M3: Describe the data compliance solutions of Microsoft Purview

Microsoft Purview Data Compliance solutions

Microsoft Purview Data Compliance solutions help organization manage and monitor its data, minimize compliance risks, and meet regulatory requirements.

Audit in Microsoft Purview

Auditing solutions in Microsoft Purview provides visibility into the activities performed across organization Microsoft 365 and it also effectively respond to security events, forensic investigations, internal investigations, and compliance obligations

*Microsoft Purview stores your customer data in the region where your Microsoft 365 data is stored.

Types of Audits:

Standard:

1. Default for all organizations with the appropriate subscription and available to users with the appropriate permissions

2. Records retention period is for 180 days.

3. You can retrieve audit logs that occur in most of the Microsoft 365 services in your organization by using the following methods:

   1. The audit log search tool in the Microsoft Purview portal.

   2. The Office 365 Management Activity API

   3. The Search-UnifiedAuditLog cmdlet in Exchange Online PowerShell

Premium:

1. Audit log retention policies: can create customized audit log retention policies

2. Longer retention of audit records: 1 to 10 years (add-on license)

3. Audit (Premium) intelligent insights: help your organization conduct forensic and compliance investigations.

4. Higher bandwidth to the Office 365 Management Activity API.

Licensing

Licensing for Audit (Standard) or Audit (Premium) requires the appropriate organization-level subscription and corresponding per-user licensing.

Integration audit with Microsoft Security Copilot

Need to enable allow microsoft purview to log data in microsoft security copilot

eDiscovery

Microsoft Purview eDiscovery can be used to identify, review, and manage content in Microsoft 365 services to support your investigations. Supported Microsoft 365 services include:

• Exchange Online

• Microsoft Teams

• Microsoft 365 Groups

• OneDrive

• SharePoint

• Viva Engage

eDiscovery workflow

The eDiscovery workflow helps you more quickly identify, investigate, and take action on electronic stored information (ESI) in your organization.

Step 1: Escalate from trigger event

Step 2: Create and manage case:

Step 3: Search, evaluate results, and refine:

Step 4a: Actions include:

• Export search results

• Create review sets from the search results

• Create holds

Step 5: Review and take action from review sets:

• Run analytics

• Tag items

• Export items

eDiscovery features

1. Search for content

2. Export search results

3. Place content locations on hold: secure electronically stored information from inadvertent (or intentional) deletion during your investigation.

Premium Features

Review sets: Enable to securely store static copy of selected items in a secure Microsoft - Provided Azure Storage.

Optical character recognition (OCR):

Conversation threading:

Integration eDiscovery with Microsoft Security Copilot

supported capabilities:

1. Gain contextual summary of evidence collected in eDiscovery review sets (Preview).

2. Natural language to keyword query language (keyQL) queries.

Microsoft Purview Compliance Manager

Microsoft Purview Compliance Manager that enables organizations automatically assess and manage compliance across your multicloud environment

Features of Microsoft Compliance Manager

1. Prebuilt assessments based on common regional and industry regulations and standards.

2. Workflow capabilities that enable admins to efficiently complete risk assessments for the organization.

3. Step-by-step improvement actions that admins can take to help meet regulations and standards relevant to the organization.

4. Compliance score

Key elements of Microsoft Compliance Manager

1. control

2. assessments

3. regulations

4. improvement action

Control

A control is a requirement of a regulation, standard, or policy. It defines how to assess and manage system configuration, organizational process, and people responsible for meeting a specific requirement of a regulation, standard, or policy.

Types of controls:

• Microsoft-managed controls

• Your controls: customer-managed control

• Shared controls

Assessment

An assessment is a grouping of controls from a specific regulation, standard, or policy. Completing the actions within an assessment helps to meet the requirements of a standard, regulation, or law.

• Compliance Manager provides templates to help admins to quickly create assessments

Regulations

The Regulations page in Compliance Manager displays the list of regulations and certifications for which Compliance Manager provides control-mapping templates. It provides over 360 regulatory templates from which you can quickly create assessments.

Improvement action

Improvement actions help centralize compliance activities, provides recommended guidance, assigned to users in the organization to implement & test

Microsoft Purview Communication Compliance

Microsoft Purview Communication Compliance is an insider risk solution that helps org’s to detect, capture, and act on inappropriate messages that can lead to potential data security or compliance incidents within organization.

• Evaluates text and image-based messages in Microsoft and third-party apps.

• Including inappropriate sharing of sensitive information, threatening or harassing language and potential regulatory violations.

• With role-based access controls, Communication compliance supports the separation of duties between your IT admins and your compliance management team.

Microsoft Purview Communication Compliance Workflow

Microsoft Purview Communication Compliance Integration with Microsoft Security Copilot

Microsoft Purview Communication Compliance supports integration with Microsoft Security Copilot, through the embedded experience.

Capabilities:

• Get a contextual summary of a message and its attachments in the context of classifier conditions that flagged the message.

• Ask follow-up contextual questions about the message and its attachments.

Contextual Summarization currently supports trainable classifiers as context and contextual summaries are only eligible for messages and attachments with a combined length of 100 words or more.

Microsoft Purview Data Lifecycle Management

Microsoft Purview Data Lifecycle Management helps organization to retain the content that needed to keep, and deleting the content that doesn’t need.

Retention policies and retention labels

Used to assign retention settings which helps organizations to manage and govern information by ensuring content is kept only for a required time, and then permanently deleted.

Helps in:

1. Comply proactively with industry regulations and internal policies

2. Comply proactively with industry regulations and internal policies

3. Ensure users work only with content that's current and relevant to them.

Actions to manage content:

1. Retaining content prevents permanent deletion and ensures content remains available for eDiscovery.

2. Deleting content permanently deletes content from your organization.

Retention settings that can be configured:

1. Retain-only: Retain content forever or for a specified period of time.

2. Delete-only: Permanently delete content after a specified period of time.

3. Retain and then delete: Retain content for a specified period of time and then permanently delete it.

When content has retention settings assigned to it, that content remains in its original location. People can continue to work with their documents or mail as if nothing changed. But if they edit or delete content included in the retention policy, a copy of the content is automatically kept in a secure location.

What are the different workloads can have Retention settings:

• SharePoint

• OneDrive

• Microsoft Teams

• Viva Engage

• Exchange

Record Management in Microsoft Purview

Manage declared records that require strict legal or regulatory retention — including non-editable, auditable status.

Content is labeled as a record or regulatory record, by using a ____ .

retention label

Record vs Regulatory record

Record:

1. Restrictions are put in place to block certain activities.

2. Activities are logged.

3. Proof of disposition is kept at the end of the retention period.

Regulatory Record:

1. A regulatory label can’t be removed when an item has been marked as a regulatory record.

2. The retention periods can’t be made shorter after the label has been applied.

3. Even global administrator can’t modify and can be enabled by administrator using powershell

Data Lifecycle Management (DLP) vs Record Management

Feature	Data Lifecycle Management	Records Management
Retention/Deletion Rules	Yes	Yes
Label-Based Automation	Yes	Yes
Declaring Records	No	Yes (Record & Regulatory Record options)
Prevent Editing/Deletion	No (user can edit until deleted)	Yes (records are locked)
Regulatory Compliance Logs	No	Yes (proof of disposition, audit logs)
Use Case	General data cleanup & retention	Legal, financial, regulatory data handling

• Use DLM when you're managing regular business data retention.

• Use Records Management when you need strict control, immutability, and proof of compliance for regulatory/legal reasons.