providing a single entry point for settings, search, and roles and permissions management. Practical Benefits By leveraging Microsoft Priva, organizations can: Proactively manage privacy risks and compliance. Automate and streamline privacy operations. Maintain up-to-date privacy assessments and consent records. Ensure compliance with privacy regulations and protect customer trust. If you have any questions or need further details, feel free to ask! Organizations need to know their data to identify important information across the estate and ensure that data is handled in line with compliance requirements. Admins can enable their organization to know its data through data classification and explorer capabilities available in the Microsoft Purview portal. Sensitive information types Sensitive information types (SIT) are pattern-based classifiers. They have set patterns that can be used to identify them. For example, an identification number in a country/region may be based on a specific pattern, like this: 123-456-789-ABC Microsoft Purview includes many built-in sensitive information types based on patterns that are defined by a regular expression (regex) or a function. Examples include: Credit card numbers Passport or identification numbers Bank account numbers Health service numbers Refer to Sensitive information type entity definitions for a listing of available built-in sensitive information types. Data classification in Microsoft Purview also supports the ability to create custom sensitive information types to address organization-specific requirements. For example, an organization may need to create sensitive information types to represent employee IDs or project numbers. Also supported is exact data match (EDM) classification. EDM-based classification enables you to create custom sensitive information types that refer to exact values in a database of sensitive information. In the Microsoft Purview portal sensitive information types are referred to as EDM classifiers. Sensitive information types can be used with sensitivity labels, retention labels, and across many Microsoft Purview and Microsoft Priva Solutions. Trainable classifiers Trainable classifiers use artificial intelligence and machine learning to intelligently classify your data. They're most useful classifying data unique to an organization like specific kinds of contracts, invoices, or customer records. This method of classification is more about training a classifier to identify an item based on what the item is, not by elements that are in the item (pattern matching). Two types of classifier are available: Pre-trained classifiers - Microsoft has created and pretrained many classifiers that you can start using without training them. These classifiers appear with the status of Ready to use. Microsoft Purview comes with five pretrained classifiers that detect and classify things like resumes, source code, harassment, profanity, and threat (relates to committing violence or doing physical harm). Custom trainable classifiers - Microsoft supports the ability to create and train custom classifiers. They're most useful when classifying data unique to an organization, like specific kinds of contracts, invoices, or customer records. To get a custom trainable classifier to accurately identify an item as being in a particular category of content, it must first be presented with many samples of the type of content in the category. This feeding of positive samples is known as seeding and is used to create a prediction model for the classifier. The model gets tested to determine if the classifier can correctly distinguish between items that match the category and items that don't. The result of each prediction is manually verified, which serves as input to improve the accuracy of the prediction model. After the accuracy score of the model has stabilized, the classifier can be published. Trainable classifiers can then sort through items in locations like SharePoint Online, Exchange, and OneDrive, and classify the content. Note At this time, classifiers only work with items that aren't encrypted. Understand and explore the data Data classification can involve large numbers of documents and emails. To help administrators derive insights and understanding, the Explorers node under Information Protection in the Microsoft Purview portal provides tools such as the activity explorer and content explorer that provide details at a glance, including: The number of items classified as sensitive information and which classifications they are. Details on the locations of data based on sensitivity. Summary of actions that users are taking on sensitive content across the organization. Administrators can also use the information gained from these tools to guide their actions. Content explorer: Content explorer provides a current snapshot of the items that have a sensitivity label, a retention label or have been classified as a sensitive information type in your organization. It enables administrators with the appropriate role permissions to further drill down into items by allowing them to access and review the scanned source content that's stored in different kinds of locations, such as Exchange, SharePoint, and OneDrive. Access to content explorer is highly restricted because it makes it possible to read the contents of scanned files. A user that requires access to content explorer must have an account in one or more of the content explorer roles groups. Activity explorer: Activity explorer provides visibility into what content has been discovered and labeled, and where that content is. It makes it possible to monitor what's being done with labeled content across the organization. Admins gain visibility into document-level activities like label changes and downgrades (such as when someone changes a label from confidential to public), or when files are copied to removable media or a network share. Admins use the filters to see all the details for a specific label, including file types, users, and activities. Activity explorer helps you understand what's being done with labeled content over time. Admins use activity explorer to evaluate if controls already in place are effective. Activity explorer Content explorer A screenshot of the activity explorer page in the Microsoft Purview portal. To manage and protect sensitive information, organizations can use data classification and explorer capabilities available in the Microsoft Purview portal. These tools help identify important information and ensure it aligns with compliance requirements. Sensitive Information Types Sensitive information types (SIT) are pattern-based classifiers used to identify specific data patterns, such as identification numbers or credit card numbers. Microsoft Purview includes many built-in sensitive information types based on regex or functions, such as: Credit Card Numbers Passport or Identification Numbers Bank Account Numbers Health Service Numbers Organizations can also create custom sensitive information types for specific needs, like employee IDs or project numbers. Additionally, exact data match (EDM) classification allows for creating custom sensitive information types referring to exact values in a database. Trainable Classifiers Trainable classifiers use AI and machine learning to classify data based on content, rather than pattern matching. Two types of trainable classifiers are available: Pre-Trained Classifiers: Ready to use classifiers created by Microsoft, such as those detecting resumes, source code, harassment, profanity, and threats. Custom Trainable Classifiers: Organizations can create and train classifiers for unique data types, like specific contracts or customer records. These classifiers are trained with many samples to create a prediction model. Explorers: Understanding and Exploring Data To derive insights from classified data, the Microsoft Purview portal provides tools like the activity explorer and content explorer: Content Explorer Provides a snapshot of items with sensitivity or retention labels. Allows administrators to drill down into items for review, stored in locations like Exchange, SharePoint, and OneDrive. Access is highly restricted to ensure security. Activity Explorer Offers visibility into what content has been discovered, labeled, and its locations. Monitors document-level activities, such as label changes and file copying. Helps evaluate the effectiveness of existing controls. By using these tools, organizations can manage sensitive information effectively, ensuring compliance and improving data handling practices. If you have any questions or need further details, feel free to ask! Organizations must protect their data, to safeguard customers and business operations, and to meet compliance standards. Admins can enable their organization to protect its data, through capabilities and tools such as sensitivity labels and policies in Microsoft Purview. Sensitivity labels Sensitivity labels enable the labeling and protection of content, without affecting productivity and collaboration. With sensitivity labels, organizations can decide on labels to apply to content such as emails and documents, much like different stamps are applied to physical documents: Labels are: Customizable: Admins can create different categories specific to the organization, such as Personal, Public, Confidential, and Highly Confidential. Clear text: Because each label is stored in clear text in the content's metadata, third-party apps and services can read it and then apply their own protective actions, if necessary. Persistent. After you apply a sensitivity label to content, the label is stored in the metadata of that email or document. The label then moves with the content, including the protection settings, and this data becomes the basis for applying and enforcing policies. Each item that supports sensitivity labels can only have one label applied to it, at any given time. Sensitivity labels can be configured to: Encrypt email only or both email and documents. Mark the content when Office apps are used. Marking the content includes adding watermarks, headers, or footers. Headers or footers can be added to emails or documents. Watermarks can be applied to documents but not to email. Apply the label automatically in Office apps or recommend a label. Admins choose the types of sensitive information to be labeled. The label can be applied automatically or configured to prompt users to apply the recommended label. Protect content in containers such as sites and groups. This label configuration doesn't result in documents being automatically labeled. Instead, the label settings protect content by controlling access to the container where documents are stored. Extend sensitivity labels to third-party apps and services. The Microsoft Purview Information Protection SDK enables third-party apps to read sensitivity labels and apply protection settings. Classify content without using any protection settings. A classification can be assigned to content (just like a sticker) that persists and roams with the content as it's used and shared. The classification can be used to generate usage reports and view activity data for sensitive content. The image that follows shows the settings for a sensitivity label named Confidential-Finance, which includes settings for encryption, content marking, and autolabeling for files and emails. A screen capture of a sensitivity label named Confidential-Finance, which includes settings for encryption, content marking, and autolabeling for files and emails. Label policies After sensitivity labels are created, they need to be published to make them available to people and services in the organization. Sensitivity labels are published to users or groups through label policies. Sensitivity labels will then appear in Office apps for those users and groups. The sensitivity labels can be applied to documents and emails. Label policies enable admins to: Choose the users and groups that can see labels. Labels can be published to specific users, distribution groups, Microsoft 365 groups in Microsoft Entra ID, and more. Apply a default label to all new emails and documents that the specified users and groups create. Users can always change the default label if they believe the document or email has been mislabeled. Require justifications for label changes. If a user wants to remove a label or replace it, admins can require the user to provide a valid justification to complete the action. The user will be prompted to provide an explanation for why the label should be changed. Require users to apply a label (mandatory labeling). It ensures a label is applied before users can save their documents, send emails, or create new sites or groups. Link users to custom help pages. It helps users to understand what the different labels mean and how they should be used. Once a sensitivity label is applied to an email or document, any configured protection settings for that label are enforced on the content. To safeguard sensitive data, Microsoft Purview offers powerful tools like sensitivity labels and label policies that enable organizations to protect their information without hindering productivity. Sensitivity Labels Sensitivity labels allow you to categorize and protect content by applying customizable labels, much like stamps on physical documents. Here’s how they work: Customizable: Create labels specific to your organization's needs, such as Personal, Public, Confidential, and Highly Confidential. Clear Text: Labels are stored in clear text in the content's metadata, making them readable by third-party apps and enabling additional protective actions. Persistent: Labels stay with the content, enforcing protection settings as the content is shared or moved. Configurable Settings Sensitivity labels can be configured to: Encrypt Content: Protect emails and documents. Mark Content: Add watermarks, headers, or footers to documents (watermarks not applicable to emails). Automatic or Recommended Labels: Automatically apply labels or prompt users to do so based on the sensitivity of the content. Protect Containers: Control access to sites and groups without automatically labeling the documents within them. Extend Protection: Use the Information Protection SDK to extend labels to third- party apps and services. Classify Without Protection: Assign a classification for reporting and activity tracking without additional protection settings. Label Policies After creating sensitivity labels, label policies are used to publish these labels to users or groups, making them available in Office apps for document and email protection. Here are some key features of label policies: Choose Users and Groups: Specify who can see and use the labels. Default Labels: Apply a default label to new emails and documents. Justification for Changes: Require users to provide a justification when changing or removing a label. Mandatory Labeling: Ensure a label is applied before saving documents, sending emails, or creating new sites or groups. Custom Help Pages: Link to help pages that explain label usage. Practical Use For example, if a document should be labeled Confidential-Finance, it can include settings for encryption, content marking, and automatic labeling for files and emails. Once the label is applied, its protection settings are enforced, ensuring the content remains secure. By leveraging sensitivity labels and label policies, organizations can protect their data, comply with regulations, and ensure only authorized users have access to sensitive information. If you have any questions or need further details, feel free to ask! Data loss can harm an organization’s customers, business processes, and the organization itself. Organizations need to prevent data loss by detecting risky behavior and preventing sensitive information from being shared inappropriately. In Microsoft Purview, you implement data loss prevention (DLP) by defining and applying DLP policies. With a DLP policy, you can identify, monitor, and automatically protect sensitive items across: Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive accounts Office applications such as Word, Excel, and PowerPoint Windows 10, Windows 11, and macOS (three latest released versions) endpoints Cloud apps On-premises file shares and on-premises SharePoint Power BI DLP detects sensitive items by using deep content analysis, not by just a simple text scan. Content is analyzed for primary data matches to keywords, by the evaluation of regular expressions, by internal function validation, and by secondary data matches that are in proximity to the primary data match. Beyond that DLP also uses machine learning algorithms and other methods to detect content that matches your DLP policies. Protective actions of DLP policies DLP policies are how you monitor the activities that users take on sensitive items at rest, sensitive items in transit, or sensitive items in use and take protective actions. Protective actions that DLP policies can take include: Show a pop-up policy tip to the user that warns them that they may be trying to share a sensitive item inappropriately. Block the sharing and, via a policy tip, allow the user to override the block and capture the users' justification. Block the sharing without the override option. For data at rest, sensitive items can be locked and moved to a secure quarantine location, For Teams chat, the sensitive information won't be displayed. All DLP monitored activities are recorded to the Microsoft 365 Audit log by default and routed to Activity explorer. When a user performs an action that meets the criteria of a DLP policy, and you have alerts configured, DLP provides alerts in the DLP alert management dashboard. DLP Policy information DLP policies can be created from predefined templates, or you can create a custom policy. No matter which you choose, all DLP policies require the same information. Choose the type of data to monitor. Predefined policy templates allow you to choose from categories such as Financial data, Medical and health data, or Privacy data for various countries and regions. Alternatively, you can create a custom policy that uses the available sensitive information types, retention labels, and sensitivity labels. Choose administrative scoping. DLP policies can be applied to all users and groups by an unrestricted administrator, or they can be scoped to administrative units. Administrative units let you subdivide your organization into smaller units, and then assign specific administrators that can manage only the members of those units. Choose the location where the policy will be applied, such as Exchange, SharePoint, OneDrive, and more. Choose the conditions that must be matched for a policy to be applied to an item. Choose the protective action to take when the policy conditions are met. A screen capture of the landing page when creating a DLP policy. The screen shows the option of starting with a template or custom policy. A screen capture from creating a DLP policy. The screen shows the options for choosing a location to apply a DLP policy. What is endpoint data loss prevention? Endpoint DLP enables you to audit and manage the many activities users take on sensitive items that are physically stored Windows 10, Windows 11, or macOS devices. The list that follows shows a few examples: Creating an item Renaming an item Copying items to removable media Copying items to network shares Printing documents Accessing items using unallowed apps and browsers In the activity explorer, you can view information about what users are doing with sensitive content. A screenshot of data classification information in the activity explorer as monitored through endpoint DLP. Admins use this information to enforce protective actions for content through controls and policies. Data loss prevention in Microsoft Teams Data loss prevention capabilities extend to Microsoft Teams chat and channel messages, whether it's in a message or a file, including messages in private channels. Just like with Exchange, Outlook, SharePoint, and OneDrive, administrators can use DLP policy tips that will be displayed to the user to show them why a policy has been triggered. For example, the screenshot that follows shows a policy tip on a chat message that was blocked because the user attempted to share a U.S. Social Security Number. Data loss can significantly impact an organization, affecting customers, business processes, and overall operations. Implementing Data Loss Prevention (DLP) policies in Microsoft Purview helps to detect risky behavior and prevent the inappropriate sharing of sensitive information. Here’s how it works and what you can achieve with DLP: DLP Policies DLP policies allow you to identify, monitor, and protect sensitive data across various services and applications, including: Microsoft 365 services: Teams, Exchange, SharePoint, and OneDrive Office applications: Word, Excel, and PowerPoint Endpoints: Windows 10, Windows 11, and macOS (three latest versions) Cloud apps On-premises file shares and SharePoint Power BI DLP uses deep content analysis to detect sensitive items, employing methods like keyword matching, regular expressions, function validation, and machine learning algorithms. Protective Actions of DLP Policies DLP policies monitor user activities on sensitive items and take protective actions, such as: Policy Tips: Warn users with a pop-up tip when they may be sharing sensitive information inappropriately. Blocking Sharing: Block the sharing of sensitive data, with options for users to override with justification or block without override. Quarantine Sensitive Items: Lock and move sensitive items to a secure location. Microsoft Teams: Prevent sensitive information from being displayed in chats. DLP Policy Information When creating a DLP policy, you need to: 1. Choose Data Types: Use predefined templates for financial, medical, and privacy data or create custom policies. 2. Administrative Scoping: Apply policies to all users or specific administrative units. 3. Specify Locations: Select where the policy applies (e.g., Exchange, SharePoint, OneDrive). 4. Define Conditions: Set conditions for policy application. 5. Select Protective Actions: Determine what actions to take when conditions are met. Endpoint Data Loss Prevention Endpoint DLP enables the auditing and management of user activities on sensitive items stored on Windows 10, Windows 11, or macOS devices, such as: Creating, renaming, or copying items Printing documents Accessing items using unallowed apps and browsers Admins can view detailed activity information through the Activity Explorer. DLP in Microsoft Teams DLP extends to Microsoft Teams, monitoring chat and channel messages for sensitive information. Policy tips in Teams notify users why a policy has been triggered, helping prevent the sharing of sensitive data, such as Social Security Numbers. By leveraging DLP policies, organizations can effectively protect sensitive data, ensuring compliance and reducing the risk of data breaches. If you have more questions or need further details, feel free to ask! The user can then find out more about why their message was blocked by selecting the "What can I do?" link, and take appropriate action. A screenshot of a DLP policy tip presented to user whose message is blocked. The tip provides information about why their message was blocked, and actions to take. DLP policies applied to Microsoft 365 services, including Microsoft Teams, can help users across organizations to collaborate securely and in a way that's in line with compliance requirements. Integration with Microsoft Copilot for Security Microsoft Purview Data Loss Prevention supports integration with Microsoft Copilot for Security, through the standalone and embedded experiences. To experience this Copilot capability, organizations must be onboarded to Copilot, have enabled Copilot to access data from Microsoft 365 services, and users must have the appropriate role permissions, The Microsoft Purview capabilities, that you can view in the standalone experience by selecting the prompt icon and selecting all capabilities, are built-in prompts that you can use but you can also enter your own prompts based on the capabilities supported. Screen capture of the Microsoft Purview capabilities available Microsoft Copilot for Security. In the embedded experience, Copilot in Microsoft Purview Data Loss Prevention supports alert summarization. To access Copilot from within Microsoft Purview Data Loss Prevention, navigate to the alerts queue to select the alert you want to review. Information about the alert and the option to summarize the alert are displayed. You select Summarize to have Copilot generate the alert summary. Alert Copilot alert summary Screen capture of a data loss prevention alert page that shows the option to summarize the alert. Data Loss Prevention in Microsoft 365 Services When users encounter a Data Loss Prevention (DLP) policy tip that blocks a message, they can select the "What can I do?" link to understand why their message was blocked and what actions they can take. This ensures that users are aware of the compliance requirements and helps maintain secure collaboration across the organization. Integration with Microsoft Copilot for Security Microsoft Purview Data Loss Prevention (DLP) integrates with Microsoft Copilot for Security, offering both standalone and embedded experiences to enhance data protection and compliance management. Standalone Experience Organizations that are onboarded to Copilot can use built-in prompts in the standalone experience to leverage various capabilities of Microsoft Purview. Users with appropriate role permissions can access these capabilities by selecting the prompt icon and exploring all available options. Embedded Experience Within the embedded experience, Copilot in Microsoft Purview DLP supports alert summarization. Here’s how you can utilize this feature: 1. Navigate to Alerts Queue: Select the alert you want to review. 2. Alert Summary: Information about the alert and the option to summarize it will be displayed. 3. Generate Summary: Select "Summarize" to have Copilot generate the alert summary, providing a concise overview of the alert details. By integrating with Microsoft Copilot for Security, Microsoft Purview DLP offers enhanced capabilities to help organizations manage data loss prevention more efficiently and effectively. If you have any more questions or need further details, feel free to ask! Microsoft Purview Insider Risk Management is a solution that helps minimize internal risks by enabling an organization to detect, investigate, and act on risky and malicious activities. Managing and minimizing risk in an organization starts with understanding the types of risks found in the modern workplace. Some risks are driven by external events and factors, and are outside an organization’s direct control. Other risks are driven by internal events and employee activities that can be eliminated and avoided. Some examples include: Leaks of sensitive data and data spillage Confidentiality violations Intellectual property (IP) theft Fraud Insider trading Regulatory compliance violations Insider risk management is centered around the following principles: Transparency: Balance user privacy versus organization risk with privacy-by-design architecture. Configurable: Configurable policies based on industry, geographical, and business groups. Integrated: Integrated workflow across Microsoft Purview solutions. Actionable: Provides insights to enable user notifications, data investigations, and user investigations. Insider risk management workflow Insider risk management helps organizations to identify, investigate, and address internal risks. With focused policy templates, comprehensive activity signaling across Microsoft 365, and a flexible workflow, organizations can take advantage of actionable insights to help identify and resolve risky behavior quickly. Identifying and resolving internal risk activities and compliance issues with insider risk management in Microsoft Purview is achieved using the following workflow: A diagram of the insider risk management workflow. Policies - Insider risk management policies are created using predefined templates and policy conditions that define what risk indicators are examined in Microsoft 365 feature areas. These conditions include how indicators are used for alerts, what users are included in the policy, which services are prioritized, and the monitoring time period. Alerts - Alerts are automatically generated by risk indicators that match policy conditions and are displayed in the alerts page, which provides a quick view of all alerts needing review, open alerts over time, and alert statistics for the organization. DLP alerts can also be viewed in the Microsoft Defender portal, where they are automatically combined into incidents that provide a comprehensive view into potential policy violations and advanced tools for investigation and remediation. Triage - New activities that need investigation automatically generate alerts that are assigned a Needs review status. Reviewers in the organization can quickly identify these alerts and scroll through each to evaluate and triage. Alerts are resolved by opening a new case, assigning the alert to an existing case, or dismissing the alert. As part of the triage process, reviewers can view alert details for the policy match, view user activity associated with the match, see the severity of the alert, and review user profile information. Investigate - Cases are created for alerts that require deeper review and investigation of the details and circumstances around the policy match. The cases page provides an all-up view of all active cases, open cases over time, and case statistics for the organization. Selecting a case opens it for investigation and review. This area is where risk activities, policy conditions, alerts details, and user details are synthesized into an integrated view for reviewers. The primary investigation tools in this area are: User activity: User risk activity is automatically displayed in an interactive chart that plots activities over time and by risk level for current or past risk activities. Reviewers can quickly filter and view the entire risk history for the user and drill into specific activities for more details. Content explorer: All data files and email messages associated with alert activities are automatically captured and displayed in the Content explorer. Reviewers can filter and view files and messages by data source, file type, tags, conversation, and many more attributes. Case notes: Reviewers can provide notes for a case in the Case Notes section. This list consolidates all notes in a central view and includes reviewer and date submitted information. Action - After cases are investigated, reviewers can quickly act to resolve the case or collaborate with other risk stakeholders in the organization. Actions can be as simple as sending a notification when employees accidentally or inadvertently violate policy conditions. In more serious cases, reviewers may need to share the insider risk management case information with other reviewers in the organization. Escalating a case for investigation makes it possible to transfer data and management of the case to eDiscovery in Microsoft Purview. Insider risk management can help you detect, investigate, and take action to mitigate internal risks in your organization in several common scenarios. These scenarios include data theft by employees, the intentional, or unintentional leak of confidential information, offensive behavior, and more. Integration with Microsoft Copilot for Security Microsoft Purview Insider Risk Management supports integration with Microsoft Copilot for Security, through the standalone and embedded experiences. To experience Copilot integration, organizations must be onboarded to Copilot, have enabled Copilot to access data from Microsoft 365 services, and users must have the appropriate role permissions. The Microsoft Purview capabilities, that you can view in the standalone experience by selecting the prompt icon and selecting all capabilities, are built-in prompts that you can use, but you can also enter your own prompts based on the capabilities supported. Screen capture of the Microsoft Purview capabilities available Microsoft Copilot for Security. In the embedded experience, Copilot in Microsoft Purview Insider Risk Management supports alert summarization. To access Copilot from within Microsoft Purview Insider Risk Management, navigate to the alerts queue to select the alert you want to review. Information about the alert and the option to summarize the alert are displayed. You select Summarize to have Copilot generate the alert summary. Alert Copilot alert summary Screen capture of an Insider Risk Management alerts page that shows the option to summarize an alert. Microsoft Purview Insider Risk Management is designed to minimize internal risks by detecting, investigating, and acting on risky and malicious activities. Here's an overview of how it works and integrates with Microsoft Copilot for Security. Understanding Insider Risks Internal risks can arise from various employee activities and events, including: Leaks of sensitive data Confidentiality violations Intellectual property theft Fraud Insider trading Regulatory compliance violations Insider Risk Management Principles 1. Transparency: Balancing user privacy and organizational risk with privacy-by- design architecture. 2. Configurable: Policies tailored based on industry, geographical, and business groups. 3. Integrated: Seamless workflow across Microsoft Purview solutions. 4. Actionable: Providing insights for user notifications and investigations. Insider Risk Management Workflow 1. Policies: o Created using predefined templates and conditions. o Define risk indicators, users, services, and monitoring periods. 2. Alerts: o Automatically generated by matching risk indicators. o Displayed in the alerts page, offering a quick overview and statistics. o DLP alerts can also be viewed in the Microsoft Defender portal. 3. Triage: o New activities generate alerts marked as Needs review. o Reviewers evaluate and resolve alerts by opening a new case, assigning to an existing case, or dismissing. 4. Investigate: o Cases are created for deeper review. o User activities are displayed in an interactive chart. o Content explorer captures data files and emails associated with alerts. o Case notes consolidate reviewer observations. 5. Action: o Reviewers can resolve cases or collaborate with other stakeholders. o Simple notifications or escalations to eDiscovery for serious cases. Integration with Microsoft Copilot for Security Microsoft Purview Insider Risk Management integrates with Microsoft Copilot for Security through standalone and embedded experiences. Standalone Experience Use built-in prompts or enter custom prompts to leverage Microsoft Purview capabilities. Embedded Experience Supports alert summarization. Navigate to the alerts queue, select the alert, and generate a summary using Copilot. By leveraging these tools and workflows, organizations can effectively manage internal risks, ensuring data protection and compliance. If you have more questions or need further details, feel free to ask! Adaptive protection in Microsoft Purview uses machine learning (ML) to identify the most critical risks and proactively and dynamically apply protection controls from: Data Loss Prevention Microsoft Purview Data Lifecycle Management (preview) Microsoft Entra Conditional Access (preview) Integration with data loss prevention, data lifecycle management, and Conditional Access can help organizations automate their response to insider risks and reduce the time required to identify and remediate potential threats. By using the capabilities of all four solutions, organizations can create a more comprehensive security framework that addresses both internal and external threats. Adaptive protection helps mitigate potential risks by using: Context-aware detection. Helps identify the most critical risks with ML-driven analysis of both content and user activities. Dynamic controls. Helps enforce effective controls on high-risk users while others maintain productivity. Automated mitigation. Helps to minimize the impact of potential data security incidents and reduce admin overhead. Adaptive protection dynamically assigns appropriate data loss prevention, data lifecycle management, and Conditional Access policies to users based on the insider risk levels (elevated, moderate, or minor) defined and analyzed by the machine learning models in Insider Risk Management. Policies become adaptive based on user context, ensuring that the most effective policy, such as blocking data sharing through data loss prevention or blocking application access through Conditional Access, is applied only to high-risk users while low-risk users maintain productivity. Adaptive protection in Data Loss Prevention Adaptive Protection in Microsoft Purview integrates Microsoft Purview Insider Risk Management with Microsoft Purview Data Loss Prevention (DLP). When Insider Risk Management identifies a user who is engaging in risky behavior, they're dynamically assigned an insider risk level. Then adaptive protection can automatically create a DLP policy to help protect the organization against the risky behavior that's associated with that insider risk level. As users insider risk levels change in insider risk management, the DLP policies applied to users can adjust. Adaptive Protection in Microsoft Purview Adaptive protection in Microsoft Purview leverages machine learning (ML) to identify critical risks and proactively apply protection controls from various solutions like Data Loss Prevention (DLP), Microsoft Purview Data Lifecycle Management, and Microsoft Entra Conditional Access. Here's how it works: Key Features 1. Context-Aware Detection: o Uses ML-driven analysis to identify critical risks based on content and user activities. 2. Dynamic Controls: o Enforces controls on high-risk users while maintaining productivity for others. 3. Automated Mitigation: o Minimizes the impact of potential data security incidents and reduces administrative overhead. Integration with Various Solutions Data Loss Prevention (DLP): o Automatically creates and adjusts DLP policies based on insider risk levels identified by Insider Risk Management. Data Lifecycle Management (Preview): o Integrates with adaptive protection to automate the response to insider risks. Conditional Access (Preview): o Applies adaptive Conditional Access policies to high-risk users, ensuring secure access. How It Works Adaptive protection dynamically assigns appropriate policies to users based on their insider risk levels (elevated, moderate, or minor). This ensures that the most effective policy is applied, such as: Blocking Data Sharing: Through DLP for high-risk users. Blocking Application Access: Through Conditional Access for high-risk users. This adaptive approach helps organizations automate their response to insider risks, creating a comprehensive security framework that addresses both internal and external threats. If you have any more questions or need further details, feel free to ask! Historically, data governance has been a defense mechanism, a way to make sure your data is secure and compliant. But good data governance also makes your data more visible to your users and provides many opportunities to reunite your business with the data that fuels it. Microsoft Purview data governance solutions leverage AI and modern technologies to ensure data quality, security, and compliance while also accelerating value creation. Before going into the descriptions of these solutions, it's important to understand some key principles and concepts associated with data governance. Data governance concepts Federated governance provides a centralized place to develop data safety, quality, and standards, but provides tools to create self-service access control, discoverability, and maintenance. Federated data governance spreads ownership across your business, reducing bottlenecks and encouraging participation in the life cycle of managing, governing, consuming, and applying data. Data access is about quickly providing the right access and enforcing the right use to balance safety and innovation. Data curation is about organizing, annotating, and publishing your data so that it's safely accessible, reuseable, and protected. Data discovery is about ensuring users can find the data they need for day-to-day business and innovation. Data health is about ensuring data quality standards are maintained across your estate, and having an active data lifecycle keeping your data fresh and secure. Data understanding is about ensure data has quality descriptors that help users understand what the data is and how it should be used. Data roles and responsibilities Data consumers quickly find and use relevant, trusted datasets through streamlined access request workflow. Data owners register data assets for use, manage classifications and access, and ensure high quality standards. Data stewards ensure data quality, seamless data discovery, glossary consistency, and lineage. Central data office establish and ensure governance policies, active metadata, compliance, and insights into overall governance health. Benefits of data governance Good data governance helps reveal your data's business value and simplifies data management as your data estate grows. It provides important benefits to the different data roles: For organization-wide data consumers: Data discovery - helps you easily find the data you need. Secure access - facilitates safe access to your data. Data understanding - providing what you need to know about the data. For data owners and stewards: Data curation and management - helps you deliver high quality data that's easy to understand and safely access for organization-wide applications. Responsible data use - helps you ensure that your data is used by intended users for intended purposes. Impact analysis - understand actions on the data that may impact your data. For data officers and CxO stakeholders: Data value creation - maximize value creation from your data while reducing operations spend. Data estate standardization - create common controls across your data estate with federated accountability so your data is healthy and safe. Microsoft Purview data governance delivers on these benefits through the rich set of features in Microsoft Purview Data Catalog. Microsoft Purview Data Governance Microsoft Purview leverages AI and modern technologies to ensure data quality, security, and compliance, while accelerating value creation. Here are some key concepts and principles associated with data governance: Data Governance Concepts Federated Governance: Centralized development of data safety, quality, and standards, with tools for self-service access control, discoverability, and maintenance. Data Access: Quickly provides the right access and enforces the correct usage to balance safety and innovation. Data Curation: Organizes, annotates, and publishes data for safe accessibility and reuse. Data Discovery: Ensures users can find the necessary data for daily business and innovation. Data Health: Maintains data quality standards across the estate, keeping data fresh and secure. Data Understanding: Provides quality descriptors to help users understand and use the data appropriately. Data Roles and Responsibilities Data Consumers: Quickly find and use relevant datasets with streamlined access workflows. Data Owners: Register data assets, manage classifications and access, and ensure high-quality standards. Data Stewards: Ensure data quality, seamless discovery, glossary consistency, and lineage. Central Data Office: Establish and enforce governance policies, active metadata, compliance, and insights into overall governance health. Benefits of Data Governance For Data Consumers: Data Discovery: Easily find the needed data. Secure Access: Safe access to data. Data Understanding: Know what the data is and how to use it. For Data Owners and Stewards: Data Curation and Management: Deliver high-quality data that's easy to understand and access. Responsible Data Use: Ensure data is used by intended users for intended purposes. Impact Analysis: Understand actions on the data that may impact it. For Data Officers and CxO Stakeholders: Data Value Creation: Maximize value from data while reducing operational costs. Data Estate Standardization: Create common controls with federated accountability to keep data healthy and safe. Microsoft Purview Data Catalog Microsoft Purview Data Catalog delivers these benefits through a rich set of features, supporting comprehensive data governance across your organization. If you have more questions or need further details, feel free to ask! The goal of Microsoft Purview Data Catalog is to provide a platform for data governance and to drive business value creation in your organization. It does this through a rich set of features that align to data governance principles. The sections that follow describe some of the key features of the Microsoft Purview Data Catalog. Governance domains Governance domains: Governance domains are a new way of organizing your data estate through business concepts, like Marketing or Finance, providing context for your data assets. A governance domain is a boundary that enables the common governance, ownership, and discovery of data products and business concepts like glossary terms, OKRs, or critical data. You can establish many kinds of boundaries such as: Fundamental business areas - human resources, sales, finance, supply chain, etc. Overarching subject areas - product, parties, etc. Boundaries based on organizational functions - customer experience, cloud supply chain, business intelligence, etc. Business domains are connected to several other business concepts that are incorporated as features of the Data Catalog. Data products Related to business domains are data products. A data product is a business construct with a name, description, owners, and most importantly a list of associated data assets. The data product provides context for the assets that are included within it, and provides a use case for data consumers. A governance domain can house many data products but a data product is managed by a single governance domain and can be discovered across many domains. A successful data product makes it easy for data consumers to recognize valuable data using their day-to-day language, and at the same time streamlines ownership responsibilities for those data assets. Consider the example where a data scientist has created a set of data assets to be used by a data model and to be used by others. Although the data scientist can use the data catalog to add a glossary term to all the relevant data assets and can add a description to each asset to make it more relevant in search for similar information, it doesn't guarantee that a data consumer would know what glossary term to use or that the data consumer will find all the data assets. This is where a data product fits nicely. The data scientist creates a data product that lists all the assets used to create their data model. The description provides a full use case, with examples or suggestions on how to use the data. The data scientist is now a data product owner and they've improved their data consumer's search experience by helping them get everything they need in this one data product. Glossary terms Glossary terms provide critical business context to your data assets and also apply policies that determine how your data should be managed, governed, and made discoverable for use. Glossary terms are individual concepts that define the business, processes, and systems used in an organization. They can be applied across a data estate, relating to data assets and data products to provide business context to your users. Terms are created under governance domains to create context that is specific to each part of your organization. For example, both sales and marketing might use the same term to mean different things, and your governance domains help your team to differentiate between those meanings. Once created, terms map to data products, to provide context for those data products, and to provide specific data governance based on business context. Glossary terms provide data governance based on the business context, because they now contain policies. Policies in a business term apply specific business health goals, data governance requirements, and terms of use to any data product that a term is applied to. Critical data elements Not all data elements have the same importance or sensitivity, and dedicating resources to manage the quality of all data indiscriminately can be impractical and costly. Critical data elements (CDEs) are a logical grouping of important pieces of information across your data estate. These groupings can make data easier to understand and promote standardization. Data quality rules and access policies can be attached to these elements to further secure sensitive information across your data estate. For example: A "Customer ID" critical data element can map "CustID" from one table and "CID" from another table into the same logical container. Users can match this value across data assets to make connections, and when data producers create a new asset they can use this element as a blueprint to provide quality information in the correct format. Critical data elements are created within governance domains and can have policies set to manage these important pieces of information. By creating CDEs, organizations can allocate resources strategically, focusing governance effort on areas that have the most significant impact on the business. OKRs OKRs (objectives and key results) in Microsoft Purview are trackable business objectives tied to governance domains and data products to emphasize the value of business data. OKRs link data products directly to real business objectives to cross the gap between the business and the data estate. Data governance isn't just an IT task or engineering best practice, it's a critical part of value generation. Data access policies Data catalog access policies allow you to manage access to your data products and set up a system to provide access to users who request it. Promote innovation and flexibility in your data estate by creating self- service access opportunities, while upholding security and right-use standards. Search and browse Data discovery can be time consuming because you might not know where to find the data that you want. Search enables data consumers need to easily find the data needed for their analytics or governance workloads. Searching is great if you know what you're looking for, but there are times where data consumers wish to explore the data available to them. The Microsoft Purview Data Catalog offers a browse experience that enables users to explore what data is available to them either by collection or through traversing the hierarchy of each data source in the catalog. Health management Health management has features to enhance your data governance strategy and management. Health controls: Data health controls allow your team to analyze and track your journey to complete data governance by monitoring your governance health, and using the provided health controls to track your progress. Data Health Controls are specific measures, processes, and tools implemented to monitor, maintain, and improve the quality, security, and overall health of an organization's data. The benefits of data health controls include: Improved Data Quality: Ensures that data remains accurate, consistent, and reliable for decision-making. Enhanced Security: Protects sensitive data from breaches, unauthorized access, and corruption. Regulatory Compliance: Helps organizations adhere to legal and industry standards for data management. Operational Efficiency: Reduces the time and resources spent on correcting data issues and ensures that data is readily available and usable. Risk Mitigation: Prevents costly errors and data-related risks that can arise from poor data management. In summary, data health controls are essential components of a comprehensive data governance strategy, helping organizations maintain the integrity, security, and usability of their data assets. Health actions: Health management actions give you and your users steps to take to improve data health and governance across your data estate. These actions correspond to the checks made to calculate a data product's data governance health control score. Addressing these actions raises your health score and promotes an overall more useable and discoverable data catalog. Data quality Microsoft Purview Data Quality is a comprehensive solution that empowers governance domain and data owners to assess and oversee the quality of their data ecosystem, facilitating targeted actions for improvement. Data Quality offers users the ability to evaluate data quality using no-code/low-code rules, including out-of-the-box (OOB) rules and AI-generated rules. These rules are aggregated to provide scores at the levels of data assets, data products, and governance domains, ensuring end-to-end visibility of data quality within each domain. Microsoft Purview Data Quality also incorporates AI-powered data profiling capabilities By applying Microsoft Purview Data Quality, organizations can effectively measure, monitor, and enhance the quality of their data assets. Microsoft Purview Data Catalog The Microsoft Purview Data Catalog provides a comprehensive platform for data governance, driving business value creation through its rich set of features aligned with data governance principles. Here are some key features: Governance Domains Governance domains organize your data estate through business concepts, such as Marketing or Finance, providing context for data assets. These domains create boundaries for governance, ownership, and discovery of data products and business concepts like glossary terms, OKRs, or critical data. Data Products Data products are business constructs that provide context for associated data assets. They include a name, description, owners, and a list of assets. Managed by a single governance domain, data products help data consumers easily recognize valuable data and streamline ownership responsibilities. Glossary Terms Glossary terms define the business, processes, and systems used in an organization, providing critical context to data assets. They apply policies that determine how data should be managed and governed and can relate to data products to offer additional business context. Critical Data Elements (CDEs) CDEs group important pieces of information across your data estate, promoting standardization and secure information management. These elements can have data quality rules and access policies attached to them, making data easier to understand and manage. Objectives and Key Results (OKRs) OKRs in Microsoft Purview are trackable business objectives linked to governance domains and data products, emphasizing the value of business data and bridging the gap between the business and the data estate. Data Access Policies These policies allow you to manage access to data products and provide a system for users to request access, promoting self-service access opportunities while upholding security and right-use standards. Search and Browse The Data Catalog offers both search and browse experiences, enabling users to explore available data through collection hierarchies or specific data sources, making data discovery efficient and intuitive. Health Management Health management features enhance data governance strategies: Health Controls: Monitor and track data governance health, ensuring data quality, security, and compliance. Health Actions: Provide steps to improve data health, addressing actions that raise the data governance health control score. Data Quality Microsoft Purview Data Quality empowers governance domain and data owners to assess and oversee the quality of their data ecosystem. It offers no-code/low-code rules and AI-powered data profiling capabilities to evaluate data quality, providing scores at the levels of data assets, data products, and governance domains. By implementing these features, organizations can effectively manage their data, ensuring high quality, secure access, and compliance, ultimately driving business value. If you have any questions or need further details, feel free to ask! Cloud Solution Provider The Cloud Solution Provider (CSP) model is a Microsoft partner program that provides the expertise and services you need through an expert CSP partner. Your Microsoft 365 subscription is provided through a CSP partner who can manage your entire subscription, provide billing and technical support. The CSP partner will have admin privileges that will allow them to access your tenant. They'll have the ability to directly support, configure and manage licenses and settings. The CSP partner can provide extra consultancy and advice to ensure security and productivity targets are met. Furthermore, other Microsoft cloud-based products and services can be added to your subscription such as Microsoft Entra services and Dynamics 365. The Cloud Solution Provider (CSP) program provides a pay-as-you-go subscription model with per- user, per-month pricing that enables your business to scale up or down from month to month as your needs change. You can find a suitable CSP at I'm looking for a solution provider. Enterprise Agreement The Microsoft Enterprise Agreement (EA) is designed for organizations that want to license software and cloud services for a minimum three- year period. The Enterprise Agreement offers the best value to organizations with 500 or more users or devices. One of the benefits of the Enterprise Agreement is that it's manageable, giving you the flexibility to buy cloud services and software licenses under a single organization-wide agreement. Additionally, through Software Assurance, your organization can receive 24x7 technical support, planning services, end-user and technical training. Learn more about the benefits of the Microsoft Enterprise Agreement at Enterprise Agreement | Microsoft Volume Licensing. Direct Billing Buy and pay for your Microsoft 365 subscription with a credit or debit card, or a bank account. The payment method you use to pay will continue to be charged until the subscription expires or is canceled. Payment methods can be managed through the Microsoft 365 admin center. Trial Sign up for a free trial subscription for Microsoft 365 Business Standard, Microsoft 365 Business Premium, or Microsoft 365 Apps for business and try it out for 30 days. Learn more information on trying a free trial subscription at Try or buy a Microsoft 365 for business subscription. Subscription Models for Microsoft 365 Understanding your options for Microsoft 365 subscriptions can help you choose the best fit for your organization. Here are the key models available: Cloud Solution Provider (CSP) Partner Program: Provides expertise and services through an expert CSP partner. Management: CSP partners manage your entire subscription, offer billing and technical support, and have admin privileges. Additional Services: Can add other Microsoft cloud-based products like Microsoft Entra services and Dynamics 365. Subscription Model: Pay-as-you-go with per-user, per-month pricing, allowing scaling up or down as needed. Finding a CSP: Find a solution provider. Enterprise Agreement (EA) Designed For: Organizations licensing software and cloud services for a minimum three-year period. Best Value: Ideal for organizations with 500 or more users or devices. Flexibility: Manageable under a single organization-wide agreement, combining cloud services and software licenses. Software Assurance: Includes 24x7 technical support, planning services, and training. More Information: Enterprise Agreement. Direct Billing Payment Methods: Use credit/debit cards or bank accounts for direct billing. Management: Manage payment methods through the Microsoft 365 admin center. Trial Free Trial: Try Microsoft 365 Business Standard, Business Premium, or Apps for business for 30 days. More Information: Try or buy a Microsoft 365 subscription. Each model offers different benefits and flexibility, allowing you to choose based on your organization's specific needs and preferences. If you have any questions or need further details, feel free to ask! Billing account options A billing account is created when you sign up to try or buy Microsoft products. You use your billing account to manage your account settings, invoices, payment methods, and purchases. The Microsoft 365 admin center currently supports the following type of billing accounts: Microsoft Online Services Program: This billing account is created when you sign up for a Microsoft 365 subscription directly. Microsoft Products & Services Agreement (MPSA) Program: This billing account is created when your organization signs an MPSA Volume Licensing agreement to purchase software and online services. Microsoft Customer Agreement: This billing account is created when your organization works with a Microsoft representative, an authorized partner, or purchases independently. Consumption and fixed cost models Consumption-based price: You're charged for only what you use. This model is also known as Pay-As-You-Go. Fixed-price: You provision resources and are charged for those instances whether or not they're used. Bill management Microsoft 365 billing is managed from the Microsoft 365 admin center. The admin center allows you to manage subscriptions, view billing statements, update payment methods, change your billing frequency, and more. The following list describes in further deta

Microsoft 360 Study PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue