2. Improve risk and
compliance posture
Identify data risks and
manage regulatory
compliance requirements
Understand &
govern data
Manage visibility and
governance of data assets
across your environment
Safeguard data,
wherever it lives
Protect sensitive data
across clouds, apps, and
devices
3. The new Microsoft Purview
Current
Name
Microsoft 365 Basic/Advanced Audit
Microsoft 365 Communication Compliance
Microsoft Compliance Manager
Office 365 Customer Lockbox
Azure Purview Data Catalog
Microsoft Information Governance
Office 365 Data Loss Prevention
Azure Purview Data Map
Double Key Encryption for Microsoft 365
Records Management in Microsoft 365
Office 365 Core/Advanced eDiscovery
Microsoft 365 Information Barriers
Microsoft Information Protection
Microsoft 365 Insider Risk Management
Azure Purview portal
Microsoft 365 compliance center
Azure Purview Data Insights
Microsoft 365 Customer Key
New
Name
Microsoft Purview Audit (Standard)/(Premium)
Microsoft Purview Communication Compliance
Microsoft Purview Compliance Manager
Microsoft Purview Customer Lockbox
Microsoft Purview Data Catalog
Microsoft Purview Data Lifecycle Management
Microsoft Purview Data Loss Prevention
Microsoft Purview Data Map
Microsoft Purview Double Key Encryption
Microsoft Purview Records Management
Microsoft Purview eDiscovery (Standard)/(Premium)
Microsoft Purview Information Barriers
Microsoft Purview Information Protection
Microsoft Purview Insider Risk Management
Microsoft Purview governance portal
Microsoft Purview compliance portal
Microsoft Purview Data Estate Insights
Microsoft Purview Customer Key
4. Understand and
govern data
Manage visibility and governance of
data assets across your environment
Microsoft Purview Data Map
Microsoft Purview Data Catalog
Microsoft Purview Data Estate Insights
6. Microsoft Purview Information Protection
An intelligent, built-in, and extensible solution to know and protect sensitive data
Discover and classify data at scale using automation
and machine-learning
Built-in labeling and protection
Platform extends the protection experience
Encryption built into Microsoft 365: at rest, in transit,
and in use
On-premises
Cloud
Excel
7. Microsoft Purview Data Loss Prevention
Prevent accidental or unauthorized sharing of sensitive data
Automatically enforce compliance with regulations
and internal policies across cloud and on-premises
Extend DLP policy to both Microsoft and
non-Microsoft endpoints, on premises file shares,
user apps, browsers, and services
Apply flexible policy administration to balance
user productivity
Cloud
Apps
Endpoint
8. Microsoft Purview Insider Risk Management
Identify and act on insider risks with an integrated end-to-end approach
Identify risky activity and hidden risks with
customizable templates and contextual
insights
Maintain user privacy with built-in controls
that keep user data anonymous
Enable collaboration across security, HR, and
legal with integrated investigation workflows
9. Microsoft Purview Data Lifecycle Management
Classify and govern data at scale
Retain or delete data and manage records where users
collaborate to manage risk and prevent productivity loss
Demonstrate compliance with label analytics
insights, defensible disposal, and rich audit trails
Manage non-Microsoft data import with pre-built
data connectors*
*Pre-built data connectors include connectors built by Microsoft and by partners – Veritas, Telemessage, CellTrust and 17a-4 LLC. Except for Veritas,
Telemessage, CellTrust and 17a-4 LLC, Microsoft does not have direct relationships with the data source companies in bringing these data connectors to the
platform.
Powered by an intelligent platform
Microsoft 365
Non-
Microsoft data
11. Microsoft Purview Compliance Manager
Intuitive end-to-end compliance management
Manage end-to-end compliance from
easy onboarding to control
implementation
Configure out of the box assessments
to meet your requirements across all
assets
Simplify compliance with continuous
assessments, automated control
mapping, and a compliance score
Your compliance score:
1254/2000 points achieved
Compliance Manager
65%
12. Microsoft Purview Communication Compliance
Quickly identify and act on code-of-conduct policy violations
Intelligent customizable playbooks detect
violations across Teams, Exchange, and
third-party content
Flexible remediation workflows enable quick
action on violations, like remove incriminating
messages on Teams
Identify and investigate communications risks
while maintaining end-user privacy
13. Microsoft Purview eDiscovery
Discover, preserve, collect, process, cull, and analyze your data in place
Preserve content by custodian, send hold
notifications, and track acknowledgements
Review and manage static sets of documents
within a case, that can be independently
searched, analyzed, shared, and acted upon
Near duplicate detection, email threading,
themes, and ML models to identify potential
high value content and make the review
process more efficient
14. Microsoft Purview Audit
Power your forensic and compliance investigations
Tap into additional events that are important
for forensic investigations (e.g. mail items
accessed, mail send, user search)
Preserve audit logs for up to a year, with
option for 10-year retention add-on
High bandwidth access to data with ~2x the
baseline
#2:Microsoft Purview unifies information protection, data governance, risk management, and compliance solutions so that customers can manage their data all from one place. Now, they can leverage that visibility across their environment to help close exposure gaps, simplify tasks through automation, stay up-to-date with regulatory requirements, and keep their most important asset, data, safe.
#5:With Microsoft Purview we bring together compliance and data governance
The risk and compliance portfolio joins with our unified data governance
#11:Talk track:
Let’s start with your first challenge: knowing and protecting sensitive data that resides across your hybrid environment.
The bedrock of our solution is our comprehensive set of both manual and automatic data classification methods. Especially notable are our classifiers that leverage machine learning to automatically identify and classify sensitive content at scale using pattern-matching methods. You may not otherwise easily find this content, such as patents, contracts, and résumés. We have invested to ensure high accuracy in our various classification capabilities.
Once you know your data, you can benefit from using our built-in labeling and protection experience in your core productivity solutions. Apps like Word, Excel, or PowerPoint, or services like SharePoint, Exchange, or Power BI, use these core workloads instead of a bolted-on, plug-in experience. This not only lowers your costs by eliminating the need to deploy and maintain additional software, but also delivers better performance by eliminating the need to load add-ons every time a user launches an app or service.
The Microsoft information protection development platform further extends our classification, labeling, and protection experience, in a consistent way, to non-Microsoft apps, services, and file types. Using our platform (SDK/APIs), 200-plus industry partners create further customer value such as enabling users to open encrypted PDF files in the Edge browser and Adobe Acrobat Reader or allowing them to label and protect CAD artifacts. These are two of the 80+ product integrations available since GA of the SDK in November 2018.
In addition to information protection for your productivity apps and services, we’ve also built encryption into Microsoft 365 services and data protection into Azure. The encryption built into Azure protects your data while at rest, in transit, and in use.
We also offer guidance on deployment, leveraging the experience and learnings gained from enabling other similar organizations. <Internal: Library of case studies made available online for customers looking to learn from information-protection experience of peers>
-------------------------
Internal reference only:
EDM: A custom sensitive information type that uses exact data values, instead of matching only with generic patterns. In other words, EDM-based classification enables you to create custom sensitive information types that refer to exact values in a database of sensitive information.
ML trainable classifiers: This classification method is particularly well-suited to content that either the manual or automated pattern-matching methods cannot easily identify. This method of classification is more about training a classifier to identify an item based upon what it is (e.g., résumé, contract, or invoice), as opposed to the elements the item contains (pattern matching).
Encryption: Services like Azure storage and Azure SQL database encrypt data at rest by default and confidential computing can help protect your data while in use.
#12:Talk track:
Now that you understand your sensitive data, you will want to establish a protection plan to address the risks of accidental or inappropriate sharing of sensitive information across the applications, services, and tools your users use every day.
Your employees access data from a multitude of devices and locations and they engage with multiple internal and external business partners to perform a wide array of activities. These touchpoints can expose your organization to data oversharing or even present risks of inappropriate sensitive data disclosure which can result in regulatory compliance concerns.
As part of our information protection solution, we offer unified data-loss-prevention that provides a consistent set of policies and actions across a broad ecosystem of user apps and services, both on-premises and in the cloud. These capabilities automatically classify your data, apply the correct information protection policy and then enforce policies in a way that’s consistent, fully transparent, and auditable.
These capabilities ensure that your employees will only use and share sensitive information within its approved regulatory and internal security policy context. Microsoft's unified DLP solution automatically blocks actions outside of this context, which prevents accidental or inappropriate information sharing.
Data-loss prevention's deep integration within the security stack creates a holistic and clearly differentiated information protection solution in the market because it provides full control and auditability from policy creation to policy enforcement to incident remediation and user education.
The classification engine for DLP is common across Microsoft's offerings. The engine natively incorporates 90-plus sensitive information types, and also supports the creation of custom sensitive information types. Organizations that deploy the DLP can therefore consistently address standard and bespoke sensitive data policy requirements, regardless of whether you implement the DLP policy in the cloud or on-premises.
You can access our comprehensive data-loss prevention capabilities universally in Microsoft 365 desktop apps like Word, Excel, PowerPoint, and Outlook, Edge; on-premises file shares; and within services like Teams, Exchange, SharePoint, and OneDrive. These capabilities also extend to third-party apps and browsers like Chrome and services such as Box, DropBox, Salesforce, and many others.
Data-loss protection enables you to automatically block sharing of chat messages, emails, and documents that contain sensitive information. DLP also ensures that users remain fully productive and aware of policy violations via tips and notifications that explain why content they shared was blocked, specific compliance violations, and how they can address the issue in the future. DLP also supports provisions for activities deemed non-compliant by an applicable policy, but need to be allowed due to a business reason while limiting workflow interruptions. Business justifications can be reviewed post-event to ensure they were appropriate.
#13:Talk track:
Insider risk management leverages Microsoft Graph and other services to obtain native signals across Microsoft 365, Windows 10, and Azure. This includes file activity, communications sentiment, and abnormal user behaviors without the need to deploy end-point agents. You can include additional third-party signals from human resources systems, such as termination date or performance data, to further enhance the risk signal.
A robust set of configurable templates tailored specifically for risks such as digital IP theft, confidentiality breach, and potential security violations use machine learning and intelligence to correlate the signals to identify hidden patterns and risks that traditional or manual methods might miss. Using intelligence and correlations allows the solution to focus on actual suspicious activities so you don’t get overloaded with alerts. Furthermore, you can create default pseudonymous display names for at-risk users to maintain privacy and prevent bias.
A comprehensive 360° view provides a curated and easy-to-understand visual summary of individual risks within your organization. This view includes an historical timeline of relevant in-scope activities and trends associated with each identified user. For example, you can see if a user submitted their resignation, then downloaded files and copied them to a USB device.
The system also evaluates whether any of those files contained classification labels as well as sensitive information or sensitivity labels from Information Protection. In addition, with the right permissions, investigators can determine risk by viewing files accessed from Microsoft cloud resources like SharePoint Online.
End-to-end integrated workflows help ensure that the right people across security, HR, legal, and compliance can quickly investigate and take action once a risk has been identified. For example, if we determined the risk to be unintentional, we could send an email explaining how the user’s actions violate company policy with a link to training or the policy handbook. If we determine the risk was malicious, we could open an investigation that collects, collates, and preserves evidence, including the documents themselves, and open a case for legal and HR to take appropriate action.
Finally, many organizations already leverage existing SOAR (Security Orchestration, Automation, and Response) systems to log and classify incidents by impact and urgency to prioritize actions for those assigned to them.
#14:Talk track:
And finally, you can now put retention and deletion policies in place to help you manage information lifecycle and meet recordkeeping obligations for data in Microsoft 365 and beyond.
Microsoft Information Governance helps classify and govern data at scale with the following capabilities:
In-place management: On average, organizations are wrestling with five different content systems and repositories. Duplicate information across platforms not only causes productivity loss but also increases risks. In-place management enables companies to retain information and manage records where data is created to prevent productivity loss and reduce operational and legal risks.
Automated policy: The volume of information is expected to grow 4.5 times over the next two years. Relying on manual classification is ineffective since users usually care the most about the value of the information, less about the risks it generates. It’s challenging to hold them accountable to classify and manage information accurately. By automating information governance, companies can leverage various auto-classification capabilities such as file properties (e.g., Content Type defined in SPO), pattern recognition, and machine-learning classifiers to classify and govern data at scale.
Defensible process: Multiple regulations, such as SEC 17a-4 and FINRA, require companies to meet stringent information governance requirements like record immutability. Companies also need to demonstrate compliance by proving they follow a defensible process to dispose of content. Microsoft 365 provides transparent insights on how data is classified to help you audit and finetune classification and policies. Moreover, the records management capabilities within Microsoft Information Governance can help companies follow a defensible process to retain and dispose of information with proof of disposals that can be kept for 7 years, disposition reviews, and rich audit trails.
Pre-built data connectors: To help companies leverage the capabilities above to govern data beyond Microsoft cloud, we provide pre-built data connectors for social media, text messages, chats, and collaboration data. Microsoft not only builds its own connectors but also works with hand-picked partners like TeleMessage and Globanet to enable ongoing and high-fidelity data import. In addition to the pre-built ones, customers and partners can build their own custom connectors to continuously ingest data into Microsoft 365.
You can leverage these four key capabilities to govern both the general and high-value information across various data sources:
General information governance: Retain only what you need and delete what you don’t to reduce risks and liability.
High-value information management: Classify, retain, review, dispose, and manage records to meet recordkeeping obligations.
#16:Talk track – tie it back to the opening statement (make it easy for customers)
----------------------------------
- : Vision Page : -
What are we trying to achieve here?
Our value can be extended to third-parties
Customers can access their data using APIs
Partners can use APIs to integrate
Service providers to manage at scale
#18:Talk track:
With Microsoft Purview Compliance Manager, you can now continuously assess and monitor data protection controls, get clear guidance on how to improve your score and thus reduce compliance risks, and leverage the built-in control mapping to scale your compliance effort across global, industrial, and regional standards.
Intuitive management: The complexity of regulations makes it challenging for organizations and IT administrators to know specific actions they can take to meet their compliance requirements. Compliance Manager provides easy, guided onboarding and supports twenty four languages. With simple design that works out of box, IT admins and Compliance / Audit Officers can quickly collaborate to address compliance. With Compliance Manager, you don’t need to be an expert in complex regulations like the General Data Protection Regulation (GDPR) to know the actions you can take to improve compliance effectiveness. Compliance Manager now combines the functionality of compliance score and the existing Compliance Manager solutions, making it a single portal for end-to-end compliance management.
Scalable assessments: Compliance Manager provides access to a vast library of 150+ assessment templates – from global regulations such as the GDPR, PCI-DSS, COBIT 5, to regional assessments such as Brazil’s LGPD data protection law and Malaysia’s Personnel Data Protection Act. Industry-specific assessments such as HITRUST and Cybersecurity Maturity Model Certification (CMMC) are also covered. Compliance Manager now provides the ability to quickly customize these assessments to meet your unique business requirements. With the custom assessments feature, you can manage compliance across your assets in one location by bringing your own assessments into Compliance Manager. For example, if you are currently tracking compliance of your SAP data in an Excel file, you can bring that into Compliance Manager.
Built-in automation: Compliance management can be tedious, and organizations often find it difficult to know their degree of compliance with specific regulations. Translating ever-changing regulatory requirements into specific actions and controls is also challenging and not all organizations have the resources to do this accurately. Point-in-time assessments (e.g., for quarterly/semi-annual/annual audits) also mean that organizations tend to have ‘blind spots’ between these assessment windows. To help you with these challenges, Compliance Manager comes built-in with the following capabilities: compliance score, control mapping, continuous regulatory updates, and continuous assessments
Microsoft Purview Compliance Manager measures your progress towards completing recommended actions that help reduce risks around data protection and regulatory standards.
#19:Talk Track:
Intelligent Customizable playbooks:
There are four pre-configured templates within Communication Compliance: regulatory compliance, offensive language, sensitive information types, conflicts of interest.
These are available across first- and third-party content, in 8 languages, with the ability to customize policies.
ML models continue to learn with trainable classifiers including gory, racy, adult images, harassment, discrimination, threats, profanity.
Remediation workflows:
Collaborative and easy-to-navigate
Identify risk communication with keyword highlighting and prioritization through past user behavior
Ability to send notification to employee, escalate the case for investigation, remove message from Teams channels
Able to provide feedback to improve the model
Privacy built in:
Rules-based access controls
Admin opt in of users/reviews
Pseudonymization and audit trails to scan behavior
#20:Talk Track:
We put significant investments in eDiscovery. We built whole new stack –from ground up.
Custodian Management
It’s looking to simplify the process. For example, a typical case requires hunting down mailbox addresses and SharePoint urls in order to use scripts to find out the addresses, plus give the export of the scripts. Now, with eDiscovery, you have the ability to just tell us who has been escalated. Our solution then goes in the background and maps the content for you – these are the sources in play that you can hold to get started on a case.
Review
Before a user exports, we wanted to provide a view of the content in review. These review tools help with analytics for culling decisions (to show related content), near duplicate detection, email threading, and redaction of content.
Deep Indexing
Microsoft is using a search that is tuned for performance – finding the most relevant content quickly becomes critical. Because we tune it for speed, we give it rules to look for specific items (and skip specific items that may take too long). For example, if you put a file with too many attachments, this would be skipped to optimize for speed. In our new stack, we will look at that content before we search. For example, if Jane is the custodian, looking at her content will pick up any partially and unindexed content. Jane then has the ability to index that content, so that when she searches for something specific, she is able to access primary and secondary indexes.
#21:Talk Track:
There are 3 key capabilities we offer customers in Audit to help with their regulatory, legal and compliance obligations.
The first are additional audit events that help with forensic investigations. Earlier this year we delivered new events that helps investigators understand if mail items were accessed through the mail sync and mail bind operation. This is extremely helpful to organizations with regulatory obligations that require breach notifications, because now they can scope mail items that may have been compromised to reduce fines and penalties.
Another key area is around retaining audit logs. According to the latest Ponemon research, it takes roughly 6 months to detect a data breach and organizations need a way to go back to the audit logs to conduct forensic investigations. Advanced Audit extends audit log retention from 90 days to 6 months. And new to Audit – optionally add 10-year retention for highly regulatory customers that need to keep audit log data for longer.
And lastly, for those using activity API, Audit provides 2 times the bandwidth compared to other customers – which is valuable especially if customers are using audit data in 3rd party solutions.
