Protect your sensitive data with Microsoft Purview

Licensing for Microsoft 365 Security & Compliance

Implement capabilities from Microsoft Purview Information Protection (formerly Microsoft Information Protection) to help you discover, classify, and protect sensitive information wherever it lives or travels.

These information protection capabilities give you the tools to know your data, protect your data, and prevent data loss.

Image of how Microsoft Purview Information Protection helps you discover, classify, and protect sensitive data.

Use the following sections to learn more about the available capabilities and how to get started with each one. However, if you're looking for a guided deployment, see Deploy an information protection solution with Microsoft Purview.

For information about governing your data for compliance or regulatory requirements, see Govern your data with Microsoft Purview.

Tip

If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.

Know your data

To understand your data landscape and identify sensitive data across your hybrid environment, use the following capabilities:

Capability What problems does it solve? Get started
Sensitive information types Identifies sensitive data by using built-in or custom regular expressions or a function. Corroborative evidence includes keywords, confidence levels, and proximity. Customize a built-in sensitive information type
Trainable classifiers Identifies sensitive data by using examples of the data you're interested in rather than identifying elements in the item (pattern matching). You can use built-in classifiers or train a classifier with your own content. Get started with trainable classifiers
Data classification A graphical identification of items in your organization that have a sensitivity label, a retention label, or have been classified. You can also use this information to gain insights into the actions that your users are taking on these items. Get started with content explorer

Get started with activity explorer

Protect your data

To apply flexible protection actions that include encryption, access restrictions, and visual markings, use the following capabilities:

Capability What problems does it solve? Get started
Sensitivity labels A single labeling solution across apps, services, and devices to protect your data as it travels inside and outside your organization.

Example scenarios:
- Manage sensitivity labels for Office apps
- Encrypt documents and emails
- Protect calendar items, Teams meetings, and chat

For a comprehensive list of supported scenarios for sensitivity labels, see the Get started documentation.
Get started with sensitivity labels
Microsoft Purview Information Protection client For Windows computers, extends labeling to File Explorer and PowerShell Extend sensitivity labeling on Windows
Double Key Encryption Under all circumstances, only your organization can ever decrypt protected content or for regulatory requirements, you must hold encryption keys within a geographical boundary. Deploy Double Key Encryption
Message Encryption Encrypts email messages and attached documents that are sent to any user on any device, so only authorized recipients can read emailed information.

Example scenario: Revoke email encrypted by Advanced Message Encryption
Set up Message Encryption
Service encryption with Customer Key Protects against viewing of data by unauthorized systems or personnel, and complements BitLocker disk encryption in Microsoft datacenters. Set up Customer Key
SharePoint Information Rights Management (IRM) Protects SharePoint lists and libraries so that when a user checks out a document, the downloaded file is protected so that only authorized people can view and use the file according to policies that you specify. Set up Information Rights Management (IRM) in SharePoint admin center
Rights Management connector Protection-only for existing on-premises deployments that use Exchange or SharePoint Server, or file servers that run Windows Server and File Classification Infrastructure (FCI). Steps to deploy the RMS connector
Information protection scanner Discovers, labels, and protects sensitive information that resides in data stores that are on premises. Configuring and installing the information protection scanner
Microsoft Defender for Cloud Apps Discovers, labels, and protects sensitive information that resides in data stores that are in the cloud. Discover, classify, label, and protect regulated and sensitive data stored in the cloud
Microsoft Purview Data Map Identifies sensitive data and applies automatic labeling to content in Microsoft Purview Data Map assets. These include files in storage such as Azure Data Lake and Azure Files, and schematized data such as columns in Azure SQL DB and Azure Cosmos DB. Labeling in Microsoft Purview Data Map
Microsoft Information Protection SDK Extends sensitivity labels to third-party apps and services.

Example scenario: Set and get a sensitivity label (C++)
Microsoft Information Protection (MIP) SDK setup and configuration

Prevent data loss

To help prevent accidental oversharing of sensitive information, use the following capabilities:

Capability What problems does it solve? Get started
Microsoft Purview Data Loss Prevention Helps prevent unintentional sharing of sensitive items. Learn about data loss prevention
Endpoint data loss prevention Extends DLP capabilities to items that are used and shared on Windows 10 computers. Get started with Endpoint data loss prevention
Microsoft Purview extension for Chrome Extends DLP capabilities to the Chrome browser Get started with the Microsoft Purview extension for Chrome
Microsoft Purview data loss prevention on-premises repositories Extends DLP monitoring of file activities and protective actions for those files to on-premises file shares and SharePoint folders and document libraries. Get started with Microsoft Purview data loss prevention on-premises repositories
Protect sensitive information in Microsoft Teams chat and channel messages Extends some DLP functionality to Teams chat and channel messages Learn about the default data loss prevention policy in Microsoft Teams

Licensing requirements

License requirements to protect your sensitive data depend on the scenarios and features you use. Rather than set licensing requirements for each capability listed on this page, for more information, see the Microsoft 365 guidance for security & compliance and the related PDF download for feature-level licensing requirements.