Microsoft Purview: The Big Picture

What is Microsoft Purview?

The Purview family at a glance

The six Purview capabilities tested on AB-900

Feature	What It Does	Key Question It Answers
Information Protection	Classifies and labels data based on sensitivity	What kind of data do we have?
Data Loss Prevention (DLP)	Prevents sensitive data from leaving the organisation	Is someone trying to share something they shouldn't?
Insider Risk Management	Detects risky user behaviour patterns	Is an employee acting suspiciously?
Communication Compliance	Monitors messages for policy violations	Is anyone saying something that violates our policies?
DSPM for AI	Discovers and governs AI-related data activity	How is data being used with AI tools?
Data Lifecycle Management	Manages retention and deletion of data	How long do we keep things, and when do we delete them?

Key exam concept: Each Purview tool solves a DIFFERENT problem. The exam tests whether you can pick the right tool for a given scenario. If data needs labelling → Information Protection. If data is being shared inappropriately → DLP. If a user is acting suspiciously → Insider Risk. If a message violates policy → Communication Compliance.

How the Purview tools connect

These tools work as a pipeline — each step feeds the next:

1. Information Protection → labels data as “Confidential”, “Internal”, “Public”
2. DLP → uses those labels to enforce rules (“don’t email Confidential files externally”)
3. Insider Risk → detects when someone tries to bypass those rules repeatedly
4. Communication Compliance → catches policy violations in Teams/Outlook messages
5. DSPM for AI → monitors how labelled data is used with Copilot and other AI tools
6. Data Lifecycle → retains data for compliance periods, then auto-deletes

💡 Scenario: Clearfield Council's data governance journey

Officer Patel implements Purview across Clearfield Council:

Month 1: Know your data

• Enable Information Protection → auto-classify documents containing personal data
• Apply sensitivity labels: “Public”, “Official”, “Sensitive”, “Highly Sensitive”

Month 2: Protect your data

• Set up DLP policies → block external sharing of anything labelled “Sensitive” or above
• Alert Officer Patel when DLP triggers

Month 3: Detect risks

• Enable Insider Risk Management → flag unusual download patterns (e.g., 500 files in one hour)
• Enable Communication Compliance → monitor for discriminatory language in official channels

Month 4: Govern AI

• Deploy Copilot → enable DSPM for AI → monitor which labelled data Copilot accesses
• Set up alerts for Copilot accessing “Highly Sensitive” content

Ongoing: Manage lifecycle

• Retention policies → keep council records for 7 years, then auto-delete
• Retention labels → legal hold on anything related to active investigations

Each layer adds protection. Together, they create a comprehensive data governance framework.

Where to find Purview

Purview tools are accessed through the Microsoft Purview portal (purview.microsoft.com):

Section	What You’ll Find
Information protection	Sensitivity labels, label policies, auto-labelling
Data loss prevention	DLP policies, alerts, activity explorer
Insider risk management	Policies, alerts, cases, analytics
Communication compliance	Policies, alerts, investigations
Data security posture management	AI activity, data security insights
Data lifecycle management	Retention policies, labels, disposition
eDiscovery	Content search, cases, legal holds
Compliance Manager	Compliance score, assessments, improvement actions

🎬 Video walkthrough

Flashcards

Question

What is Microsoft Purview?

Click or press Enter to reveal answer

Answer

A family of data governance, compliance, and security solutions in Microsoft 365. It covers six key areas: Information Protection, DLP, Insider Risk, Communication Compliance, DSPM for AI, and Data Lifecycle Management.

Click to flip back

Question

What's the difference between Information Protection and DLP?

Click or press Enter to reveal answer

Answer

Information Protection CLASSIFIES and LABELS data (identifies what's sensitive). DLP PREVENTS sensitive data from leaving the organisation (blocks inappropriate sharing). Labels are the foundation — DLP uses them to enforce rules.

Click to flip back

Show hint

Question

What's the difference between Insider Risk and Communication Compliance?

Click or press Enter to reveal answer

Answer

Insider Risk detects suspicious USER BEHAVIOUR patterns (unusual file downloads, data exfiltration attempts). Communication Compliance monitors MESSAGE CONTENT for policy violations (discriminatory language, regulatory breaches). One watches actions, the other watches words.

Click to flip back

Show hint

Knowledge Check

Knowledge Check

Northwave discovers that an employee has been downloading hundreds of customer files to a USB drive every night for the past week. Which Purview tool would detect this behaviour?

AData Loss Prevention — it monitors file transfersBCommunication Compliance — it detects suspicious activityCInsider Risk Management — it identifies unusual user behaviour patternsDInformation Protection — it tracks file access based on sensitivity labels

Check Answer

Knowledge Check

Clearfield Council wants to ensure that documents labelled 'Highly Sensitive' cannot be emailed to external recipients. Which Purview tool should they configure?

AInsider Risk Management — set up a policy to block external sharingBData Loss Prevention — create a policy that blocks external email of 'Highly Sensitive' contentCCommunication Compliance — monitor for external sharing violationsDData Lifecycle Management — set retention to prevent external access

Check Answer

---

Next up: Sensitivity Labels & Data Classification — how to identify and label your data so the rest of Purview can protect it.