3.1. Microsoft Purview: The Governance Platform
š” First Principle: Microsoft Purview is Microsoft's unified data governance and compliance platform. It doesn't create data ā it wraps data with controls and visibility. If your data is sensitive, Purview is how you label it, protect it, monitor how it moves, and govern how long it lives.
Without Purview, sensitive data flows through your organization with no labels, no restrictions on sharing, no alerts when it leaves, and no audit trail. You don't know what's sensitive, where it lives, or who's accessing it. Copilot doesn't change this ā it just makes the gap more visible by surfacing what users can already reach.
The exam will test your ability to match a compliance scenario to the right Purview tool. The key is knowing what each tool is for before trying to remember its settings.
ā ļø Common Misconception: Sensitivity labels only protect files in Word or Excel. Labels actually apply to emails, Teams meetings, SharePoint sites, and Microsoft 365 Groups ā not just documents. A label on an email can enforce encryption and prevent forwarding.
| Purview Tool | Primary Purpose | Key Question It Answers |
|---|---|---|
| Information Protection | Classify and protect data | Is this data labeled? Is it encrypted? |
| Data Loss Prevention (DLP) | Prevent sensitive data from leaving inappropriately | Is this content being shared in violation of policy? |
| Insider Risk Management | Detect risky user behavior | Is this user acting suspiciously with sensitive data? |
| Communication Compliance | Monitor communications for policy violations | Is anyone violating conduct or regulatory policies in communications? |
| Data Lifecycle Management | Control how long data is kept | Does this content need to be retained or deleted? |
| DSPM for AI | Govern AI interactions with data | What is Copilot doing with sensitive data? |
| eDiscovery | Find and preserve content for legal | Can we find all emails about this case? |
| Compliance Manager | Measure and improve compliance posture | How compliant are we, and what should we do next? |
