Microsoft Purview — data protection and regulatory compliance
Quick navigation
Microsoft Purview Licenses
Microsoft Purview is an integrated platform for data governance, information protection and regulatory compliance. It enables you to classify, protect and oversee data — regardless of where it resides: in Microsoft 365, Azure, on-premises environments or third-party services. Implementing Purview reduces the risk of data leakage, helps meet GDPR, NIS2, ISO 27001 and other regulatory requirements, and provides full visibility into user activities and data flows.
Unified data and compliance platform
- Single pane of glass — the Microsoft Purview portal brings together Information Protection, DLP, Compliance and Data Governance in one place.
- Native M365 integration — sensitivity labels work in Teams, SharePoint, OneDrive, Exchange and Office applications.
- Extensibility — Purview Data Map covers Azure, AWS, Salesforce and on-premises data sources (SQL, SAP, file shares).
- AI and automation — Copilot for Security accelerates DLP alert triage and insider risk analysis.
Microsoft Purview Information Protection
A data classification and protection mechanism based on sensitivity labels. It allows documents and emails to be labelled automatically or manually, applying encryption, restricting access and adding watermarks — without disrupting users' day-to-day workflows.
Key capabilities
- Sensitivity labels with encryption and access restrictions (Rights Management).
- Automatic classification based on sensitive information types (SIT) and trained ML classifiers.
- Integration with Office applications, Teams, SharePoint, OneDrive and Exchange.
- Scanning and labelling files in Azure, AWS S3 and on-premises repositories.
- Unified labeling — a single label works across the entire Microsoft ecosystem and partners.
Data Loss Prevention (DLP)
Microsoft Purview DLP protects sensitive data from unauthorised sharing — in email, Teams, SharePoint, OneDrive, endpoints and in the cloud. DLP rules detect social security numbers, credit cards, medical data and hundreds of other sensitive information types, then automatically block, encrypt or report violations.
DLP scope and capabilities
- Exchange Online / Teams — blocking transmission of sensitive data in messages.
- SharePoint and OneDrive — alerts and access restrictions for files containing protected data.
- Endpoint DLP — control over copying to USB, printing, browser uploads on Intune-managed devices.
- Cloud App Security (MDCA) — extending DLP to SaaS applications outside M365.
- Over 300 built-in sensitive information types (SIT) + ability to define custom ones.
How we implement DLP
- Audit and mapping of sensitive data flows within the organisation.
- DLP policy design tailored to business processes (test mode → production).
- Alert and report configuration for the compliance team.
- DLP integration with sensitivity labels and Insider Risk Management.
- Administrator and helpdesk training on handling DLP incidents.
Microsoft Purview Compliance Manager
Compliance Manager is a tool for assessing an organisation's regulatory readiness. It automatically maps the Microsoft 365 environment configuration to requirements such as GDPR, NIS2, ISO 27001, SOC 2, HIPAA or PCI‑DSS and displays a compliance score along with a list of recommended remediation actions.
What Compliance Manager delivers
- Automated assessment of the M365 environment against over 350 regulations and standards.
- Compliance Score — a numeric readiness indicator updated in real time.
- List of improvement actions with assigned owners and deadlines.
- Documentation and evidence for auditors — on-demand report export.
- Tracking the progress of security and compliance control implementations in one place.
Supported regulations (examples)
- GDPR — General Data Protection Regulation.
- NIS2 — Directive on security of network and information systems.
- ISO 27001 / 27701 — Information security management systems.
- SOC 2 Type II — Reporting on security controls.
- Polish Cybersecurity Act (KRI, KSC).
eDiscovery & Audit
Microsoft Purview eDiscovery enables searching, preserving and exporting content from across the Microsoft 365 ecosystem (email, Teams, SharePoint, OneDrive) for litigation, internal investigations and regulatory audits. Purview Audit provides advanced event logs with long retention periods, supporting forensic analysis.
eDiscovery — capabilities
- Legal Hold — preserving content from modification or deletion for the duration of proceedings.
- Full-text search across the entire M365 environment — email, Teams, SharePoint, OneDrive.
- Content analysis using ML (predictive coding, deduplication, thread analysis).
- Export of materials in PST, EML or native format for external systems.
- eDiscovery Premium — advanced investigations with tagging and legal team collaboration.
Audit — advanced logs
- Unified Audit Log — central event log from M365 (over 200 event types).
- Audit Standard — log retention up to 90 days (M365 E3 and above).
- Audit Premium — retention up to 10 years, advanced search, key events (e.g., mail access, sign-in).
- Log export to Microsoft Sentinel, third-party SIEM and SOAR.
Insider Risk Management
Microsoft Purview Insider Risk Management detects potentially harmful activities by users inside the organisation — such as mass file downloads before leaving the company, deliberate data leaks, DLP policy bypasses or unauthorised system access. The solution uses ML and signals from Microsoft 365, HR systems and Defender, while preserving user privacy (pseudonymisation).
Detected risk scenarios
- Data theft by departing users.
- Data leaks — sending files to external storage or personal email.
- Security policy violations — unauthorised software, DLP bypasses.
- Sabotage — mass file deletion or configuration changes.
- Correlation with HR signals (e.g., notice of resignation) for early warning.
Privacy and governance
- Pseudonymisation — user identity visible only to authorised personnel after approval.
- Separation of duties — different people define policies, review alerts and manage cases.
- Full audit trail of administrator and analyst actions — available to compliance.
- Integration with Communication Compliance for communication monitoring.
Data Lifecycle Management and Records Management
Microsoft Purview Data Lifecycle Management allows you to define retention and deletion policies for data across the entire Microsoft 365 environment — automatically retaining what is legally required and deleting what is no longer needed. Records Managementgoes a step further, enabling management of legally significant documents in accordance with archival standards.
Data Lifecycle Management
- Retention policies for Exchange, SharePoint, OneDrive, Teams and Yammer.
- Automatic data deletion after a defined retention period.
- Retention labels — precise control for individual document types.
- Adaptive scopes — dynamic application of policies to users and locations without manual exclusions.
Records Management
- Record declaration — blocking modification and deletion of legally significant documents.
- Disposition review — required approval before final deletion of a record.
- File plan — visual management of the file schedule and classification.
- Compliance with standards: ISO 15489, MoReq, DoD 5015.2.
Purview licensing plans — overview
Microsoft Purview features are available across various M365 and Microsoft 365 E3/E5 plans. Below is a simplified comparison of the most important capabilities by licence tier.
| Feature | M365 E3 / Business Premium | M365 E5 / E5 Compliance |
|---|---|---|
| Sensitivity labels (MIP) | ✔︎ (basic) | ✔︎ (advanced + auto) |
| DLP (Exchange, SharePoint, Teams) | ✔︎ | ✔︎ + Endpoint DLP |
| Compliance Manager | ✔︎ | ✔︎ (premium assessments) |
| eDiscovery Standard | ✔︎ | ✔︎ |
| eDiscovery Premium | — | ✔︎ |
| Audit Standard (90 days) | ✔︎ | ✔︎ |
| Audit Premium (up to 10 years) | — | ✔︎ |
| Insider Risk Management | — | ✔︎ |
| Communication Compliance | — | ✔︎ |
| Data Lifecycle / Records Management | ✔︎ (basic) | ✔︎ (advanced) |