Get started with Priva
If you are ready to begin using Microsoft Priva for assistance in identifying and mitigating privacy risks, follow these steps to set up prerequisites and get started exploring privacy insights.
Step 1: Confirm subscriptions and licensing
Priva is available within the Microsoft Purview compliance portal and can be purchased by organizations with the following licenses:
- Microsoft 365 E3, E5, A3, A5
- Office 365 E1, E3, E5, A1, A3, A5
Priva offers licensing options for two different solutions: Priva Privacy Risk Management and Priva Subject Rights Requests. These can be purchased individually or together. When obtaining licenses for subject rights requests, you can choose the appropriate licensing tier for how many requests you need to handle. You can purchase additional requests at any time.
For detailed licensing guidance, see Microsoft 365 licensing guidance for security & compliance.
Priva is not available to US Government Community (GCC) Moderate, GCC High, or Department of Defense (DoD) customers.
Get free trial license
A free trial license is available for getting started with Priva. To learn about eligibility and how to join, see Learn about the free Priva trial.
Step 2: Enable the Microsoft 365 audit log
Microsoft 365 audit logs are a summary of all activities within your organization. Privacy Risk Management policies may use these activities for generating policy insights.
Your organization may already have audit logs turned on. If you need to start using them for the first time, see Turn audit log search on or off for step-by-step instructions to turn on auditing. After you turn on auditing, a message is displayed that says the audit log is being prepared and that you can run a search in a couple of hours after the preparation is complete. You only have to do this action once. For more information about using the Microsoft 365 audit log, see Search the audit log.
Step 3: Set user permissions and assign roles
Priva uses a role-based access control (RBAC) permission model. Only users who are assigned a role may access Priva, and the actions allowed by each user are restricted by role type.
Your global admin has permissions to access Priva and assign other users to roles. They can sign in and set user permissions in the Microsoft Purview compliance portal for Priva. For a quick start, the Privacy Management role group has permissions to access all features of Priva. This group may be a good fit for organizations where the same individual may perform all duties. Other privacy roles allow you to take more granular control and assign users to selected features or functions.
To learn more about role groups and how to grant access, see Set user permissions and assign roles in Priva.
Step 4: Start finding and visualizing your data
After you sign in to Priva, you will see the Overview page. This page provides dynamic insights about how personal data is evolving in your Microsoft 365 environment to help you quickly spot issues, identify risk indicators, and take action to fix issues. Your Overview should populate with initial insights within the first 24 hours of signing up. As you continue to use Priva, the overview page will refresh to continue to provide current information.
For further insights into your data over time, your Data profile page will provide more visualizations and analytics and give you a holistic view of your organization's data by geographic location and by Microsoft 365 location.
To learn more about these pages, see Find and visualize personal data in Priva.
Step 5: Start managing risks with default policies
Privacy Risk Management will start to evaluate your data and give you a look into key risk scenarios for data minimization, data overexposure, and data transfers. These policies are turned on by default. You can use these policies to evaluate where your risks are, then turn on user email notifications for your users to raise issues to their attention and guide remediation of these risks. Additionally, you can create and customize your own policies from the policy templates provided. You can tailor your policies to meet your organization’s legal and regulatory compliance needs as may be identified in consultation with legal counsel. To learn more, see Create policies in Privacy Risk Management.
Step 6: Get started with subject rights requests
Priva Subject Rights Requests automates the subject rights request fulfillment process, providing easy access to data and customizable workflows that fit into existing business processes. You can easily find the relevant data, review the findings, and produce reports. Along the way, you can securely collaborate with other experts in your organization to complete the subject rights request. You can also manage and customize your business workflows with built-in templates. To learn more about using these features, see Learn about Priva Subject Rights Requests.