Microsoft Purview, its Deployment and how it works across the Microsoft 365 stack
I’ve discussed Purview in a previous post, here, where I touched on what it is and what key use cases it addresses.
Given its wide capability set, though, some work is required to understand what it can really achieve at each domain it covers.
In this piece I wish to look at Microsoft Purview’s Risk & Compliance capabilities that apply to M365.
Purview
First let’s breakdown all Purview capabilities within the “Risk & Compliance” (under quotes as Compliance is also part of what’s under “Unified Data Governance” — but keeping in line with what is shown in the image from Microsoft public documentation) side of the diagram below.
For a good overview of everything under the “Microsoft Purview” brand and some actual product name changes, have a read at this article here.
As for deployment of it, from a data governance perspective, here are the best practices to deploy Purview to Data governance across the entire infrastructure.
But, looking from a M365 information protection and governance angles, Microsoft Purview solutions include these underlying sets (Source: Micorsoft Learn/Docs), which all apply to data in M365 in some way shape of form:
Purview and all these capabilities are why Microsoft is being recognized by Forrester as a leader in Unstructured Data Management, source.
Information Protection: This is a good starting point.
Data Loss Prevention: This is a good starting point.
Records Management: This is a good starting point.
Auditing Solutions: This is a good starting point.
Compliance Manager: Learn more about it here.
Purview vs M365
For a detailed breakdown of each capability within M365 an in depth look at each one is required. And that will take up hours of research and dedication… for each “solution” above.
When it comes to licensing, Some of these capabilities are available under the E3 licensing model, while other are under the E5 Compliance licensing bundle as highlighted in https://M365maps.com.
Purview for M365
Purview Identifies and Label data in Office Apps and other services. It does so according to their sensitivity and keeps track of where data travels and how it’s used.
Reduces Risky usage of data by applying Data Loss Prevention, enforcing information barriers between different groups and identifying potential Insider risk.
Plus, it helps keep on top of Industry specific or regional compliance needs, including NZ ISM, GDPR and Private data requirements across all data in Office Apps and M365.
Even data on-premises and on devices are protected and obey policies determined by Microsoft Purview.
Purview Adoption
Deploying Purview can be technically simple, but before that is rolled out, there is a lot of work that goes into documenting and creating Data Taxonomy that makes sense to the business.
Often times, purview deployment is staggered in a model that is called Crawl, Walk, Run.
Microsoft makes resources available Publicly to support deployment, and it also provides “Fast Track” support for eligible customers and has a partner ecosystem that should have you covered wherever you’re based.
To get started, I like the following references:
- Official Learn page: Deploy an information protection solution with Microsoft Purview — Microsoft Purview (compliance) | Microsoft Learn
- A document that an expert wrote on linkedin: A phase deployment guide to deploying key features of Microsoft 365 E5 Compliance tools | LinkedIn
There are other public and more detailed resources available, but Starting with the above is enough for most customers.
Learn more about my Cloud and Security Projects: https://linktr.ee/acamillo
Consider subscribing to Medium (here) to access more content that will empower you!
Thank you for reading and leave your thoughts/comments!
References
Scattered throughout the document
