Over the past few years, there has been an increase in Microsoft 365 adoption, primarily due to more remote workers. It is becoming more common for many of us to split our time between offices and our homes, which is perfect for us but could be better from a Security and Compliance perspective.
As an IT/Security administrator, managing office and remote workers means a constant battle between usability and protection. It also means that risk and compliance management become even more complex due to corporate information constantly moving around between locations. Microsoft, however, has deployed better capabilities for managing this exact situation. As part of the overall Security and Compliance capabilities, they now offer Microsoft Purview.
What is Microsoft Purview?
Microsoft Purview brings together Microsoft Data and AI and combines them with Microsoft Security. It offers a suite of tools separated into two portals. The first is “Microsoft Purview Risk and Compliance,” and the second is “Microsoft Purview Governance.”
The risk and compliance solutions are collections of capabilities to help manage end-to-end compliance scenarios. On the other hand, the governance solution helps to identify on-premises data. It then allows the mapping of the data using automated data discovery. Lastly, it provides sensitive data classification and end-to-end data lineage.
What Is Microsoft Purview Risk and Compliance?
Microsoft Purview Risk and Compliance solutions support Microsoft 365 services such as Microsoft Teams, SharePoint, OneDrive, Exchange, and others. These solutions assist you in safeguarding sensitive data across clouds, apps, and devices. They also help identify data risks and manage regulatory compliance requirements, allowing users to effectively meet industry standards and regulations. Microsoft Purview’s compliance and risk solutions enable users to get started with regulatory compliance and protect their organization’s data.
What Is Microsoft Purview Governance?
Microsoft Purview Governance solutions allow administrators to manage data services across on-premises, multi-cloud, and SaaS estate, including Azure storage services, Power BI, databases like SQL or Hive, and file services like Amazon S3.
Administrators can access these governance solutions through the Microsoft Purview governance portal, which provides various tools to support organizations in managing their data effectively. These tools include creating an up-to-date map of the entire data estate, including data classification and end-to-end lineage, identifying where sensitive data is stored, creating a secure environment for data consumers to find valuable data, and generating insights about how data is stored and used. Using Microsoft Purview’s governance solutions, you can effectively manage and govern the data estate, providing users with the necessary tools to make informed decisions about their data.
What Are the Key Features of Microsoft Purview Risk and Compliance?
Microsoft Purview Risk and Compliance solution offer many capabilities which you can group into these categories:
- Insider Risks
- Information Protection
- Data Lifecycle and Records
- Auditing and Alerts
- Compliance Risks
Within each category are multiple features and tools. It is important to note that core building blocks span many of the Microsoft Purview Risk and Compliance services. One such feature is Sensitivity labeling, which is available in many of the tools.
The insider threat mitigation features utilize four capabilities:
Microsoft Purview Communication Compliance helps reduce risks by detecting, capturing, and providing remediation actions for email and Microsoft Teams communications. These include potentially inappropriate communications containing:
- Sharing of sensitive information within chats
Microsoft Purview Insider Risk Management uses indicators to help you quickly identify, triage, and remediate risky activity. Using logs from Microsoft 365, you can define specific policies to identify risk indicators.
Microsoft Purview Information Barriers (IB) is a solution that operates within Microsoft Teams, SharePoint Online, and OneDrive for Business. It allows a compliance administrator or IB administrator to establish policies that control communication between user groups within Microsoft Teams.
Microsoft Purview Privileged Access Management helps protect your organization from breaches and helps to meet compliance best practices by limiting standing access to sensitive data or access to critical configuration settings. Instead of administrators having constant access, you implement just-in-time access rules for tasks that need elevated permissions.
With Microsoft Purview Information Protection, you can effectively identify, classify, and safeguard sensitive information regardless of its location. Information protection focuses on four key areas:
- Knowing your data
- Protecting your data
- Preventing data loss
- Governing your data
To achieve this, Microsoft Purview Information Protection uses a combination of Sensitive information types, Trainable classifiers, Data classification, Sensitivity labels, Encryption, and Data loss prevention policies.
The initial step in implementing Information Protection is identifying and classifying sensitive items within the organization. Microsoft Purview offers three methods of identifying items to classify them. These methods include manual user classification, automated pattern recognition such as sensitive information types, and machine learning. Sensitive information types (SIT) utilize pattern-based classifiers to identify sensitive information such as social security, credit card, or bank account numbers, enabling the identification of sensitive items.
Trainable classifiers within Microsoft Purview support Office auto-labeling with sensitivity labels, auto-apply retention label policy based on a condition, communication compliance, and data loss prevention.
Classifiers can apply retention label policies based on conditions, allowing users to manage data retention effectively.
Microsoft Purview Information Protection’s sensitivity labels enable users to classify and protect their data while ensuring that productivity and collaboration capabilities remain unaffected.
Data loss prevention detects sensitive items using deep content analysis. The content analysis looks for keywords and uses regular expressions, internal functions, and secondary data matches. Beyond that, Data loss prevention also utilizes machine learning algorithms to detect content that matches your DLP policies.
Data Lifecycle and Records
Microsoft Purview Risk and Compliance uses two features, they are:
Microsoft Purview Data Lifecycle Management provides tools and capabilities to retain the content you need to keep and delete the content that you don’t. Retaining and deleting content is often required for compliance and regulatory requirements. Deleting content that is not needed helps you manage your risk and liability.
Records management for Microsoft Purview helps organizations with their legal obligations, provides the ability to meet compliance with regulations, and increases efficiency with the regular disposition of items.
Electronic discovery, or eDiscovery, identifies and delivers electronic information as evidence in legal cases. You can use the eDiscovery tools to identify content in:
- SharePoint Online
- OneDrive for Business
- Microsoft 365 Groups
- Microsoft Teams
- Yammer teams
- Exchange Online
Content search. The Content search tool allows you to search across Microsoft 365 data and export the results locally.
eDiscovery (Standard). eDiscovery (Standard) adds to the search and export capabilities of Content search. It supports:
- eDiscovery cases
- Assigning of eDiscovery managers
- Associating searches and exports with a case
- Creating of eDiscovery holds
eDiscovery (Premium). The eDiscovery (Premium) tool adds to the existing search, export, case management, and preservation capabilities in eDiscovery (Standard). The eDiscovery Premium feature of Microsoft Purview offers a comprehensive workflow for identifying, preserving, collecting, reviewing, analyzing, and exporting content for digital investigations.
Auditing and Alerts
Microsoft 365 provides general audit logging capabilities for all applications and services. Microsoft Purview Risk and Compliance utilizes this for alerting. There are two types of auditing available:
Microsoft Purview Audit (Standard) allows you to log and search for audited activities and power your forensic, IT, compliance, and legal investigations.
Microsoft Purview Audit (Premium) expands on Audit (Standard) features by offering audit log retention policies, extended retention period, critical vital events tracking, and increased Office 365 Management Activity API bandwidth.
Alert Policies let you categorize the alerts by policy. You can then apply the policy users within the organization, set threshold when alert trigger, and determine whether to receive email notifications.
You can manage compliance risks by using the Compliance manager. It helps simplify compliance and reduce risk by providing the following:
- Microsoft Compliance Manager offers pre-built assessments for industry and regional standards and regulations, as well as custom assessments tailored to meet specific compliance needs.
- Workflow capabilities are available to assist with completing risk assessments.
- Suggestions for improvement actions are provided to help ensure compliance with relevant standards and regulations, including implementation details and audit results for activities managed by Microsoft.
- A compliance score is generated by Microsoft Purview to provide insight into the organization’s current compliance posture.
What Are the Key Features of Microsoft Purview Governance?
Microsoft Purview Governance provides a service to manage data across on-premises, multi-cloud, and SaaS environments. It enables users to create a complete data map with automated discovery, classification, and lineage tracking. It allows data and security administrators to manage and secure all data while providing end-users with easy access to valuable and reliable data.
The core features are “Data Map,” “Data Catalog,” “Data Estate Insights,” “Data Sharing,” and “Data Policy.”
Microsoft Purview Data Map is a cloud-based Platform-as-a-Service (PaaS) that retrieves metadata from data stored either on-premises or within the cloud. It automatically updates the retrieved metadata by using built-in automated scanning and classification.
The Microsoft Purview Data Catalog enables users to find important data quickly and easily using filters based on classifications, glossary terms, assigned sensitivity labels, and more. Data curation features are available for data stewards, subject matter experts, and officers to manage business glossaries and automate data asset tagging with glossary terms. Furthermore, data administrators and end-users can track the lineage of data visually.
Data Estate Insights
Data Estate Insights provides a comprehensive overview of both on-premises and cloud data. It also provides governance stakeholders actionable insights into gaps that may need resolving.
With Microsoft Purview Data Sharing, businesses can safely exchange data with partners and clients within or outside the organization. Providers can easily manage and monitor sharing relationships, with the ability to revoke access at any time. Data sharing can be initiated with just a few clicks.
Microsoft Purview Data Policy is a cloud-based tool that manages secure access to data and. It offers a centralized platform for controlling access to data. It also provides an external data-plane permission model, as well as seamlessly integrating with Microsoft Purview Data Map and Catalog. Users can search for data then grant access using policies that support Software-as-a-Service (SaaS) platforms, on-premises, and multi-cloud data sources.
How Does Microsoft Purview Help Keep You Compliant?
Microsoft Purview for Risk and Compliance and Microsoft Purview for Governance provides your organization with comprehensive tools to manage data risks and regulatory compliance. The solution includes the Compliance Manager, that constantly calculates the risk-based score to help you track progress in completing recommended actions.
Completing the recommended actions will reduce risks related to data protection and regulatory standards. With the Microsoft Purview features and components, you can govern, protect, and manage your data in more efficient ways while staying compliant.
For more information about governing M365, I recommend the Rencore whitepaper “Complete Microsoft 365 visibility”. The whitepaper provides best practices for building a governance strategy that helps you keep a compliant and secure M365 tenant at all times.