Microsoft Purview data security solutions

Microsoft 365 licensing guidance for security & compliance, Microsoft Purview Audit service description, Microsoft Purview eDiscovery service description

Microsoft Purview data security solutions help you manage and monitor your data and protect information. This article helps you learn about Microsoft Purview data security solutions and quickly get started with deploying these solutions to meet specific security needs for your organization.

Tip

If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.

Protect sensitive data across clouds, apps, and devices

Your information protection strategy should be driven by your business needs, but every organization has a requirement to protect some or all of its data. Use the capabilities from Microsoft Purview Information Protection (formerly Microsoft Information Protection) to help you discover, classify, protect, and govern sensitive information wherever it lives or travels.

Know your data

Your organization likely has information residing across the Microsoft 365 services, other cloud services, and on-premises. Identifying which items are sensitive and gaining visibility into how they're being used is central to your information protection practice. Microsoft Purview includes:

  • Sensitive information types to identify sensitive items by using built-in or custom regular expressions, or a function.
  • Trainable classifiers to identify sensitive items by using examples of the data you're interested in rather than identifying elements in the item.
  • Data classification provides a graphical identification of items in your organization that have a sensitivity label, a retention label, or have been classified and the actions your users are taking on them

Protect your data

There are many capabilities that you can use from the Microsoft Purview Information Protection solution to help protect your data, wherever it's stored and however it's accessed. However, sensitivity labels are the foundational capability that both provide protection actions and interact with other Purview solutions and capabilities.

Sensitivity labels provide users and admins with visibility into the sensitivity of the data that they're using, and the labels themselves can apply protection actions that include encryption, access restrictions, and visual markings. For more information about the range of labeling scenarios supported, see the Common scenarios for sensitivity labels section from the getting started documentation. For more information about sensitivity labels, see Learn about sensitivity labels.

Encrypt your data and control your encryption keys

Encryption is an important part of your information protection strategy. The encryption process encodes your data (referred to as plaintext) into ciphertext. Unlike plaintext, ciphertext can't be used by people or computers unless and until the ciphertext is decrypted. Decryption requires an encryption key that only authorized users have. Encryption helps ensure that only authorized recipients can decrypt your content.

Microsoft Purview Double Key Encryption helps secure your most sensitive data that is subject to the strictest protection requirements. Microsoft Purview Customer Key helps you meet regulatory or compliance obligations for controlling root keys. You explicitly authorize Microsoft 365 services to use your encryption keys to provide value added cloud services, such as eDiscovery, anti-malware, anti-spam, search indexing, and so on.

Prevent data loss

Unintentional sharing of sensitive items can cause financial harm to your organization and may result in a violation of laws and regulations. Microsoft Purview Data Loss Prevention can help protect your organization against unintentional or accidental sharing of sensitive information both inside and outside of your organization. In a data loss prevention policy, you:

  • Define the sensitive information you want to monitor for, like financial, health, medical, and privacy data.
  • Where to monitor, like Microsoft 365 services or Windows and macOS devices.
  • The conditions that must be matched for a policy to be applied to an item, like items containing credit card, driver's license, or social security numbers.
  • The actions to take when a match is found, like audit, block the activity, and block the activity with override.

Detect and act on risk activities with insider risk management

Microsoft Purview Insider Risk Management uses the full breadth of service and 3rd-party indicators to help you quickly identify, triage, and act on risky user activity in your organization. By using logs from Microsoft 365 and Microsoft Graph, insider risk management allows you to define specific policies to identify risk indicators. After identifying risky activities, you can take action to mitigate these risks.

Restrict communication and collaboration between users with information barriers

Microsoft Purview Information Barriers (IB) is a compliance solution that allows you to restrict two-way communication and collaboration between groups and users in Microsoft Teams, SharePoint, and OneDrive. Often used in highly regulated industries, IB can help to avoid conflicts of interest and safeguard internal information between users and organizational areas.

Limit access to sensitive data with privileged access management

Having standing access by some users to sensitive information or critical network configuration settings in Microsoft Exchange is a potential pathway for compromised accounts or internal threat activities. Microsoft Purview Privileged Access Management helps protect your organization from breaches and helps to meet compliance best practices by limiting standing access to sensitive data or access to critical configuration settings. Instead of administrators having constant access, just-in-time access rules are implemented for tasks that need elevated permissions.