Microsoft Purview Fundamentals

A beginner-friendly introduction to data governance, compliance, and risk management with Microsoft Purview

beginner74 min37 cards
  • explain the purpose of Microsoft Purview
  • identify major Microsoft Purview solution areas
  • describe common beginner use cases for data governance and compliance

Swipe up to begin ↑

ConceptWhy Microsoft Purview Matters

Why Microsoft Purview Matters

The data problem Purview helps solve

Organizations often have data spread across many places: Microsoft 365, Azure, databases, file shares, SaaS apps, and third-party systems. This creates risk because teams may not know what data exists, where sensitive information lives, who can access it, or whether it is being handled correctly.

Common challenges

  • Data discovery: finding important data across many systems.
  • Sensitive data protection: identifying and protecting items such as financial, health, or personal information.
  • Compliance pressure: meeting legal, regulatory, and internal policy requirements.
  • Data sprawl: duplicated, outdated, or unmanaged data growing across the organization.
  • Access risk: too many people having access to information they do not need.

Microsoft Purview is designed to help organizations understand, protect, govern, and manage data across their digital estate.

ConceptWhy Microsoft Purview Matters

Governance, Protection, and Compliance

Three related but different goals

Microsoft Purview supports several types of work. These areas overlap, but they are not the same.

  • Data governance focuses on knowing what data exists, where it is, what it means, who owns it, and how it should be used.
  • Data protection focuses on preventing inappropriate access, sharing, loss, or misuse of sensitive information.
  • Compliance focuses on meeting laws, regulations, industry standards, and internal policies.

Example: A customer list may be governed by assigning an owner and classification, protected with sensitivity labels and access controls, and included in compliance processes for retention or audit requirements.

CheckWhy Microsoft Purview Matters

Check: Identify the Challenge

A company cannot tell which Teams, SharePoint sites, and databases contain customer personal information. Which challenge is this primarily?

Try itWhy Microsoft Purview Matters

Purview Scenario Sorter

Build an interactive sorter with three columns labeled Governance, Protection, and Compliance. Show draggable scenario cards: “Find all places where employee IDs are stored,” “Apply a Confidential label to sensitive documents,” “Keep financial records for seven years,” “Assign a business owner to a data asset,” “Detect risky sharing of customer data,” and “Prepare evidence for an audit.” When the learner drops a card, show immediate feedback. Correct mapping: Governance = find where employee IDs are stored; assign a business owner to a data asset. Protection = apply a Confidential label; detect risky sharing of customer data. Compliance = keep financial records for seven years; prepare evidence for an audit. Include a score, reset button, and a short explanation after each drop.

```html <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Data Governance Sorter</title> <style> body { font-family: Arial, sans-serif; margin: 20px; background: #f5f5f5; } #score { font-size: 20px; margin-bottom: 20px; } .container { display: flex; gap: 20px; } .column { flex: 1; border: 2px solid #333; padding: 10px; min-height: 400px; background: white; border-radius: 8px; } .column h2 { text-align: center; margin: 0 0 10px 0; } .card { padding: 12px; margin: 8px 0; background: #e3f2fd; border: 1px solid #1976d2; border-radius: 4px; cursor: move; user-select: none; } .feedback { margin-top: 10px; padding: 8px; border-radius: 4px; font-size: 14px; } .correct { background: #e8f5e9; color: #2e7d32; } .incorrect { background: #ffebee; color: #c62828; } #reset { margin-top: 20px; padding: 10px 20px; font-size: 16px; } </style> </head> <body> <div id="score">Score: 0/6</div> <div class="container"> <div id="unplaced" class="column" style="border-color:#666"> <h2>Scenarios</h2> </div> <div id="governance" class="column" ondrop="drop(event,'governance')" ondragover="allowDrop(event)"> <h2>Governance</h2> </div> <div id="protection" class="column" ondrop="drop(event,'protection')" ondragover="allowDrop(event)"> <h2>Protection</h2> </div> <div id="compliance" class="column" ondrop="drop(event,'compliance')" ondragover="allowDrop(event)"> <h2>Compliance</h2> </div> </div> <button id="reset" onclick="resetGame()">Reset</button> <div id="feedback-area"></div> <script> const cards = [ {id:1, text:"Find all places where employee IDs are stored", correct:"governance", exp:"Data discovery and mapping supports governance."}, {id:2, text:"Apply a Confidential label to sensitive documents", correct:"protection", exp:"Labeling enforces data protection controls."}, {id:3, text:"Keep financial records for seven years", correct:"compliance", exp:"Retention schedules fulfill compliance requirements."}, {id:4, text:"Assign a business owner to a data asset", correct:"governance", exp:"Ownership assignment is a core governance practice."}, {id:5, text:"Detect risky sharing of customer data", correct:"protection", exp:"Risk detection protects data from unauthorized exposure."}, {id:6, text:"Prepare evidence for an audit", correct:"compliance", exp:"Audit preparation demonstrates compliance."} ]; let placed = {}; let score = 0; function init() { const unplaced = document.getElementById('unplaced'); unplaced.innerHTML = '<h2>Scenarios</h2>'; placed = {}; score = 0; document.getElementById('score').innerText = 'Score: 0/6'; document.getElementById('feedback-area').innerHTML = ''; cards.forEach(c => { const div = document.createElement('div'); div.id = 'card-' + c.id; div.className = 'card'; div.draggable = true; div.innerText = c.text; div.ondragstart = e => drag(e, c.id); unplaced.appendChild(div); }); } function allowDrop(e) { e.preventDefault(); } function drag(e, id) { e.dataTransfer.setData('text', id); } function drop(e, col) { e.preventDefault(); const id = parseInt(e.dataTransfer.getData('text')); const card = cards.find(c => c.id === id); const fb = document.getElementById('feedback-area'); if (placed[id]) return; const cardEl = document.getElementById('card-' + id); if (card.correct === col) { placed[id] = col; score++; document.getElementById('score').innerText = `Score: ${score}/6`; document.getElementById(col).appendChild(cardEl); cardEl.draggable = false; fb.innerHTML = `<div class="feedback correct">${card.exp}</div>`; } else { fb.innerHTML = `<div class="feedback incorrect">Incorrect. Try again.</div>`; setTimeout(() => { fb.innerHTML = ''; }, 1500); } } function resetGame() { init(); } init(); </script> </body> </html> ```
ConceptWhy Microsoft Purview Matters

Where Purview Fits in Microsoft

Purview spans multiple environments

Microsoft Purview is part of the broader Microsoft security, compliance, and data ecosystem. It helps organizations manage data across Microsoft services and beyond.

  • Microsoft 365: helps manage data in services such as Exchange, SharePoint, OneDrive, Teams, and other productivity tools.
  • Azure: helps discover, classify, and govern data in cloud data services.
  • Other sources: can connect with non-Microsoft databases, storage systems, and data platforms depending on configuration and licensing.

At a beginner level, think of Purview as a set of tools that gives organizations better visibility, control, and accountability over their data.

CheckWhy Microsoft Purview Matters

Check: Who Uses Purview?

Which group of users is most likely to use Microsoft Purview to define retention rules, investigate compliance risks, or prepare for audits?

ConceptWhy Microsoft Purview Matters

Typical Roles Involved

Purview is used by several roles

Different teams care about different parts of the data lifecycle.

  • Compliance officers manage regulatory requirements, retention, audits, and investigations.
  • Security teams focus on reducing data loss, risky sharing, and unauthorized access.
  • Data governance teams define data ownership, cataloging, classification, and quality expectations.
  • IT administrators configure services, permissions, connectors, and policies.
  • Data owners and business users understand the meaning and proper use of business data.

Microsoft Purview matters because it gives these roles a shared way to manage data responsibly.

RecallWhy Microsoft Purview Matters
In Microsoft Purview fundamentals, what is the basic difference between governance, protection, and compliance?
ConceptCore Purview Capabilities

Core Purview capability areas

Core Microsoft Purview capabilities

Microsoft Purview helps organizations understand, protect, and manage data across Microsoft 365, Azure, and other sources. Its core areas work together:

  • Data Map: scans and maps data assets so the organization knows what data exists and where it is.
  • Data Catalog: makes discovered data searchable and understandable with descriptions, classifications, and ownership details.
  • Information Protection: applies sensitivity labels and encryption to help protect confidential data.
  • Data Loss Prevention: helps prevent sensitive data from being shared or used in risky ways.
  • Compliance tools: support records management, audit, eDiscovery, insider risk, and other regulatory or legal needs.
CheckCore Purview Capabilities

Match the need to the capability

A company wants to scan cloud databases and file stores to identify where customer information is located. Which Purview capability is the best fit?

Try itCore Purview Capabilities

Purview capability matcher

Build an interactive drag-and-drop matching activity. Show five Purview capability tiles: Data Map, Data Catalog, Information Protection, Data Loss Prevention, and Compliance tools. Show business-need cards such as: “Find all data sources that contain customer IDs,” “Search for an approved sales dataset and see its owner,” “Label documents as Confidential and encrypt them,” “Block users from emailing credit card numbers outside the company,” and “Collect content for a legal investigation.” The learner drags each need onto a capability. After each drop, show instant feedback, a short explanation, and update a score. Include a final summary that lists each capability, the matched business need, and the reason it fits.

```html <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Purview Matching Activity</title> <script src="https://cdn.tailwindcss.com"></script> <style> .drag-card { transition: all 0.2s; } .drag-card:active { scale: 0.98; } .drop-zone { transition: all 0.2s; } .drop-zone.drag-over { background-color: #dbeafe; border-color: #3b82f6; } .feedback { animation: fadeIn 0.3s; } @keyframes fadeIn { from {opacity:0; transform:translateY(-5px);} to {opacity:1; transform:translateY(0);} } </style> </head> <body class="bg-slate-950 text-slate-200 p-8 font-sans"> <div class="max-w-7xl mx-auto"> <div class="flex justify-between items-center mb-8"> <div> <h1 class="text-4xl font-bold">Microsoft Purview Matching</h1> <p class="text-slate-400 mt-1">Drag each business need to the matching capability</p> </div> <div class="flex items-center gap-4"> <div class="bg-slate-900 px-6 py-3 rounded-2xl border border-slate-800"> <div class="text-xs text-slate-400">SCORE</div> <div id="score" class="text-4xl font-bold text-emerald-400">0/5</div> </div> <button onclick="resetActivity()" class="px-5 py-3 bg-slate-800 hover:bg-slate-700 rounded-2xl text-sm font-medium border border-slate-700">Reset</button> </div> </div> <!-- Capabilities --> <div class="mb-10"> <div class="text-sm font-semibold tracking-widest text-slate-400 mb-3 px-1">CAPABILITIES</div> <div class="grid grid-cols-1 md:grid-cols-5 gap-4"> <div id="cap-DataMap" class="drop-zone bg-slate-900 border border-slate-700 rounded-3xl p-5 cursor-pointer hover:border-blue-600" ondrop="drop(event)" ondragover="allowDrop(event)" ondragleave="dragLeave(event)"> <div class="font-semibold text-lg mb-1">Data Map</div> <div class="text-xs text-slate-400">Discover &amp; classify data assets</div> <div class="mt-4 text-xs text-emerald-400 hidden matched"></div> </div> <div id="cap-DataCatalog" class="drop-zone bg-slate-900 border border-slate-700 rounded-3xl p-5 cursor-pointer hover:border-blue-600" ondrop="drop(event)" ondragover="allowDrop(event)" ondragleave="dragLeave(event)"> <div class="font-semibold text-lg mb-1">Data Catalog</div> <div class="text-xs text-slate-400">Search &amp; govern data assets</div> <div class="mt-4 text-xs text-emerald-400 hidden matched"></div> </div> <div id="cap-InfoProtection" class="drop-zone bg-slate-900 border border-slate-700 rounded-3xl p-5 cursor-pointer hover:border-blue-600" ondrop="drop(event)" ondragover="allowDrop(event)" ondragleave="dragLeave(event)"> <div class="font-semibold text-lg mb-1">Information Protection</div> <div class="text-xs text-slate-400">Label &amp; protect sensitive data</div> <div class="mt-4 text-xs text-emerald-400 hidden matched"></div> </div> <div id="cap-DLP" class="drop-zone bg-slate-900 border border-slate-700 rounded-3xl p-5 cursor-pointer hover:border-blue-600" ondrop="drop(event)" ondragover="allowDrop(event)" ondragleave="dragLeave(event)"> <div class="font-semibold text-lg mb-1">Data Loss Prevention</div> <div class="text-xs text-slate-400">Prevent unauthorized data sharing</div> <div class="mt-4 text-xs text-emerald-400 hidden matched"></div> </div> <div id="cap-Compliance" class="drop-zone bg-slate-900 border border-slate-700 rounded-3xl p-5 cursor-pointer hover:border-blue-600" ondrop="drop(event)" ondragover="allowDrop(event)" ondragleave="dragLeave(event)"> <div class="font-semibold text-lg mb-1">Compliance tools</div> <div class="text-xs text-slate-400">eDiscovery, auditing &amp; retention</div> <div class="mt-4 text-xs text-emerald-400 hidden matched"></div> </div> </div> </div> <!-- Business Needs --> <div> <div class="text-sm font-semibold tracking-widest text-slate-400 mb-3 px-1">BUSINESS NEEDS — Drag to match</div> <div id="needs-container" class="grid grid-cols-1 md:grid-cols-5 gap-4"> <!-- Populated by JS --> </div> </div> <!-- Feedback area --> <div id="feedback-area" class="mt-8 hidden"> <div class="bg-slate-900 border border-slate-700 rounded-3xl p-5 text-sm"> <div id="feedback-text" class="font-medium"></div> </div> </div> <!-- Final Summary --> <div id="summary" class="mt-10 hidden"> <div class="text-sm font-semibold tracking-widest text-slate-400 mb-3 px-1">FINAL SUMMARY</div> <div id="summary-content" class="bg-slate-900 border border-slate-700 rounded-3xl p-6 space-y-4"></div> </div> </div> <script> const correctMatches = { "Find all data sources that contain customer IDs": "Data Map", "Search for an approved sales dataset and see its owner": "Data Catalog", "Label documents as Confidential and encrypt them": "Information Protection", "Block users from emailing credit card numbers outside the company": "Data Loss Prevention", "Collect content for a legal investigation": "Compliance tools" }; const explanations = { "Data Map": "Data Map automatically discovers and classifies data sources across your estate.", "Data Catalog": "Data Catalog lets you search, understand, and govern approved datasets.", "Information Protection": "Information Protection applies sensitivity labels and encryption policies.", "Data Loss Prevention": "DLP policies detect and block sensitive data from leaving the organization.", "Compliance tools": "Compliance tools provide eDiscovery, auditing, and legal hold capabilities." }; let score = 0; let matchedCount = 0; const total = 5; function initActivity() { const container = document.getElementById('needs-container'); container.innerHTML = ''; const needs = Object.keys(correctMatches); needs.forEach((need, index) => { const card = document.createElement('div'); card.id = `need-${index}`; card.className = `drag-card bg-slate-800 border border-slate-700 hover:border-blue-600 rounded-3xl p-5 text-sm cursor-grab active:cursor-grabbing`; card.draggable = true; card.ondragstart = drag; card.innerHTML = ` <div class="font-medium leading-tight">${need}</div> <div class="mt-3 text-[10px] text-emerald-400 hidden matched-pill">✓ Matched</div> `; container.appendChild(card); }); // Reset score score = 0; matchedCount = 0; document.getElementById('score').innerHTML = `0/${total}`; document.getElementById('feedback-area').classList.add('hidden'); document.getElementById('summary').classList.add('hidden'); // Clear any previous matched indicators document.querySelectorAll('.drop-zone .matched').forEach(el => el.classList.add('hidden')); document.querySelectorAll('.drop-zone').forEach(el => el.classList.remove('border-emerald-500')); } function drag(ev) { ev.dataTransfer.setData("text", ev.target.id); } function allowDrop(ev) { ev.preventDefault(); ev.currentTarget.classList.add('drag-over'); } function dragLeave(ev) { ev.currentTarget.classList.remove('drag-over'); } function drop(ev) { ev.preventDefault(); const zone = ev.currentTarget; zone.classList.remove('drag-over'); const cardId = ev.dataTransfer.getData("text"); const card = document.getElementById(cardId); if (!card) return; const needText = card.querySelector('.font-medium').innerText.trim(); const capId = zone.id.replace('cap-', ''); const capName = zone.querySelector('.font-semibold').innerText.trim(); // Check match const isCorrect = correctMatches[needText] === capName; // Show feedback showFeedback(isCorrect, needText, capName); if (isCorrect && !card.classList.contains('matched')) { card.classList.add('matched', 'opacity-60'); card.draggable = false; card.style.cursor = 'default'; // Mark capability as matched const matchedEl = zone.querySelector('.matched'); matchedEl.innerHTML = `✓ ${needText}`; matchedEl.classList.remove('hidden'); zone.classList.add('border-emerald-500'); score++; matchedCount++; document.getElementById('score').innerHTML = `${score}/${total}`; // Check for completion if (matchedCount === total) { setTimeout(showSummary, 800); } } } function showFeedback(isCorrect, need, capability) { const area = document.getElementById('feedback-area'); const text = document.getElementById('feedback-text'); if (isCorrect) { text.innerHTML = `<span class="text-emerald-400 font-semibold">Correct!</span> ${explanations[capability]}`; area.className = 'mt-8 bg-emerald-950 border border-emerald-800 rounded-3xl p-5 text-sm'; } else { text.innerHTML = `<span class="text-amber-400 font-semibold">Not quite.</span> Try a different capability.`; area.className = 'mt-8 bg-amber-950 border border-amber-800 rounded-3xl p-5 text-sm'; } area.classList.remove('hidden'); // Auto-hide feedback after 4 seconds setTimeout(() => { area.classList.add('hidden'); }, 4000); } function showSummary() { const summaryDiv = document.getElementById('summary'); const content = document.getElementById('summary-content'); content.innerHTML = ''; Object.keys(correctMatches).forEach(need => { const cap = correctMatches[need]; const row = document.createElement('div'); row.className = 'flex flex-col md:flex-row gap-4 border-b border-slate-800 pb-4 last:border-b-0 last:pb-0'; row.innerHTML = ` <div class="md:w-1/3"> <div class="font-semibold text-emerald-400">${cap}</div> </div> <div class="md:w-2/3"> <div class="font-medium">"${need}"</div> <div class="text-xs text-slate-400 mt-1">${explanations[cap]}</div> </div> `; content.appendChild(row); }); summaryDiv.classList.remove('hidden'); } function resetActivity() { initActivity(); } window.onload = initActivity; </script> </body> </html> ```
ConceptCore Purview Capabilities

How discovery supports protection

From discovery to protection

Purview protection starts with knowing what data exists. A common flow is:

  • Discover: scan sources and identify data assets.
  • Classify: detect sensitive information such as personal data, financial data, or health data.
  • Describe: add business context so people understand what the data means.
  • Protect: apply labels, encryption, access controls, or DLP policies.
  • Manage: use compliance tools to audit activity, retain records, and respond to investigations.

This is why data discovery and data protection are connected: you cannot consistently protect sensitive data if you do not know where it is.

CheckCore Purview Capabilities

Information Protection or DLP?

A user tries to send a spreadsheet containing credit card numbers to an external email address, and the organization wants a policy to warn or block the action. Which capability is most directly involved?

RecallCore Purview Capabilities
What is the difference between the Purview Data Map and Data Catalog?
RecallCore Purview Capabilities
Name two ways Microsoft Purview helps protect sensitive data.
ConceptDiscovering and Classifying Data

Finding Data with Scans and a Catalog

Finding Data with Scans and a Catalog

Microsoft Purview helps organizations discover data by scanning connected data sources such as Microsoft 365, Azure storage, databases, and other supported locations.

A scan looks at a data source and collects metadata, such as file names, table names, column names, data types, and sometimes patterns that suggest sensitive data.

The results can be added to a data catalog, which is like a searchable inventory of data assets. The catalog helps people understand what data exists, where it is located, and what it may mean.

  • Scan: discovers assets and metadata.
  • Catalog: organizes discovered assets so they can be searched and understood.
  • Metadata: information about data, such as name, location, owner, type, and classification.
CheckDiscovering and Classifying Data

Scan or Catalog?

A team wants a searchable inventory that shows where important data assets are located and what they contain. Which Microsoft Purview concept best matches this need?

ConceptDiscovering and Classifying Data

Classifications Identify What Data Is

Classifications Identify What Data Is

A classification describes the kind of information found in data. For example, Microsoft Purview can classify data as containing a credit card number, passport number, health information, or other sensitive content.

Classifications help organizations answer questions like:

  • Which files or tables contain personal data?
  • Where is financial information stored?
  • Which data needs stronger protection or governance?

Classifications do not automatically mean data is protected. They help identify and describe data so policies, labels, reviews, or protection actions can be applied appropriately.

ConceptDiscovering and Classifying Data

Sensitivity Labels Mark and Protect Content

Sensitivity Labels Mark and Protect Content

A sensitivity label is a tag that describes how sensitive content is, such as Public, Internal, Confidential, or Highly Confidential.

Organizations use sensitivity labels to help users and systems handle information correctly. Depending on configuration, labels can also apply protection such as encryption, access restrictions, or visual markings like headers and footers.

In simple terms: classifications help identify what the data contains, while sensitivity labels help communicate and enforce how the data should be handled.

Try itDiscovering and Classifying Data

Classify the Data Sample

Build an interactive beginner sorting activity. Show 8 short sample data snippets as draggable cards, such as: "4111 1111 1111 1111", "alex@contoso.com", "123-45-6789", "Project launch notes", "DOB: 04/12/1990", "Passport: C1234567", "Quarterly revenue forecast", and "Patient diagnosis: asthma". Provide drop zones labeled "Credit card number", "Email address", "National ID/SSN", "Date of birth", "Passport number", "Health information", and "Not obviously sensitive". When the learner drops a card, show immediate feedback explaining why it matches or why it does not. Add a final score and a short summary that connects the activity to Microsoft Purview classifications and sensitive information types.

```html <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Beginner Sensitive Data Sorting - Microsoft Purview</title> <style> body { font-family: system-ui, sans-serif; margin: 20px; background: #f8f9fa; } h1 { color: #0078d4; } .container { max-width: 1100px; margin: auto; } .cards { display: flex; flex-wrap: wrap; gap: 10px; margin: 20px 0; } .card { background: white; border: 2px solid #0078d4; padding: 12px 16px; border-radius: 8px; cursor: grab; box-shadow: 0 2px 4px rgba(0,0,0,0.1); min-width: 160px; user-select: none; } .card:active { cursor: grabbing; } .zones { display: grid; grid-template-columns: repeat(auto-fit, minmax(240px, 1fr)); gap: 12px; margin: 20px 0; } .zone { background: white; border: 3px dashed #0078d4; border-radius: 8px; padding: 12px; min-height: 90px; } .zone h3 { margin: 0 0 8px; font-size: 15px; color: #0078d4; } .zone .dropped { background: #e6f2ff; border: 1px solid #0078d4; padding: 6px 10px; margin: 4px 0; border-radius: 4px; font-size: 13px; } .feedback { position: fixed; bottom: 20px; left: 50%; transform: translateX(-50%); background: #fff; border: 2px solid #0078d4; padding: 16px 24px; border-radius: 8px; box-shadow: 0 4px 12px rgba(0,0,0,0.2); display: none; max-width: 420px; z-index: 100; } .score { font-size: 18px; font-weight: 600; margin: 20px 0; } .summary { background: #fff; border: 1px solid #0078d4; padding: 16px; border-radius: 8px; margin-top: 20px; display: none; } </style> </head> <body> <div class="container"> <h1>Beginner Sorting Activity: Identify Sensitive Data</h1> <p>Drag each card to the matching drop zone. Get instant feedback on why it matches (or not).</p> <div class="cards" id="cards"> <div class="card" draggable="true" data-type="credit">4111 1111 1111 1111</div> <div class="card" draggable="true" data-type="email">alex@contoso.com</div> <div class="card" draggable="true" data-type="ssn">123-45-6789</div> <div class="card" draggable="true" data-type="none">Project launch notes</div> <div class="card" draggable="true" data-type="dob">DOB: 04/12/1990</div> <div class="card" draggable="true" data-type="passport">Passport: C1234567</div> <div class="card" draggable="true" data-type="none">Quarterly revenue forecast</div> <div class="card" draggable="true" data-type="health">Patient diagnosis: asthma</div> </div> <div class="zones"> <div class="zone" data-zone="credit"><h3>Credit card number</h3></div> <div class="zone" data-zone="email"><h3>Email address</h3></div> <div class="zone" data-zone="ssn"><h3>National ID/SSN</h3></div> <div class="zone" data-zone="dob"><h3>Date of birth</h3></div> <div class="zone" data-zone="passport"><h3>Passport number</h3></div> <div class="zone" data-zone="health"><h3>Health information</h3></div> <div class="zone" data-zone="none"><h3>Not obviously sensitive</h3></div> </div> <div class="score" id="score">Correct: 0 / 8</div> <button onclick="finishActivity()" style="padding:10px 20px; background:#0078d4; color:white; border:none; border-radius:4px; cursor:pointer;">Finish &amp; See Score</button> <div class="feedback" id="feedback"></div> <div class="summary" id="summary"> <h3>Activity Complete – Connection to Microsoft Purview</h3> <p>Microsoft Purview uses <strong>Sensitive Information Types (SITs)</strong> to automatically detect and classify data like credit card numbers, SSNs, passports, health data, and dates of birth. This helps organizations apply Data Loss Prevention (DLP) policies, retention labels, and protection across Microsoft 365.</p> <p>Correctly sorting these examples builds awareness of why Purview flags certain patterns as sensitive — protecting privacy and reducing risk.</p> </div> </div> <script> const correctMatches = { "credit": "credit", "email": "email", "ssn": "ssn", "dob": "dob", "passport": "passport", "health": "health", "none": "none" }; let score = 0; let placed = 0; const feedbackEl = document.getElementById('feedback'); const scoreEl = document.getElementById('score'); function showFeedback(msg, isCorrect) { feedbackEl.innerHTML = msg; feedbackEl.style.borderColor = isCorrect ? '#107c10' : '#d83b01'; feedbackEl.style.display = 'block'; setTimeout(() => { feedbackEl.style.display = 'none'; }, 2800); } function updateScore() { scoreEl.textContent = `Correct: ${score} / 8`; } document.querySelectorAll('.card').forEach(card => { card.addEventListener('dragstart', e => { e.dataTransfer.setData('text/plain', card.dataset.type + '|' + card.textContent); }); }); document.querySelectorAll('.zone').forEach(zone => { zone.addEventListener('dragover', e => { e.preventDefault(); zone.style.borderColor = '#106ebe'; }); zone.addEventListener('dragleave', () => { zone.style.borderColor = '#0078d4'; }); zone.addEventListener('drop', e => { e.preventDefault(); zone.style.borderColor = '#0078d4'; const data = e.dataTransfer.getData('text/plain').split('|'); const type = data[0]; const text = data[1]; const zoneType = zone.dataset.zone; placed++; const isCorrect = correctMatches[type] === zoneType; if (isCorrect) { score++; zone.innerHTML += `<div class="dropped">${text}</div>`; showFeedback(`✅ Correct! This matches <strong>${zoneType}</strong> because it contains recognizable patterns used by Purview SITs.`, true); } else { showFeedback(`❌ Not quite. This does not match <strong>${zoneType}</strong>. It actually belongs in the <strong>${correctMatches[type]}</strong> zone.`, false); } updateScore(); // Remove card from original container const originalCard = Array.from(document.querySelectorAll('.card')).find(c => c.textContent === text); if (originalCard) originalCard.remove(); }); }); function finishActivity() { document.getElementById('summary').style.display = 'block'; document.getElementById('score').textContent = `Final Score: ${score} / 8 correct`; if (score === 8) { document.getElementById('summary').innerHTML += `<p style="color:#107c10">Excellent! You identified every sensitive pattern correctly.</p>`; } else { document.getElementById('summary').innerHTML += `<p>Review the feedback above and try again to master the patterns.</p>`; } } </script> </body> </html> ```
CheckDiscovering and Classifying Data

Classification vs. Sensitivity Label

Which statement best describes the difference between a classification and a sensitivity label?

RecallDiscovering and Classifying Data
What is a sensitive information type in Microsoft Purview?
ConceptProtecting and Managing Risk

Protect data with sensitivity labels and DLP

Protecting sensitive data

Microsoft Purview helps organizations reduce accidental or inappropriate sharing of sensitive information.

Sensitivity labels

A sensitivity label classifies content such as email, documents, and Teams sites. Labels can apply visual markings, encryption, access restrictions, or sharing controls.

Example: a document labeled Confidential might be encrypted so only employees can open it.

Data loss prevention

DLP policies look for sensitive information, such as credit card numbers or health records, and take action when users try to share it in risky ways.

Example: DLP can warn or block a user who tries to email a file containing customer financial data outside the organization.

CheckProtecting and Managing Risk

Labels vs. DLP

Which statement best describes the difference between sensitivity labels and DLP policies?

Try itProtecting and Managing Risk

Protection scenario matcher

Build an interactive scenario matcher. Show learners 6 short scenarios and let them choose the best Purview feature for each from: Sensitivity label, DLP policy, Retention policy, Records management, Insider risk management, Audit. After each choice, show immediate feedback explaining why it fits. Include scenarios such as: encrypting a confidential merger document; blocking an email with credit card numbers to an external recipient; keeping tax records for seven years; declaring a final contract as an immutable record; detecting unusual downloads before an employee resigns; investigating who accessed a sensitive file last week. Display a score and a summary table of correct matches at the end.

```html <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Purview Scenario Matcher</title> <style> body{font-family:Arial,sans-serif;max-width:800px;margin:20px auto;padding:20px;background:#f5f5f5} .scenario{margin:15px 0;padding:15px;background:white;border-radius:8px;box-shadow:0 2px 4px rgba(0,0,0,0.1)} select,button{padding:8px 12px;margin:5px;font-size:14px} .feedback{margin-top:10px;padding:10px;border-radius:5px} .correct{background:#d4edda;color:#155724} .incorrect{background:#f8d7da;color:#721c24} #results{display:none;margin-top:30px} table{width:100%;border-collapse:collapse;margin-top:15px} th,td{border:1px solid #ddd;padding:10px;text-align:left} th{background:#0078d4;color:white} .score{font-size:24px;font-weight:bold;margin:20px 0} </style> </head> <body> <h1>Microsoft Purview Scenario Matcher</h1> <p>Match each scenario to the best Purview feature. Choose from the dropdown, then click Submit for feedback.</p> <div id="quiz"></div> <div id="results"> <div class="score" id="score"></div> <h3>Summary of Correct Matches</h3> <table id="summary"><tr><th>Scenario</th><th>Your Choice</th><th>Correct Feature</th><th>Result</th></tr></table> <button onclick="restart()">Restart Quiz</button> </div> <script> const scenarios = [ { id:1, text:"Encrypting a confidential merger document", correct:"Sensitivity label", feedback:"Sensitivity labels apply encryption and protection to documents based on sensitivity." }, { id:2, text:"Blocking an email with credit card numbers to an external recipient", correct:"DLP policy", feedback:"DLP policies detect and block sensitive data like credit card numbers from leaving the organization." }, { id:3, text:"Keeping tax records for seven years", correct:"Retention policy", feedback:"Retention policies automatically keep content for a specified period (e.g., 7 years) to meet compliance needs." }, { id:4, text:"Declaring a final contract as an immutable record", correct:"Records management", feedback:"Records management allows declaring content as records with immutability and retention controls." }, { id:5, text:"Detecting unusual downloads before an employee resigns", correct:"Insider risk management", feedback:"Insider risk management uses signals like unusual downloads to detect risky behavior before departure." }, { id:6, text:"Investigating who accessed a sensitive file last week", correct:"Audit", feedback:"Audit logs capture detailed activity like file access, enabling investigations of who did what and when." } ]; const features = ["Sensitivity label","DLP policy","Retention policy","Records management","Insider risk management","Audit"]; let answers = {}; let current = 0; function renderQuiz() { const container = document.getElementById("quiz"); container.innerHTML = ""; scenarios.forEach((s,i) => { const div = document.createElement("div"); div.className = "scenario"; div.innerHTML = `<strong>Scenario ${i+1}:</strong> ${s.text}<br> <select id="sel${s.id}"><option value="">-- Select feature --</option>${features.map(f=>`<option value="${f}">${f}</option>`).join("")}</select> <button onclick="submitChoice(${s.id})">Submit</button> <div id="fb${s.id}" class="feedback"></div>`; container.appendChild(div); }); } function submitChoice(id) { const sel = document.getElementById(`sel${id}`); const fb = document.getElementById(`fb${id}`); const choice = sel.value; if (!choice) { fb.innerHTML = "Please select a feature."; fb.className="feedback incorrect"; return; } const scen = scenarios.find(x=>x.id===id); answers[id] = choice; if (choice === scen.correct) { fb.innerHTML = `✅ Correct! ${scen.feedback}`; fb.className = "feedback correct"; } else { fb.innerHTML = `❌ Incorrect. Correct answer: ${scen.correct}. ${scen.feedback}`; fb.className = "feedback incorrect"; } sel.disabled = true; checkCompletion(); } function checkCompletion() { if (Object.keys(answers).length === scenarios.length) { showResults(); } } function showResults() { const resultsDiv = document.getElementById("results"); const scoreEl = document.getElementById("score"); const table = document.getElementById("summary"); let correctCount = 0; table.innerHTML = `<tr><th>Scenario</th><th>Your Choice</th><th>Correct Feature</th><th>Result</th></tr>`; scenarios.forEach(s => { const your = answers[s.id] || "None"; const isCorrect = your === s.correct; if (isCorrect) correctCount++; const row = table.insertRow(); row.innerHTML = `<td>${s.text}</td><td>${your}</td><td>${s.correct}</td><td>${isCorrect ? "✅ Correct" : "❌ Incorrect"}</td>`; }); scoreEl.innerHTML = `Your Score: ${correctCount} / ${scenarios.length} (${Math.round(correctCount/scenarios.length*100)}%)`; document.getElementById("quiz").style.display = "none"; resultsDiv.style.display = "block"; } function restart() { answers = {}; current = 0; document.getElementById("quiz").style.display = "block"; document.getElementById("results").style.display = "none"; renderQuiz(); } renderQuiz(); </script> </body> </html> ```
ConceptProtecting and Managing Risk

Retention and records management

Keeping information for compliance

Organizations often must keep certain information for a required period and delete it when it is no longer needed.

Retention

Retention policies and retention labels help keep or delete content based on business or legal requirements.

Example: keep employee payroll records for seven years, then allow deletion.

Records management

Records management is used when content must be treated as an official business record. It can restrict editing or deletion and support review, disposition, and proof of compliance.

Example: a signed contract can be declared a record so it remains trustworthy and controlled.

ConceptProtecting and Managing Risk

Insider risk and audit scenarios

Managing risky activity

Not every risk comes from outside attackers. Some risks involve people inside the organization, including employees, contractors, or partners.

Insider risk examples

  • A user downloads many sensitive files shortly before leaving the company.
  • An employee shares confidential documents with a personal email account.
  • A worker repeatedly accesses data unrelated to their role.

Audit examples

Audit helps investigators understand what happened by recording activities such as file access, sharing, deletions, sign-ins, and administrative actions.

Example: after a sensitive file is leaked, audit logs can help identify who accessed or shared it.

CheckProtecting and Managing Risk

Choose the right capability

A compliance team needs to prove who deleted a sensitive SharePoint document and when. Which Purview capability is most directly useful?

RecallProtecting and Managing Risk
What are three practical risk-management jobs Microsoft Purview can help with?
ConceptGetting Started with Purview

A simple first path into Microsoft Purview

Start small with Purview

Microsoft Purview includes many tools for discovering, protecting, governing, and managing data. A beginner should not try to configure everything at once.

Basic first approach

  • Identify a learning goal: for example, find sensitive files, review retention, or understand data locations.
  • Pick one workload: start with a small area such as SharePoint, OneDrive, Exchange, or a sample Azure data source.
  • Use read-only exploration first: view dashboards, data maps, classifications, or compliance information before changing policies.
  • Test in a safe scope: use a pilot group, test site, demo tenant, or limited data source.
  • Document what you learn: record data sources, risks, owners, and next steps.

The goal is to build confidence before applying organization-wide controls.

CheckGetting Started with Purview

Best first step

You are new to Microsoft Purview and want to learn safely. What is the best first step?

ConceptGetting Started with Purview

Choosing a beginner-friendly Purview tool

Match the tool to the scenario

Purview is a family of capabilities. Beginners should choose the tool that matches the question they are trying to answer.

  • Data Map / Data Catalog: Use when you want to discover data sources and understand what data exists.
  • Data classification: Use when you want to identify sensitive information such as credit card numbers, health data, or personal information.
  • Information Protection: Use when you want to label and protect sensitive documents and emails.
  • Data Lifecycle Management: Use when you want to manage retention and deletion of content over time.
  • Audit: Use when you want to investigate user or admin activity.
  • eDiscovery: Use when you need to find and preserve content for legal or investigation needs.

For a first exploration, discovery and classification are often easier starting points because they help you understand the environment before enforcing controls.

Try itGetting Started with Purview

Purview starter planner

Build an interactive planner that helps a beginner choose a safe first Purview activity. The learner selects: 1) their goal from options: discover data, find sensitive information, protect files/emails, manage retention, investigate activity, support legal search; 2) their scope from options: demo tenant, pilot group, one SharePoint site, one mailbox, one Azure data source, whole organization; 3) their risk tolerance from options: learning only, limited pilot, production change. The applet should recommend an appropriate Purview capability, such as Data Map/Data Catalog, data classification, Information Protection sensitivity labels, Data Lifecycle Management retention, Audit, or eDiscovery. It should also show a safety rating. If the learner chooses whole organization plus production change, warn that this is not ideal for beginners and suggest reducing the scope. The applet should generate a short first-step checklist with 3–5 actions, such as confirm permissions, choose a test scope, review existing data, run discovery/classification, document findings, and avoid broad policy enforcement until reviewed.

```html <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Purview Safe Start Planner</title> <style> body{font-family:system-ui,Arial,sans-serif;margin:40px;max-width:800px;background:#f8f9fa} .card{background:white;border-radius:12px;padding:24px;box-shadow:0 4px 12px rgba(0,0,0,.08);margin-bottom:24px} select,button{padding:10px 14px;font-size:15px;border:1px solid #ccc;border-radius:8px} button{background:#0d6efd;color:white;border:none;cursor:pointer} button:hover{background:#0b5ed7} .result{background:#e7f1ff;border-left:5px solid #0d6efd;padding:20px;border-radius:8px} .warning{background:#fff3cd;border-left:5px solid #ffc107;padding:16px} .checklist li{margin:6px 0} </style> </head> <body> <h1>Microsoft Purview Safe First Activity Planner</h1> <p>Select your options below to get a personalized, beginner-safe recommendation.</p> <div class="card"> <h3>1. Your Goal</h3> <select id="goal"> <option value="discover data">Discover data</option> <option value="find sensitive information">Find sensitive information</option> <option value="protect files/emails">Protect files/emails</option> <option value="manage retention">Manage retention</option> <option value="investigate activity">Investigate activity</option> <option value="support legal search">Support legal search</option> </select> </div> <div class="card"> <h3>2. Your Scope</h3> <select id="scope"> <option value="demo tenant">Demo tenant</option> <option value="pilot group">Pilot group</option> <option value="one SharePoint site">One SharePoint site</option> <option value="one mailbox">One mailbox</option> <option value="one Azure data source">One Azure data source</option> <option value="whole organization">Whole organization</option> </select> </div> <div class="card"> <h3>3. Risk Tolerance</h3> <select id="risk"> <option value="learning only">Learning only</option> <option value="limited pilot">Limited pilot</option> <option value="production change">Production change</option> </select> </div> <button onclick="generatePlan()">Get My Recommendation</button> <div id="output" style="margin-top:30px;display:none"></div> <script> function generatePlan() { const goal = document.getElementById('goal').value; const scope = document.getElementById('scope').value; const risk = document.getElementById('risk').value; const out = document.getElementById('output'); out.style.display = 'block'; out.innerHTML = ''; let capability = ''; let safety = 5; let warning = ''; let checklist = []; // Recommendation logic if (goal === 'discover data') capability = 'Data Map / Data Catalog'; else if (goal === 'find sensitive information') capability = 'Data classification'; else if (goal === 'protect files/emails') capability = 'Information Protection sensitivity labels'; else if (goal === 'manage retention') capability = 'Data Lifecycle Management retention'; else if (goal === 'investigate activity') capability = 'Audit'; else if (goal === 'support legal search') capability = 'eDiscovery'; // Safety rating based on scope + risk if (scope === 'whole organization') safety = 2; else if (scope === 'demo tenant' || scope === 'pilot group' || scope.includes('one ')) safety = 5; else safety = 4; if (risk === 'production change') safety = Math.max(1, safety - 2); else if (risk === 'limited pilot') safety = Math.max(2, safety - 1); // Special warning if (scope === 'whole organization' && risk === 'production change') { warning = `<div class="warning"><strong>⚠️ Not ideal for beginners.</strong> Whole organization + production change carries high risk. Reduce scope to a pilot group, one site, or demo tenant first.</div>`; safety = 1; } // Dynamic checklist (3-5 items) checklist = [ 'Confirm you have the required Purview permissions (e.g., Compliance Administrator or equivalent).', `Choose a test scope: start with ${scope === 'whole organization' ? 'a pilot group or demo tenant' : scope}.`, 'Review any existing data maps, classifications, or policies in the tenant.', goal.includes('discover') || goal.includes('find') ? 'Run a discovery or classification scan on the limited scope.' : 'Configure the capability in read-only or test mode first.', 'Document findings and lessons learned before expanding scope.' ]; if (risk !== 'learning only') checklist.push('Avoid broad policy enforcement until the pilot is reviewed.'); // Build result let html = `<div class="result">`; html += `<h3>Recommended Capability: <strong>${capability}</strong></h3>`; html += `<p><strong>Safety Rating:</strong> ${safety}/5 ${safety <= 2 ? ' (High caution)' : safety >= 4 ? ' (Low risk)' : ''}</p>`; if (warning) html += warning; html += `<h4>First-Step Checklist</h4><ul class="checklist">`; checklist.slice(0,5).forEach(item => html += `<li>${item}</li>`); html += `</ul></div>`; out.innerHTML = html; } </script> </body> </html> ```
CheckGetting Started with Purview

Pick the right tool

A team wants to identify which files in a small SharePoint pilot site may contain personal information before applying any protection policies. Which Purview capability is the best beginner choice?

ConceptGetting Started with Purview

Adopt Purview gradually

Good adoption habits

Purview works best when adoption is gradual and intentional. Many capabilities can affect users, records, investigations, and compliance processes, so changes should be planned.

Beginner best practices

  • Learn before enforcing: explore reports and findings before applying organization-wide rules.
  • Use least privilege: grant only the roles needed for learning or testing.
  • Start with a pilot: test with a small group, site, mailbox, or data source.
  • Involve data owners: confirm whether findings are accurate and meaningful.
  • Review impact: understand how labels, retention, or access controls affect users.
  • Iterate: expand only after results are reviewed and documented.

A practical first milestone is not “fully governed data.” It is a clear inventory of what was tested, what was found, and what should happen next.

RecallGetting Started with Purview
What is a safe beginner strategy for exploring Microsoft Purview?
RecallGetting Started with Purview
Why should Purview adoption begin with a pilot instead of organization-wide enforcement?