Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

6. Glossary

Activity Explorer — A Microsoft Purview tool that provides a chronological audit trail of data-related user activities: label changes, DLP policy triggers, file access, downloads, and sharing events. Used for forensic investigation, not prevention.

Agent — A discrete, configurable AI automation built in Copilot Studio that performs specific tasks using defined knowledge sources. Distinct from built-in Copilot features. See also: Copilot Studio, Agent lifecycle.

App Registration — The definition of an application in Microsoft Entra ID: its client ID, permissions it requests, redirect URIs, and client secrets. One registration can create service principals (enterprise apps) in multiple tenants. See also: Enterprise App.

Audit Log — A record of administrative and user actions in Microsoft 365. Sign-in logs capture every authentication attempt; the Unified Audit Log captures activity across Exchange, SharePoint, Teams, and Entra.

Conditional Access — A policy engine in Microsoft Entra ID that evaluates signals (user, device, location, risk) about a sign-in attempt and applies grant controls (allow, require MFA, require compliant device, or block). See also: Named Location, Zero Trust.

Compliance Manager — A Microsoft Purview tool that measures an organization's M365 configuration against compliance frameworks (GDPR, HIPAA, ISO 27001) and provides a score and improvement recommendations. Not an enforcement or monitoring tool.

Copilot Analytics — Reporting in the Microsoft 365 admin center that shows adoption and usage metrics for Microsoft 365 Copilot across apps and users.

Copilot Studio — A no-code/low-code platform for building, testing, and publishing AI agents. Uses Power Platform infrastructure. Agents built here require an approval workflow before org-wide deployment.

Data Access Governance (DAG) Report — A report in the SharePoint admin center that surfaces oversharing risks: sites with "Anyone" links, sites shared with "Everyone," and sites with high unique permission counts.

Data Explorer — A Microsoft Purview tool that provides an inventory of sensitive data in the tenant, showing what sensitive information types are present, where they live, and which sensitivity labels have been applied.

Data Loss Prevention (DLP) — A Microsoft Purview capability that detects sensitive information in content and can notify users, require justification, or block sharing. Applies across Exchange, SharePoint, Teams, OneDrive, and Copilot interactions.

DSPM for AI (Data Security Posture Management for AI) — A Microsoft Purview capability that surfaces AI-related data activity, identifies oversharing risks exposed by Copilot, and recommends remediation actions.

eDiscovery — The legal process of finding and preserving electronically stored information. Microsoft Purview eDiscovery provides tools for creating cases, placing legal holds, running searches, and exporting results. See also: Legal Hold.

Enterprise App — The in-tenant service principal instance of an application in Microsoft Entra ID. Created automatically when an app registration is created, or when a user consents to an external app. Used for SSO configuration and user assignment. See also: App Registration.

Identity Secure Score — A percentage-based metric in Microsoft Entra ID that measures how well the tenant's identity configuration follows Microsoft's security recommendations. Provides a prioritized improvement action list.

Insider Risk Management (IRM) — A Microsoft Purview capability that detects patterns of risky user behavior (bulk downloads, data exfiltration signals, departing employee activity) and generates alerts for investigation. Not a real-time blocking tool.

Legal Hold — A preservation mechanism in Microsoft Purview eDiscovery that prevents content from being permanently deleted during a retention or legal investigation period. Users can "delete" items normally; M365 silently preserves them.

Microsoft Defender XDR — Microsoft's Extended Detection and Response platform that correlates threat signals across Defender for Endpoint, Defender for Office 365, Defender for Identity, and Defender for Cloud Apps.

Microsoft Entra ID — The cloud identity and access management service (formerly Azure Active Directory) that underpins all Microsoft 365 authentication, authorization, Conditional Access, PIM, and SSO.

Microsoft Graph — The unified API gateway that Microsoft 365 applications — including Copilot — use to access organizational data. All Copilot data access is gated by the signed-in user's permissions through Microsoft Graph.

Microsoft Purview — Microsoft's unified data governance and compliance platform covering Information Protection, DLP, Insider Risk Management, Communication Compliance, Data Lifecycle Management, eDiscovery, Compliance Manager, Data Explorer, and DSPM for AI.

Pay-as-you-go (Copilot) — A metered billing model for Copilot features (including SharePoint Copilot) charged per message or action, connected to an Azure subscription. Alternative to the flat monthly per-user Copilot license.

Privileged Identity Management (PIM) — A Microsoft Entra ID feature that provides just-in-time, time-bounded, approval-gated activation of privileged roles. Requires Entra ID P2 licensing.

Researcher (Agent) — A Microsoft-built premium agent that performs deep research tasks by synthesizing information from both internal M365 data and the public web via Bing.

Analyst (Agent) — A Microsoft-built premium agent that performs data analysis tasks, including running Python code in a secure sandbox to compute results and generate visualizations.

Responsible AI — Microsoft's framework of six principles for building and using AI responsibly: Fairness, Reliability and Safety, Privacy and Security, Inclusiveness, Transparency, and Accountability.

Retention Label — A per-item governance tag applied to files or emails in Microsoft Purview that enforces a retention period and, optionally, marks content as a record (immutable). Applied by users manually or via auto-labeling.

Retention Policy — An admin-applied policy in Microsoft Purview that enforces retention or deletion rules across entire locations (all Exchange mailboxes, all SharePoint sites). Less granular than retention labels.

Sensitivity Label — A classification tag applied to content (files, emails, Teams meetings, SharePoint sites) in Microsoft Purview that can enforce encryption, access restrictions, and content marking. Travels with the content wherever it goes.

SharePoint Advanced Management (SAM) — A premium add-on to Microsoft 365 that provides advanced SharePoint governance capabilities including restricted site access, conditional access per site, block download policies, and inactive site policies.

Single Sign-On (SSO) — An authentication mechanism where a user authenticates once to an identity provider (Entra ID) and receives tokens that grant access to multiple applications without re-entering credentials. Uses SAML 2.0 or OpenID Connect (OIDC) protocols.

Tenant — The dedicated, isolated instance of Microsoft 365 services that belongs to an organization. All users, policies, data, and configurations exist within a tenant.

Zero Trust — A security model built on three principles: verify explicitly (evaluate all available signals for every access request), use least privilege access (minimize access scope and duration), and assume breach (design as if attackers are already inside, minimize blast radius).

Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications